create code_verifier tests

maxxiefjv · maxxiefjv · commit 648637a737b7 · 2021-06-17T17:17:34.000+02:00
diff --git a/tests/pyop/test_provider.py b/tests/pyop/test_provider.py
@@ -12,8 +12,9 @@
 from oic import rndstr
 from oic.oauth2.message import MissingRequiredValue, MissingRequiredAttribute
 from oic.oic import PREFERENCE2PROVIDER
-from oic.oic.message import IdToken, AuthorizationRequest, ClaimsRequest, Claims, EndSessionRequest, EndSessionResponse
+from oic.oic.message import IdToken, ClaimsRequest, Claims, EndSessionRequest, EndSessionResponse
 
+from pyop.message import AuthorizationRequest
 from pyop.access_token import BearerTokenError
 from pyop.authz_state import AuthorizationState
 from pyop.client_authentication import InvalidClientAuthentication
@@ -319,6 +320,19 @@ def test_code_exchange_request(self):
                                     self.authn_request_args)
 
     @patch('time.time', MOCK_TIME)
+    def test_pkce_code_exchange_request(self):
+        self.authorization_code_exchange_request_args['code'] = self.create_authz_code(
+            {
+                "code_challenge": "_1f8tFjAtu6D1Df-GOyDPoMjCJdEvaSWsnqR6SLpzsw",
+                "code_challenge_method": "S256"
+            }
+        )
+        self.authorization_code_exchange_request_args['code_verifier'] = "SoOEDN-mZKNhw7Mc52VXxyiqTvFB3mod36MwPru253c"
+        response = self.provider._do_code_exchange(self.authorization_code_exchange_request_args, None)
+        assert response['access_token'] in self.provider.authz_state.access_tokens
+        assert_id_token_base_claims(response['id_token'], self.provider.signing_key, self.provider,
+                                    self.authn_request_args)
+    @patch('time.time', MOCK_TIME)
     def test_code_exchange_request_with_claims_requested_in_id_token(self):
         claims_req = {'claims': ClaimsRequest(id_token=Claims(email=None))}
         self.authorization_code_exchange_request_args['code'] = self.create_authz_code(extra_auth_req_params=claims_req)
@@ -374,6 +388,12 @@ def test_handle_token_request_reject_missing_grant_type(self):
         with pytest.raises(InvalidTokenRequest):
             self.provider.handle_token_request(urlencode(self.authorization_code_exchange_request_args))
 
+    def test_handle_token_request_reject_invalid_code_verifier(self):
+        del self.authorization_code_exchange_request_args['grant_type']
+        self.authorization_code_exchange_request_args['code'] = self.create_authz_code()
+        with pytest.raises(InvalidTokenRequest):
+            self.provider.handle_token_request(urlencode(self.authorization_code_exchange_request_args))
+
     def test_refresh_request(self):
         self.provider.authz_state = AuthorizationState(HashBasedSubjectIdentifierFactory('salt'),
                                                        refresh_token_lifetime=600)
