additional testing in case of missing request parameters

Author: maxxiefjv

tests/pyop/test_provider.py

@@ -346,6 +346,7 @@ def test_pkce_code_exchange_request_plaintext(self):
         assert response['access_token'] in self.provider.authz_state.access_tokens
         assert_id_token_base_claims(response['id_token'], self.provider.signing_key, self.provider,
                                     self.authn_request_args)
+
     @patch('time.time', MOCK_TIME)
     def test_code_exchange_request_with_claims_requested_in_id_token(self):
         claims_req = {'claims': ClaimsRequest(id_token=Claims(email=None))}
@@ -413,6 +414,25 @@ def test_handle_token_request_reject_invalid_code_verifier(self):
         with pytest.raises(InvalidTokenRequest):
             self.provider.handle_token_request(urlencode(self.authorization_code_exchange_request_args))
 
+    def test_handle_token_request_reject_unsynced_requests(self):
+        self.authorization_code_exchange_request_args['code'] = self.create_authz_code(
+            {
+                "code_challenge": "_1f8tFjAtu6D1Df-GOyDPoMjCJdEvaSWsnqR6SLpzsw=",
+                "code_challenge_method": "S256"
+            }
+        )
+        with pytest.raises(InvalidTokenRequest):
+            self.provider.handle_token_request(urlencode(self.authorization_code_exchange_request_args))
+
+    def test_handle_token_request_reject_missing_code_challenge_method(self):
+        self.authorization_code_exchange_request_args['code'] = self.create_authz_code(
+            {
+                "code_challenge": "_1f8tFjAtu6D1Df-GOyDPoMjCJdEvaSWsnqR6SLpzsw=",
+            }
+        )
+        with pytest.raises(InvalidTokenRequest):
+            self.provider.handle_token_request(urlencode(self.authorization_code_exchange_request_args))
+
     def test_refresh_request(self):
         self.provider.authz_state = AuthorizationState(HashBasedSubjectIdentifierFactory('salt'),
                                                        refresh_token_lifetime=600)