Skip to content
Snippets Groups Projects

skip calling oidc userinfo when token is client-credential flow

Merged skip calling oidc userinfo when token is client-credential flow
fix/skip-userinfo-for-client-credential-token into develop
Merged Mohammad Torkashvand requested to merge fix/skip-userinfo-for-client-credential-token into develop
Compare
and
Show latest version
1 file
+ 16
3
Compare changes
  • Side-by-side
  • Inline
test/auth/test_oidc_policy_helper.py
+ 16
3
@@ -237,7 +237,7 @@ def test_evaluate_decision_deny_with_auto_error():
@pytest.mark.asyncio()
async def test_oidc_user_call_with_token(oidc_user, mock_request, mock_async_client):
oidc_user.introspect_token = AsyncMock(return_value={"active": True})
oidc_user.introspect_token = AsyncMock(return_value={"active": True, "sub": "123", "client_id": "test_client"})
oidc_user.userinfo = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
result = await oidc_user.__call__(mock_request, token="test_token") # noqa: S106
@@ -245,11 +245,24 @@ async def test_oidc_user_call_with_token(oidc_user, mock_request, mock_async_cli
assert isinstance(result, OIDCUserModel)
assert result["sub"] == "123"
assert result["name"] == "John Doe"
assert result["client_id"] == "test_client"
@pytest.mark.asyncio()
async def test_oidc_user_call_with_client_credential_token(oidc_user, mock_request, mock_async_client):
oidc_user.introspect_token = AsyncMock(return_value={"active": True})
oidc_user.userinfo = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
result = await oidc_user.__call__(mock_request, token="test_token") # noqa: S106
assert isinstance(result, OIDCUserModel)
assert result["client_id"] is None
oidc_user.userinfo.assert_not_called()
@pytest.mark.asyncio()
async def test_oidc_user_call_inactive_token(oidc_user, mock_request, mock_async_client):
oidc_user.introspect_token = AsyncMock(return_value={"active": False})
oidc_user.introspect_token = AsyncMock(return_value={"active": False, "sub": "123"})
with pytest.raises(HTTPException) as exc_info:
await oidc_user.__call__(mock_request, token="test_token") # noqa: S106
@@ -278,7 +291,7 @@ async def test_oidc_user_call_token_from_request(oidc_user, mock_request, mock_a
mock_request.state.credentials = Mock()
mock_request.state.credentials.credentials = "request_token"
oidc_user.introspect_token = AsyncMock(return_value={"active": True})
oidc_user.introspect_token = AsyncMock(return_value={"active": True, "sub": "123"})
oidc_user.userinfo = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
result = await oidc_user.__call__(mock_request) # noqa: PLC2801