Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
886 Commits
15 Branches
98 Tags
17 MiB
Tree: 8e2381a58c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8e2381a58c'
${ noResults }
python-keycloak/tests/test_keycloak_openid.py

1002 lines
37 KiB
Raw Normal View History

test: added auth_url and token tests, more structure to fixtures
2 years ago
fix: linter check
5 months ago
feat: Async feature (#566) * chore: add async client to connection * chore: add async client to keycloak openid * chore: add async client to keycloak uma * chore: add async client and methods to keycloak admin * chore: add async tests for connection and uma class * chore: add async tests for keycloak openid class * chore: add async tests for keycloak admin class * chore: update poetry lock * chore: update poetry lock * fix: poetry files * fix: lint issues * fix: conftest fix * fix: lint test fix * fix: lint test fix * fix: lint test fix * fix: lint test fix * fix: lint test fix * fix: added setuptools * fix: delete request fix and test cases fix * fix: email test case * fix: email test case for older versions * fix: set correct content type on token endpoint * fix: async on missing calls * test: updated tests * chore: deps * fix: preserve original bearer * fix: dont set bearer in refresh token directly * fix: default content type * fix: content type for initial access token * fix: content type for async initial access token * chore: add divergence test * chore: add divergence test for uma and conneciton class * chore: add docs for async module * fix: sphinx error fixes * test: verify signature * test: final divergence tests --------- Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
4 weeks ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
test: test of init and well_known of oid
2 years ago
test: added load authorization config test
2 years ago
style: applied isort
2 years ago
test: added load authorization config test
2 years ago
test: added authz tests
2 years ago
test: added load authorization config test
2 years ago
test: added authz tests
2 years ago
test: finished off openid tests
2 years ago
test: added load authorization config test
2 years ago
test: test of init and well_known of oid
2 years ago
test: updated docstrings to pass checks
2 years ago
test: test of init and well_known of oid
2 years ago
test: updated docstrings to pass checks
2 years ago
test: test of init and well_known of oid
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: improved the tests on urls, back to 100%
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: fix the token test
1 year ago
test: fix the tests for latest keycloak
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: fix the token test
1 year ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: fix the token test
1 year ago
test: fix the tests for latest keycloak
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: fix the token test
1 year ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: fix the token test
1 year ago
test: fix the tests for latest keycloak
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: fix the token test
1 year ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: added auth_url and token tests, more structure to fixtures
2 years ago
test: added more openid tests
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: added more openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
feat: realm changing helpers
8 months ago
test: added more openid tests
2 years ago
fix: check client existence based on clientId Remove the necessity for supplying client name for create a new client request, also don't check existing clients based on client name as those can be duplicate BREAKING CHANGE: Renamed parameter client_name to client_id in get_client_id method Closes #351
2 years ago
test: added more openid tests
2 years ago
fix: check client existence based on clientId Remove the necessity for supplying client name for create a new client request, also don't check existing clients based on client name as those can be duplicate BREAKING CHANGE: Renamed parameter client_name to client_id in get_client_id method Closes #351
2 years ago
test: added more openid tests
2 years ago
test: Tests with Keycloak 24 (#535)
3 months ago
test: added more openid tests
2 years ago
feat: Adding additional methods to support roles-by-id api calls Most of the methods rely on the role name within python keycloak, which for the vast majority is fine, however there are some role names which cannot be used by the API endpoint as they contain characters that cannot be encoded properly. Therefore this change is to allow the use of the role's id to get, update and delete roles by their id instead.'
5 months ago
test: added more openid tests
2 years ago
test: Tests with Keycloak 24 (#535)
3 months ago
test: added more openid tests
2 years ago
test: added load authorization config test
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added load authorization config test
2 years ago
test: added more openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: added more openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added more openid tests
2 years ago
refactor: refactored decode_token complete refactor of the decode_token method in oid BREAKING CHANGE: changes signatures significantly
2 months ago
test: added more openid tests
2 years ago
refactor: refactored decode_token complete refactor of the decode_token method in oid BREAKING CHANGE: changes signatures significantly
2 months ago
test: added load authorization config test
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added load authorization config test
2 years ago
test: added authz tests
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added authz tests
2 years ago
refactor: refactored decode_token complete refactor of the decode_token method in oid BREAKING CHANGE: changes signatures significantly
2 months ago
test: added authz tests
2 years ago
refactor: refactored decode_token complete refactor of the decode_token method in oid BREAKING CHANGE: changes signatures significantly
2 months ago
test: added authz tests
2 years ago
refactor: refactored decode_token complete refactor of the decode_token method in oid BREAKING CHANGE: changes signatures significantly
2 months ago
test: added authz tests
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: updated docstrings to pass checks
2 years ago
test: added authz tests
2 years ago
refactor: refactored decode_token complete refactor of the decode_token method in oid BREAKING CHANGE: changes signatures significantly
2 months ago
test: added authz tests
2 years ago
refactor: refactored decode_token complete refactor of the decode_token method in oid BREAKING CHANGE: changes signatures significantly
2 months ago
test: added authz tests
2 years ago
refactor: refactored decode_token complete refactor of the decode_token method in oid BREAKING CHANGE: changes signatures significantly
2 months ago
test: added authz tests
2 years ago
test: finished off openid tests
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: updated docstrings to pass checks
2 years ago
test: finished off openid tests
2 years ago
test: fix the tests, make them compatible with older python versions
2 years ago
test: finished off openid tests
2 years ago
test: updated docstrings to pass checks
2 years ago
test: finished off openid tests
2 years ago
test: updated tests not to use deprecated attributes
2 months ago
test: finished off openid tests
2 years ago
test: added missing tests
2 months ago
feat: Async feature (#566) * chore: add async client to connection * chore: add async client to keycloak openid * chore: add async client to keycloak uma * chore: add async client and methods to keycloak admin * chore: add async tests for connection and uma class * chore: add async tests for keycloak openid class * chore: add async tests for keycloak admin class * chore: update poetry lock * chore: update poetry lock * fix: poetry files * fix: lint issues * fix: conftest fix * fix: lint test fix * fix: lint test fix * fix: lint test fix * fix: lint test fix * fix: lint test fix * fix: added setuptools * fix: delete request fix and test cases fix * fix: email test case * fix: email test case for older versions * fix: set correct content type on token endpoint * fix: async on missing calls * test: updated tests * chore: deps * fix: preserve original bearer * fix: dont set bearer in refresh token directly * fix: default content type * fix: content type for initial access token * fix: content type for async initial access token * chore: add divergence test * chore: add divergence test for uma and conneciton class * chore: add docs for async module * fix: sphinx error fixes * test: verify signature * test: final divergence tests --------- Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
4 weeks ago
  1. """Test module for KeycloakOpenID."""
  3. from inspect import iscoroutinefunction, signature
  4. from typing import Tuple
  5. from unittest import mock
  7. import pytest
  9. from keycloak import KeycloakAdmin, KeycloakOpenID
  10. from keycloak.authorization import Authorization
  11. from keycloak.authorization.permission import Permission
  12. from keycloak.authorization.policy import Policy
  13. from keycloak.authorization.role import Role
  14. from keycloak.connection import ConnectionManager
  15. from keycloak.exceptions import (
  16. KeycloakAuthenticationError,
  17. KeycloakAuthorizationConfigError,
  18. KeycloakDeprecationError,
  19. KeycloakInvalidTokenError,
  20. KeycloakPostError,
  21. KeycloakRPTNotFound,
  22. )
  25. def test_keycloak_openid_init(env):
  26. """Test KeycloakOpenId's init method.
  28. :param env: Environment fixture
  29. :type env: KeycloakTestEnv
  30. """
  31. oid = KeycloakOpenID(
  32. server_url=f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}",
  33. realm_name="master",
  34. client_id="admin-cli",
  35. )
  37. assert oid.client_id == "admin-cli"
  38. assert oid.client_secret_key is None
  39. assert oid.realm_name == "master"
  40. assert isinstance(oid.connection, ConnectionManager)
  41. assert isinstance(oid.authorization, Authorization)
  44. def test_well_known(oid: KeycloakOpenID):
  45. """Test the well_known method.
  47. :param oid: Keycloak OpenID client
  48. :type oid: KeycloakOpenID
  49. """
  50. res = oid.well_known()
  51. assert res is not None
  52. assert res != dict()
  53. for key in [
  54. "acr_values_supported",
  55. "authorization_encryption_alg_values_supported",
  56. "authorization_encryption_enc_values_supported",
  57. "authorization_endpoint",
  58. "authorization_signing_alg_values_supported",
  59. "backchannel_authentication_endpoint",
  60. "backchannel_authentication_request_signing_alg_values_supported",
  61. "backchannel_logout_session_supported",
  62. "backchannel_logout_supported",
  63. "backchannel_token_delivery_modes_supported",
  64. "check_session_iframe",
  65. "claim_types_supported",
  66. "claims_parameter_supported",
  67. "claims_supported",
  68. "code_challenge_methods_supported",
  69. "device_authorization_endpoint",
  70. "end_session_endpoint",
  71. "frontchannel_logout_session_supported",
  72. "frontchannel_logout_supported",
  73. "grant_types_supported",
  74. "id_token_encryption_alg_values_supported",
  75. "id_token_encryption_enc_values_supported",
  76. "id_token_signing_alg_values_supported",
  77. "introspection_endpoint",
  78. "introspection_endpoint_auth_methods_supported",
  79. "introspection_endpoint_auth_signing_alg_values_supported",
  80. "issuer",
  81. "jwks_uri",
  82. "mtls_endpoint_aliases",
  83. "pushed_authorization_request_endpoint",
  84. "registration_endpoint",
  85. "request_object_encryption_alg_values_supported",
  86. "request_object_encryption_enc_values_supported",
  87. "request_object_signing_alg_values_supported",
  88. "request_parameter_supported",
  89. "request_uri_parameter_supported",
  90. "require_pushed_authorization_requests",
  91. "require_request_uri_registration",
  92. "response_modes_supported",
  93. "response_types_supported",
  94. "revocation_endpoint",
  95. "revocation_endpoint_auth_methods_supported",
  96. "revocation_endpoint_auth_signing_alg_values_supported",
  97. "scopes_supported",
  98. "subject_types_supported",
  99. "tls_client_certificate_bound_access_tokens",
  100. "token_endpoint",
  101. "token_endpoint_auth_methods_supported",
  102. "token_endpoint_auth_signing_alg_values_supported",
  103. "userinfo_encryption_alg_values_supported",
  104. "userinfo_encryption_enc_values_supported",
  105. "userinfo_endpoint",
  106. "userinfo_signing_alg_values_supported",
  107. ]:
  108. assert key in res
  111. def test_auth_url(env, oid: KeycloakOpenID):
  112. """Test the auth_url method.
  114. :param env: Environment fixture
  115. :type env: KeycloakTestEnv
  116. :param oid: Keycloak OpenID client
  117. :type oid: KeycloakOpenID
  118. """
  119. res = oid.auth_url(redirect_uri="http://test.test/*")
  120. assert (
  121. res
  122. == f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}/realms/{oid.realm_name}"
  123. + f"/protocol/openid-connect/auth?client_id={oid.client_id}&response_type=code"
  124. + "&redirect_uri=http://test.test/*&scope=email&state="
  125. )
  128. def test_token(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
  129. """Test the token method.
  131. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  132. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  133. """
  134. oid, username, password = oid_with_credentials
  135. token = oid.token(username=username, password=password)
  136. assert token == {
  137. "access_token": mock.ANY,
  138. "expires_in": mock.ANY,
  139. "id_token": mock.ANY,
  140. "not-before-policy": 0,
  141. "refresh_expires_in": mock.ANY,
  142. "refresh_token": mock.ANY,
  143. "scope": mock.ANY,
  144. "session_state": mock.ANY,
  145. "token_type": "Bearer",
  146. }
  148. # Test with dummy totp
  149. token = oid.token(username=username, password=password, totp="123456")
  150. assert token == {
  151. "access_token": mock.ANY,
  152. "expires_in": mock.ANY,
  153. "id_token": mock.ANY,
  154. "not-before-policy": 0,
  155. "refresh_expires_in": mock.ANY,
  156. "refresh_token": mock.ANY,
  157. "scope": mock.ANY,
  158. "session_state": mock.ANY,
  159. "token_type": "Bearer",
  160. }
  162. # Test with extra param
  163. token = oid.token(username=username, password=password, extra_param="foo")
  164. assert token == {
  165. "access_token": mock.ANY,
  166. "expires_in": mock.ANY,
  167. "id_token": mock.ANY,
  168. "not-before-policy": 0,
  169. "refresh_expires_in": mock.ANY,
  170. "refresh_token": mock.ANY,
  171. "scope": mock.ANY,
  172. "session_state": mock.ANY,
  173. "token_type": "Bearer",
  174. }
  177. def test_exchange_token(
  178. oid_with_credentials: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
  179. ):
  180. """Test the exchange token method.
  182. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  183. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  184. :param admin: Keycloak Admin client
  185. :type admin: KeycloakAdmin
  186. """
  187. # Verify existing user
  188. oid, username, password = oid_with_credentials
  190. # Allow impersonation
  191. admin.change_current_realm(oid.realm_name)
  192. admin.assign_client_role(
  193. user_id=admin.get_user_id(username=username),
  194. client_id=admin.get_client_id(client_id="realm-management"),
  195. roles=[
  196. admin.get_client_role(
  197. client_id=admin.get_client_id(client_id="realm-management"),
  198. role_name="impersonation",
  199. )
  200. ],
  201. )
  203. token = oid.token(username=username, password=password)
  204. assert oid.userinfo(token=token["access_token"]) == {
  205. "email": f"{username}@test.test",
  206. "email_verified": True,
  207. "family_name": "last",
  208. "given_name": "first",
  209. "name": "first last",
  210. "preferred_username": username,
  211. "sub": mock.ANY,
  212. }
  214. # Exchange token with the new user
  215. new_token = oid.exchange_token(
  216. token=token["access_token"], audience=oid.client_id, subject=username
  217. )
  218. assert oid.userinfo(token=new_token["access_token"]) == {
  219. "email": f"{username}@test.test",
  220. "email_verified": True,
  221. "family_name": "last",
  222. "given_name": "first",
  223. "name": "first last",
  224. "preferred_username": username,
  225. "sub": mock.ANY,
  226. }
  227. assert token != new_token
  230. def test_logout(oid_with_credentials):
  231. """Test logout.
  233. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  234. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  235. """
  236. oid, username, password = oid_with_credentials
  238. token = oid.token(username=username, password=password)
  239. assert oid.userinfo(token=token["access_token"]) != dict()
  240. assert oid.logout(refresh_token=token["refresh_token"]) == dict()
  242. with pytest.raises(KeycloakAuthenticationError):
  243. oid.userinfo(token=token["access_token"])
  246. def test_certs(oid: KeycloakOpenID):
  247. """Test certificates.
  249. :param oid: Keycloak OpenID client
  250. :type oid: KeycloakOpenID
  251. """
  252. assert len(oid.certs()["keys"]) == 2
  255. def test_public_key(oid: KeycloakOpenID):
  256. """Test public key.
  258. :param oid: Keycloak OpenID client
  259. :type oid: KeycloakOpenID
  260. """
  261. assert oid.public_key() is not None
  264. def test_entitlement(
  265. oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
  266. ):
  267. """Test entitlement.
  269. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  270. server with client credentials
  271. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  272. :param admin: Keycloak Admin client
  273. :type admin: KeycloakAdmin
  274. """
  275. oid, username, password = oid_with_credentials_authz
  276. token = oid.token(username=username, password=password)
  277. resource_server_id = admin.get_client_authz_resources(
  278. client_id=admin.get_client_id(oid.client_id)
  279. )[0]["_id"]
  281. with pytest.raises(KeycloakDeprecationError):
  282. oid.entitlement(token=token["access_token"], resource_server_id=resource_server_id)
  285. def test_introspect(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
  286. """Test introspect.
  288. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  289. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  290. """
  291. oid, username, password = oid_with_credentials
  292. token = oid.token(username=username, password=password)
  294. assert oid.introspect(token=token["access_token"])["active"]
  295. assert oid.introspect(
  296. token=token["access_token"], rpt="some", token_type_hint="requesting_party_token"
  297. ) == {"active": False}
  299. with pytest.raises(KeycloakRPTNotFound):
  300. oid.introspect(token=token["access_token"], token_type_hint="requesting_party_token")
  303. def test_decode_token(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
  304. """Test decode token.
  306. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  307. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  308. """
  309. oid, username, password = oid_with_credentials
  310. token = oid.token(username=username, password=password)
  311. decoded_access_token = oid.decode_token(token=token["access_token"])
  312. decoded_access_token_2 = oid.decode_token(token=token["access_token"], validate=False)
  313. decoded_refresh_token = oid.decode_token(token=token["refresh_token"], validate=False)
  315. assert decoded_access_token == decoded_access_token_2
  316. assert decoded_access_token["preferred_username"] == username, decoded_access_token
  317. assert decoded_refresh_token["typ"] == "Refresh", decoded_refresh_token
  320. def test_load_authorization_config(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  321. """Test load authorization config.
  323. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  324. server with client credentials
  325. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  326. """
  327. oid, username, password = oid_with_credentials_authz
  329. oid.load_authorization_config(path="tests/data/authz_settings.json")
  330. assert "test-authz-rb-policy" in oid.authorization.policies
  331. assert isinstance(oid.authorization.policies["test-authz-rb-policy"], Policy)
  332. assert len(oid.authorization.policies["test-authz-rb-policy"].roles) == 1
  333. assert isinstance(oid.authorization.policies["test-authz-rb-policy"].roles[0], Role)
  334. assert len(oid.authorization.policies["test-authz-rb-policy"].permissions) == 2
  335. assert isinstance(
  336. oid.authorization.policies["test-authz-rb-policy"].permissions[0], Permission
  337. )
  340. def test_get_policies(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  341. """Test get policies.
  343. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  344. server with client credentials
  345. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  346. """
  347. oid, username, password = oid_with_credentials_authz
  348. token = oid.token(username=username, password=password)
  350. with pytest.raises(KeycloakAuthorizationConfigError):
  351. oid.get_policies(token=token["access_token"])
  353. oid.load_authorization_config(path="tests/data/authz_settings.json")
  354. assert oid.get_policies(token=token["access_token"]) is None
  356. orig_client_id = oid.client_id
  357. oid.client_id = "account"
  358. assert oid.get_policies(token=token["access_token"], method_token_info="decode") == []
  359. policy = Policy(name="test", type="role", logic="POSITIVE", decision_strategy="UNANIMOUS")
  360. policy.add_role(role="account/view-profile")
  361. oid.authorization.policies["test"] = policy
  362. assert [
  363. str(x) for x in oid.get_policies(token=token["access_token"], method_token_info="decode")
  364. ] == ["Policy: test (role)"]
  365. assert [
  366. repr(x) for x in oid.get_policies(token=token["access_token"], method_token_info="decode")
  367. ] == ["<Policy: test (role)>"]
  368. oid.client_id = orig_client_id
  370. oid.logout(refresh_token=token["refresh_token"])
  371. with pytest.raises(KeycloakInvalidTokenError):
  372. oid.get_policies(token=token["access_token"])
  375. def test_get_permissions(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  376. """Test get policies.
  378. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  379. server with client credentials
  380. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  381. """
  382. oid, username, password = oid_with_credentials_authz
  383. token = oid.token(username=username, password=password)
  385. with pytest.raises(KeycloakAuthorizationConfigError):
  386. oid.get_permissions(token=token["access_token"])
  388. oid.load_authorization_config(path="tests/data/authz_settings.json")
  389. assert oid.get_permissions(token=token["access_token"]) is None
  391. orig_client_id = oid.client_id
  392. oid.client_id = "account"
  393. assert oid.get_permissions(token=token["access_token"], method_token_info="decode") == []
  394. policy = Policy(name="test", type="role", logic="POSITIVE", decision_strategy="UNANIMOUS")
  395. policy.add_role(role="account/view-profile")
  396. policy.add_permission(
  397. permission=Permission(
  398. name="test-perm", type="resource", logic="POSITIVE", decision_strategy="UNANIMOUS"
  399. )
  400. )
  401. oid.authorization.policies["test"] = policy
  402. assert [
  403. str(x)
  404. for x in oid.get_permissions(token=token["access_token"], method_token_info="decode")
  405. ] == ["Permission: test-perm (resource)"]
  406. assert [
  407. repr(x)
  408. for x in oid.get_permissions(token=token["access_token"], method_token_info="decode")
  409. ] == ["<Permission: test-perm (resource)>"]
  410. oid.client_id = orig_client_id
  412. oid.logout(refresh_token=token["refresh_token"])
  413. with pytest.raises(KeycloakInvalidTokenError):
  414. oid.get_permissions(token=token["access_token"])
  417. def test_uma_permissions(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  418. """Test UMA permissions.
  420. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  421. server with client credentials
  422. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  423. """
  424. oid, username, password = oid_with_credentials_authz
  425. token = oid.token(username=username, password=password)
  427. assert len(oid.uma_permissions(token=token["access_token"])) == 1
  428. assert oid.uma_permissions(token=token["access_token"])[0]["rsname"] == "Default Resource"
  431. def test_has_uma_access(
  432. oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
  433. ):
  434. """Test has UMA access.
  436. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  437. server with client credentials
  438. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  439. :param admin: Keycloak Admin client
  440. :type admin: KeycloakAdmin
  441. """
  442. oid, username, password = oid_with_credentials_authz
  443. token = oid.token(username=username, password=password)
  445. assert (
  446. str(oid.has_uma_access(token=token["access_token"], permissions=""))
  447. == "AuthStatus(is_authorized=True, is_logged_in=True, missing_permissions=set())"
  448. )
  449. assert (
  450. str(oid.has_uma_access(token=token["access_token"], permissions="Default Resource"))
  451. == "AuthStatus(is_authorized=True, is_logged_in=True, missing_permissions=set())"
  452. )
  454. with pytest.raises(KeycloakPostError):
  455. oid.has_uma_access(token=token["access_token"], permissions="Does not exist")
  457. oid.logout(refresh_token=token["refresh_token"])
  458. assert (
  459. str(oid.has_uma_access(token=token["access_token"], permissions=""))
  460. == "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions=set())"
  461. )
  462. assert (
  463. str(
  464. oid.has_uma_access(
  465. token=admin.connection.token["access_token"], permissions="Default Resource"
  466. )
  467. )
  468. == "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions="
  469. + "{'Default Resource'})"
  470. )
  473. def test_device(oid_with_credentials_device: Tuple[KeycloakOpenID, str, str]):
  474. """Test device authorization flow.
  476. :param oid_with_credentials_device: Keycloak OpenID client with pre-configured user
  477. credentials and device authorization flow enabled
  478. :type oid_with_credentials_device: Tuple[KeycloakOpenID, str, str]
  479. """
  480. oid, _, _ = oid_with_credentials_device
  481. res = oid.device()
  482. assert res == {
  483. "device_code": mock.ANY,
  484. "user_code": mock.ANY,
  485. "verification_uri": f"http://localhost:8081/realms/{oid.realm_name}/device",
  486. "verification_uri_complete": f"http://localhost:8081/realms/{oid.realm_name}/"
  487. + f"device?user_code={res['user_code']}",
  488. "expires_in": 600,
  489. "interval": 5,
  490. }
  493. # async function start
  496. @pytest.mark.asyncio
  497. async def test_a_well_known(oid: KeycloakOpenID):
  498. """Test the well_known method.
  500. :param oid: Keycloak OpenID client
  501. :type oid: KeycloakOpenID
  502. """
  503. res = await oid.a_well_known()
  504. assert res is not None
  505. assert res != dict()
  506. for key in [
  507. "acr_values_supported",
  508. "authorization_encryption_alg_values_supported",
  509. "authorization_encryption_enc_values_supported",
  510. "authorization_endpoint",
  511. "authorization_signing_alg_values_supported",
  512. "backchannel_authentication_endpoint",
  513. "backchannel_authentication_request_signing_alg_values_supported",
  514. "backchannel_logout_session_supported",
  515. "backchannel_logout_supported",
  516. "backchannel_token_delivery_modes_supported",
  517. "check_session_iframe",
  518. "claim_types_supported",
  519. "claims_parameter_supported",
  520. "claims_supported",
  521. "code_challenge_methods_supported",
  522. "device_authorization_endpoint",
  523. "end_session_endpoint",
  524. "frontchannel_logout_session_supported",
  525. "frontchannel_logout_supported",
  526. "grant_types_supported",
  527. "id_token_encryption_alg_values_supported",
  528. "id_token_encryption_enc_values_supported",
  529. "id_token_signing_alg_values_supported",
  530. "introspection_endpoint",
  531. "introspection_endpoint_auth_methods_supported",
  532. "introspection_endpoint_auth_signing_alg_values_supported",
  533. "issuer",
  534. "jwks_uri",
  535. "mtls_endpoint_aliases",
  536. "pushed_authorization_request_endpoint",
  537. "registration_endpoint",
  538. "request_object_encryption_alg_values_supported",
  539. "request_object_encryption_enc_values_supported",
  540. "request_object_signing_alg_values_supported",
  541. "request_parameter_supported",
  542. "request_uri_parameter_supported",
  543. "require_pushed_authorization_requests",
  544. "require_request_uri_registration",
  545. "response_modes_supported",
  546. "response_types_supported",
  547. "revocation_endpoint",
  548. "revocation_endpoint_auth_methods_supported",
  549. "revocation_endpoint_auth_signing_alg_values_supported",
  550. "scopes_supported",
  551. "subject_types_supported",
  552. "tls_client_certificate_bound_access_tokens",
  553. "token_endpoint",
  554. "token_endpoint_auth_methods_supported",
  555. "token_endpoint_auth_signing_alg_values_supported",
  556. "userinfo_encryption_alg_values_supported",
  557. "userinfo_encryption_enc_values_supported",
  558. "userinfo_endpoint",
  559. "userinfo_signing_alg_values_supported",
  560. ]:
  561. assert key in res
  564. @pytest.mark.asyncio
  565. async def test_a_auth_url(env, oid: KeycloakOpenID):
  566. """Test the auth_url method.
  568. :param env: Environment fixture
  569. :type env: KeycloakTestEnv
  570. :param oid: Keycloak OpenID client
  571. :type oid: KeycloakOpenID
  572. """
  573. res = await oid.a_auth_url(redirect_uri="http://test.test/*")
  574. assert (
  575. res
  576. == f"http://{env.KEYCLOAK_HOST}:{env.KEYCLOAK_PORT}/realms/{oid.realm_name}"
  577. + f"/protocol/openid-connect/auth?client_id={oid.client_id}&response_type=code"
  578. + "&redirect_uri=http://test.test/*&scope=email&state="
  579. )
  582. @pytest.mark.asyncio
  583. async def test_a_token(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
  584. """Test the token method.
  586. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  587. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  588. """
  589. oid, username, password = oid_with_credentials
  590. token = await oid.a_token(username=username, password=password)
  591. assert token == {
  592. "access_token": mock.ANY,
  593. "expires_in": mock.ANY,
  594. "id_token": mock.ANY,
  595. "not-before-policy": 0,
  596. "refresh_expires_in": mock.ANY,
  597. "refresh_token": mock.ANY,
  598. "scope": mock.ANY,
  599. "session_state": mock.ANY,
  600. "token_type": "Bearer",
  601. }
  603. # Test with dummy totp
  604. token = await oid.a_token(username=username, password=password, totp="123456")
  605. assert token == {
  606. "access_token": mock.ANY,
  607. "expires_in": mock.ANY,
  608. "id_token": mock.ANY,
  609. "not-before-policy": 0,
  610. "refresh_expires_in": mock.ANY,
  611. "refresh_token": mock.ANY,
  612. "scope": mock.ANY,
  613. "session_state": mock.ANY,
  614. "token_type": "Bearer",
  615. }
  617. # Test with extra param
  618. token = await oid.a_token(username=username, password=password, extra_param="foo")
  619. assert token == {
  620. "access_token": mock.ANY,
  621. "expires_in": mock.ANY,
  622. "id_token": mock.ANY,
  623. "not-before-policy": 0,
  624. "refresh_expires_in": mock.ANY,
  625. "refresh_token": mock.ANY,
  626. "scope": mock.ANY,
  627. "session_state": mock.ANY,
  628. "token_type": "Bearer",
  629. }
  632. @pytest.mark.asyncio
  633. async def test_a_exchange_token(
  634. oid_with_credentials: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
  635. ):
  636. """Test the exchange token method.
  638. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  639. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  640. :param admin: Keycloak Admin client
  641. :type admin: KeycloakAdmin
  642. """
  643. # Verify existing user
  644. oid, username, password = oid_with_credentials
  646. # Allow impersonation
  647. await admin.a_change_current_realm(oid.realm_name)
  648. await admin.a_assign_client_role(
  649. user_id=await admin.a_get_user_id(username=username),
  650. client_id=await admin.a_get_client_id(client_id="realm-management"),
  651. roles=[
  652. await admin.a_get_client_role(
  653. client_id=admin.get_client_id(client_id="realm-management"),
  654. role_name="impersonation",
  655. )
  656. ],
  657. )
  659. token = await oid.a_token(username=username, password=password)
  660. assert await oid.a_userinfo(token=token["access_token"]) == {
  661. "email": f"{username}@test.test",
  662. "email_verified": True,
  663. "family_name": "last",
  664. "given_name": "first",
  665. "name": "first last",
  666. "preferred_username": username,
  667. "sub": mock.ANY,
  668. }
  670. # Exchange token with the new user
  671. new_token = oid.exchange_token(
  672. token=token["access_token"], audience=oid.client_id, subject=username
  673. )
  674. assert await oid.a_userinfo(token=new_token["access_token"]) == {
  675. "email": f"{username}@test.test",
  676. "email_verified": True,
  677. "family_name": "last",
  678. "given_name": "first",
  679. "name": "first last",
  680. "preferred_username": username,
  681. "sub": mock.ANY,
  682. }
  683. assert token != new_token
  686. @pytest.mark.asyncio
  687. async def test_a_logout(oid_with_credentials):
  688. """Test logout.
  690. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  691. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  692. """
  693. oid, username, password = oid_with_credentials
  695. token = await oid.a_token(username=username, password=password)
  696. assert await oid.a_userinfo(token=token["access_token"]) != dict()
  697. assert await oid.a_logout(refresh_token=token["refresh_token"]) == dict()
  699. with pytest.raises(KeycloakAuthenticationError):
  700. await oid.a_userinfo(token=token["access_token"])
  703. @pytest.mark.asyncio
  704. async def test_a_certs(oid: KeycloakOpenID):
  705. """Test certificates.
  707. :param oid: Keycloak OpenID client
  708. :type oid: KeycloakOpenID
  709. """
  710. assert len((await oid.a_certs())["keys"]) == 2
  713. @pytest.mark.asyncio
  714. async def test_a_public_key(oid: KeycloakOpenID):
  715. """Test public key.
  717. :param oid: Keycloak OpenID client
  718. :type oid: KeycloakOpenID
  719. """
  720. assert await oid.a_public_key() is not None
  723. @pytest.mark.asyncio
  724. async def test_a_entitlement(
  725. oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
  726. ):
  727. """Test entitlement.
  729. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  730. server with client credentials
  731. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  732. :param admin: Keycloak Admin client
  733. :type admin: KeycloakAdmin
  734. """
  735. oid, username, password = oid_with_credentials_authz
  736. token = await oid.a_token(username=username, password=password)
  737. resource_server_id = admin.get_client_authz_resources(
  738. client_id=admin.get_client_id(oid.client_id)
  739. )[0]["_id"]
  741. with pytest.raises(KeycloakDeprecationError):
  742. await oid.a_entitlement(token=token["access_token"], resource_server_id=resource_server_id)
  745. @pytest.mark.asyncio
  746. async def test_a_introspect(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
  747. """Test introspect.
  749. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  750. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  751. """
  752. oid, username, password = oid_with_credentials
  753. token = await oid.a_token(username=username, password=password)
  755. assert (await oid.a_introspect(token=token["access_token"]))["active"]
  756. assert await oid.a_introspect(
  757. token=token["access_token"], rpt="some", token_type_hint="requesting_party_token"
  758. ) == {"active": False}
  760. with pytest.raises(KeycloakRPTNotFound):
  761. await oid.a_introspect(
  762. token=token["access_token"], token_type_hint="requesting_party_token"
  763. )
  766. @pytest.mark.asyncio
  767. async def test_a_decode_token(oid_with_credentials: Tuple[KeycloakOpenID, str, str]):
  768. """Test decode token.
  770. :param oid_with_credentials: Keycloak OpenID client with pre-configured user credentials
  771. :type oid_with_credentials: Tuple[KeycloakOpenID, str, str]
  772. """
  773. oid, username, password = oid_with_credentials
  774. token = await oid.a_token(username=username, password=password)
  775. decoded_access_token = await oid.a_decode_token(token=token["access_token"])
  776. decoded_access_token_2 = await oid.a_decode_token(token=token["access_token"], validate=False)
  777. decoded_refresh_token = await oid.a_decode_token(token=token["refresh_token"], validate=False)
  779. assert decoded_access_token == decoded_access_token_2
  780. assert decoded_access_token["preferred_username"] == username, decoded_access_token
  781. assert decoded_refresh_token["typ"] == "Refresh", decoded_refresh_token
  784. @pytest.mark.asyncio
  785. async def test_a_load_authorization_config(
  786. oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  787. ):
  788. """Test load authorization config.
  790. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  791. server with client credentials
  792. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  793. """
  794. oid, username, password = oid_with_credentials_authz
  796. await oid.a_load_authorization_config(path="tests/data/authz_settings.json")
  797. assert "test-authz-rb-policy" in oid.authorization.policies
  798. assert isinstance(oid.authorization.policies["test-authz-rb-policy"], Policy)
  799. assert len(oid.authorization.policies["test-authz-rb-policy"].roles) == 1
  800. assert isinstance(oid.authorization.policies["test-authz-rb-policy"].roles[0], Role)
  801. assert len(oid.authorization.policies["test-authz-rb-policy"].permissions) == 2
  802. assert isinstance(
  803. oid.authorization.policies["test-authz-rb-policy"].permissions[0], Permission
  804. )
  807. @pytest.mark.asyncio
  808. async def test_a_has_uma_access(
  809. oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str], admin: KeycloakAdmin
  810. ):
  811. """Test has UMA access.
  813. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  814. server with client credentials
  815. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  816. :param admin: Keycloak Admin client
  817. :type admin: KeycloakAdmin
  818. """
  819. oid, username, password = oid_with_credentials_authz
  820. token = await oid.a_token(username=username, password=password)
  822. assert (
  823. str(await oid.a_has_uma_access(token=token["access_token"], permissions=""))
  824. == "AuthStatus(is_authorized=True, is_logged_in=True, missing_permissions=set())"
  825. )
  826. assert (
  827. str(
  828. await oid.a_has_uma_access(token=token["access_token"], permissions="Default Resource")
  829. )
  830. == "AuthStatus(is_authorized=True, is_logged_in=True, missing_permissions=set())"
  831. )
  833. with pytest.raises(KeycloakPostError):
  834. await oid.a_has_uma_access(token=token["access_token"], permissions="Does not exist")
  836. await oid.a_logout(refresh_token=token["refresh_token"])
  837. assert (
  838. str(await oid.a_has_uma_access(token=token["access_token"], permissions=""))
  839. == "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions=set())"
  840. )
  841. assert (
  842. str(
  843. await oid.a_has_uma_access(
  844. token=admin.connection.token["access_token"], permissions="Default Resource"
  845. )
  846. )
  847. == "AuthStatus(is_authorized=False, is_logged_in=False, missing_permissions="
  848. + "{'Default Resource'})"
  849. )
  852. @pytest.mark.asyncio
  853. async def test_a_get_policies(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  854. """Test get policies.
  856. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  857. server with client credentials
  858. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  859. """
  860. oid, username, password = oid_with_credentials_authz
  861. token = await oid.a_token(username=username, password=password)
  863. with pytest.raises(KeycloakAuthorizationConfigError):
  864. await oid.a_get_policies(token=token["access_token"])
  866. await oid.a_load_authorization_config(path="tests/data/authz_settings.json")
  867. assert await oid.a_get_policies(token=token["access_token"]) is None
  869. orig_client_id = oid.client_id
  870. oid.client_id = "account"
  871. assert await oid.a_get_policies(token=token["access_token"], method_token_info="decode") == []
  872. policy = Policy(name="test", type="role", logic="POSITIVE", decision_strategy="UNANIMOUS")
  873. policy.add_role(role="account/view-profile")
  874. oid.authorization.policies["test"] = policy
  875. assert [
  876. str(x)
  877. for x in await oid.a_get_policies(token=token["access_token"], method_token_info="decode")
  878. ] == ["Policy: test (role)"]
  879. assert [
  880. repr(x)
  881. for x in await oid.a_get_policies(token=token["access_token"], method_token_info="decode")
  882. ] == ["<Policy: test (role)>"]
  883. oid.client_id = orig_client_id
  885. await oid.a_logout(refresh_token=token["refresh_token"])
  886. with pytest.raises(KeycloakInvalidTokenError):
  887. await oid.a_get_policies(token=token["access_token"])
  890. @pytest.mark.asyncio
  891. async def test_a_get_permissions(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  892. """Test get policies.
  894. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  895. server with client credentials
  896. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  897. """
  898. oid, username, password = oid_with_credentials_authz
  899. token = await oid.a_token(username=username, password=password)
  901. with pytest.raises(KeycloakAuthorizationConfigError):
  902. await oid.a_get_permissions(token=token["access_token"])
  904. await oid.a_load_authorization_config(path="tests/data/authz_settings.json")
  905. assert await oid.a_get_permissions(token=token["access_token"]) is None
  907. orig_client_id = oid.client_id
  908. oid.client_id = "account"
  909. assert (
  910. await oid.a_get_permissions(token=token["access_token"], method_token_info="decode") == []
  911. )
  912. policy = Policy(name="test", type="role", logic="POSITIVE", decision_strategy="UNANIMOUS")
  913. policy.add_role(role="account/view-profile")
  914. policy.add_permission(
  915. permission=Permission(
  916. name="test-perm", type="resource", logic="POSITIVE", decision_strategy="UNANIMOUS"
  917. )
  918. )
  919. oid.authorization.policies["test"] = policy
  920. assert [
  921. str(x)
  922. for x in await oid.a_get_permissions(
  923. token=token["access_token"], method_token_info="decode"
  924. )
  925. ] == ["Permission: test-perm (resource)"]
  926. assert [
  927. repr(x)
  928. for x in await oid.a_get_permissions(
  929. token=token["access_token"], method_token_info="decode"
  930. )
  931. ] == ["<Permission: test-perm (resource)>"]
  932. oid.client_id = orig_client_id
  934. await oid.a_logout(refresh_token=token["refresh_token"])
  935. with pytest.raises(KeycloakInvalidTokenError):
  936. await oid.a_get_permissions(token=token["access_token"])
  939. @pytest.mark.asyncio
  940. async def test_a_uma_permissions(oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]):
  941. """Test UMA permissions.
  943. :param oid_with_credentials_authz: Keycloak OpenID client configured as an authorization
  944. server with client credentials
  945. :type oid_with_credentials_authz: Tuple[KeycloakOpenID, str, str]
  946. """
  947. oid, username, password = oid_with_credentials_authz
  948. token = await oid.a_token(username=username, password=password)
  950. assert len(await oid.a_uma_permissions(token=token["access_token"])) == 1
  951. assert (await oid.a_uma_permissions(token=token["access_token"]))[0][
  952. "rsname"
  953. ] == "Default Resource"
  956. @pytest.mark.asyncio
  957. async def test_a_device(oid_with_credentials_device: Tuple[KeycloakOpenID, str, str]):
  958. """Test device authorization flow.
  960. :param oid_with_credentials_device: Keycloak OpenID client with pre-configured user
  961. credentials and device authorization flow enabled
  962. :type oid_with_credentials_device: Tuple[KeycloakOpenID, str, str]
  963. """
  964. oid, _, _ = oid_with_credentials_device
  965. res = await oid.a_device()
  966. assert res == {
  967. "device_code": mock.ANY,
  968. "user_code": mock.ANY,
  969. "verification_uri": f"http://localhost:8081/realms/{oid.realm_name}/device",
  970. "verification_uri_complete": f"http://localhost:8081/realms/{oid.realm_name}/"
  971. + f"device?user_code={res['user_code']}",
  972. "expires_in": 600,
  973. "interval": 5,
  974. }
  977. def test_counter_part():
  978. """Test that each function has its async counter part."""
  979. openid_methods = [
  980. func for func in dir(KeycloakOpenID) if callable(getattr(KeycloakOpenID, func))
  981. ]
  982. sync_methods = [
  983. method
  984. for method in openid_methods
  985. if not method.startswith("a_") and not method.startswith("_")
  986. ]
  987. async_methods = [
  988. method for method in openid_methods if iscoroutinefunction(getattr(KeycloakOpenID, method))
  989. ]
  991. for method in sync_methods:
  992. async_method = f"a_{method}"
  993. assert (async_method in openid_methods) is True
  994. sync_sign = signature(getattr(KeycloakOpenID, method))
  995. async_sign = signature(getattr(KeycloakOpenID, async_method))
  996. assert sync_sign.parameters == async_sign.parameters
  998. for async_method in async_methods:
  999. if async_method[2:].startswith("_"):
  1000. continue
  1002. assert async_method[2:] in sync_methods