Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
971 Commits
15 Branches
128 Tags
25 MiB
 
 
Tree: d1879b456b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd1879b456b'
${ noResults }
python-keycloak/tests/test_pkce_flow.py

49 lines
1.7 KiB
Raw Blame History

from unittest import mock
from keycloak import KeycloakOpenID
from keycloak.pkce_utils import generate_code_challenge, generate_code_verifier
def test_pkce_auth_url_and_token(env):
"""
Test PKCE flow: auth_url includes code_challenge, token includes code_verifier.
"""
oid = KeycloakOpenID(
server_url=f"http://{env.keycloak_host}:{env.keycloak_port}",
realm_name="master",
client_id="admin-cli",
)
code_verifier = generate_code_verifier()
code_challenge, code_challenge_method = generate_code_challenge(code_verifier)
# Build PKCE auth URL
url = oid.auth_url(
redirect_uri="http://test.test/*",
code_challenge=code_challenge,
code_challenge_method=code_challenge_method,
)
assert f"code_challenge={code_challenge}" in url
assert f"code_challenge_method={code_challenge_method}" in url
# Simulate token exchange with PKCE
# This part would require a real code from Keycloak, so we mock the response
with mock.patch.object(oid, "token", return_value={
"access_token": mock.ANY,
"refresh_token": mock.ANY,
"token_type": "Bearer",
}) as mocked_token:
token = oid.token(
grant_type="authorization_code",
code="dummy_code",
redirect_uri="http://test.test/*",
code_verifier=code_verifier,
)
mocked_token.assert_called_with(
grant_type="authorization_code",
code="dummy_code",
redirect_uri="http://test.test/*",
code_verifier=code_verifier,
)
assert "access_token" in token
assert "refresh_token" in token
assert token["token_type"] == "Bearer"