Dive into secure and efficient coding practices with our curated list of the top 10 examples showcasing 'oauthlib' in functional components in Python. Our advanced machine learning engine meticulously scans each line of code, cross-referencing millions of open source libraries to ensure your implementation is not just functional, but also robust and secure. Elevate your React applications to new heights by mastering the art of handling side effects, API calls, and asynchronous operations with confidence and precision.
uri.format('code'), scopes=['foo'])
self.assertEqual(s, 302)
self.assertIn('Location', h)
self.assertIn('error=invalid_request', h['Location'])
invalid_bodies = [
# duplicate params
'grant_type=authorization_code&client_id=nope&client_id=nope&code=foo'
]
for body in invalid_bodies:
_, body, _ = self.web.create_token_response(token_uri,
body=body)
self.assertEqual('invalid_request', json.loads(body)['error'])
# Implicit grant
for uri in invalid_uris:
self.assertRaises(errors.InvalidRequestError,
self.mobile.validate_authorization_request,
uri.format('token'))
h, _, s = self.mobile.create_authorization_response(
uri.format('token'), scopes=['foo'])
self.assertEqual(s, 302)
self.assertIn('Location', h)
self.assertIn('error=invalid_request', h['Location'])
# Password credentials grant
invalid_bodies = [
# duplicate params
'grant_type=password&username=foo&username=bar&password=baz'
# missing username
'grant_type=password&password=baz'
# missing password
'grant_type=password&username=foo'
def test_pkce_required_verifier_missing_challenge_valid(self):
self.mock_validator.is_pkce_required.return_value = True
self.request.code_verifier = None
self.mock_validator.get_code_challenge.return_value = "foo"
self.assertRaises(errors.MissingCodeVerifierError,
self.auth.validate_token_request, self.request)
def test_invalid_grant_type(self):
self.request.grant_type = 'foo'
self.assertRaises(errors.UnsupportedGrantTypeError,
self.auth.validate_token_request, self.request)
def test_sanitized_request_non_debug_mode(self):
"""make sure requests are sanitized when in non debug mode.
For the debug mode, the other tests checking sanitization should prove
that debug mode is working.
"""
try:
oauthlib.set_debug(False)
r = Request(URI, headers={'token': 'foobar'}, body='token=banana')
self.assertNotIn('token', repr(r))
self.assertIn('SANITIZED', repr(r))
finally:
# set flag back for other tests
oauthlib.set_debug(True)
def test_get_oauth_params():
"""Verifies oauth_token is added to the list of params when an empty string."""
client = MKMClient(
client_key="app_token",
client_secret="app_secret",
resource_owner_key="",
resource_owner_secret="",
realm="https://sandbox.cardmarket.com",
nonce="0987654321",
timestamp="1234567890",
)
params = client.get_oauth_params(Request(uri="https://sandbox.cardmarket.com"))
assert params[0][0] == "oauth_nonce"
assert params[0][1] == "0987654321"
assert params[1][0] == "oauth_timestamp"
assert params[1][1] == "1234567890"
assert params[2][0] == "oauth_version"
assert params[2][1] == "1.0"
assert params[3][0] == "oauth_signature_method"
assert params[3][1] == "HMAC-SHA1"
assert params[4][0] == "oauth_consumer_key"
assert params[4][1] == "app_token"
assert params[5][0] == "oauth_token"
assert params[5][1] == ""
def oauth_sign_params(cls, url, params):
params.update(
{
"oauth_consumer_key": cls.OAUTH_CONSUMER_KEY,
"oauth_nonce": cls.OAUTH_NONCE,
"oauth_timestamp": str(int(time.time())),
}
)
params["oauth_signature"] = cls.OAUTH_CLIENT.get_oauth_signature(
oauthlib.common.Request(f"http://localhost{url}", "POST", body=params)
)
return params
def generate_launch_request(
url,
body=None,
http_method="GET",
base_url="http://localhost",
roles="Instructor",
headers=None,
):
params = {}
if roles is not None:
params["roles"] = roles
urlparams = urlencode(params)
client = oauthlib.oauth1.Client(
"key",
client_secret="secret",
signature_method=oauthlib.oauth1.SIGNATURE_HMAC,
signature_type=oauthlib.oauth1.SIGNATURE_TYPE_QUERY,
)
signature = client.sign(
"{}{}?{}".format(base_url, url, urlparams),
body=body,
http_method=http_method,
headers=headers,
)
signed_url = signature[0]
new_url = signed_url[len(base_url) :]
return new_url
def test_invalid_oauth_and_XML(self):
# OAuth credentials are invalid and the body XML causes ParseError
req_xml = '''
'''
# OAuth1 signature and body hash for the HTTP request Authorization header
oauth_client = oauthlib.oauth1.Client(
client_key=self.lti_service.consumer_key,
client_secret='thewrongsecret',
signature_method=oauthlib.oauth1.SIGNATURE_HMAC,
signature_type=oauthlib.oauth1.SIGNATURE_TYPE_AUTH_HEADER,
)
oa_uri, oa_headers, oa_body = oauth_client.sign('http://aplus.local/api/v2/lti-outcomes',
http_method='POST',
body=req_xml,
headers={
'Content-Type': 'application/xml',
},
)
# make the test request
response = self.client.post(self.OUTCOMES_API_URL, data=req_xml, content_type='application/xml',
HTTP_AUTHORIZATION=oa_headers['Authorization'],
def test_request_body(self):
client = WebApplicationClient(self.client_id, code=self.code)
# Basic, no extra arguments
body = client.prepare_request_body(body=self.body)
self.assertFormBodyEqual(body, self.body_code)
rclient = WebApplicationClient(self.client_id)
body = rclient.prepare_request_body(code=self.code, body=self.body)
self.assertFormBodyEqual(body, self.body_code)
# With redirection uri
body = client.prepare_request_body(body=self.body, redirect_uri=self.redirect_uri)
self.assertFormBodyEqual(body, self.body_redirect)
# With extra parameters
body = client.prepare_request_body(body=self.body, **self.kwargs)
self.assertFormBodyEqual(body, self.body_kwargs)
def test_populate_attributes(self):
client = WebApplicationClient(self.client_id)
response_uri = (self.response_uri +
"&access_token=EVIL-TOKEN"
"&refresh_token=EVIL-TOKEN"
"&mac_key=EVIL-KEY")
client.parse_request_uri_response(response_uri, self.state)
self.assertEqual(client.code, self.code)
# We must not accidentally pick up any further security
# credentials at this point.
self.assertIsNone(client.access_token)
self.assertIsNone(client.refresh_token)
self.assertIsNone(client.mac_key)