Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2673 from franz-see/moto/issues/2672

Browse Source 
moto/issues/2672 | Modified 'token_use' to return 'id' for an id toke…
This commit is contained in:
Bert Blommers 2020-01-15 14:54:52 +00:00 committed by GitHub
commit 15889566b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
moto/cognitoidp/models.py
View File

@ -108,7 +108,9 @@ class CognitoIdpUserPool(BaseModel):
return user_pool_json return user_pool_json
def create_jwt(self, client_id, username, expires_in=60 * 60, extra_data={}): def create_jwt(
self, client_id, username, token_use, expires_in=60 * 60, extra_data={}
):
now = int(time.time()) now = int(time.time())
payload = { payload = {
"iss": "https://cognito-idp.{}.amazonaws.com/{}".format( "iss": "https://cognito-idp.{}.amazonaws.com/{}".format(
@ -116,7 +118,7 @@ class CognitoIdpUserPool(BaseModel):
), ),
"sub": self.users[username].id, "sub": self.users[username].id,
"aud": client_id, "aud": client_id,
"token_use": "id", "token_use": token_use,
"auth_time": now, "auth_time": now,
"exp": now + expires_in, "exp": now + expires_in,
} }
@ -125,7 +127,7 @@ class CognitoIdpUserPool(BaseModel):
return jws.sign(payload, self.json_web_key, algorithm="RS256"), expires_in return jws.sign(payload, self.json_web_key, algorithm="RS256"), expires_in
def create_id_token(self, client_id, username): def create_id_token(self, client_id, username):
id_token, expires_in = self.create_jwt(client_id, username) id_token, expires_in = self.create_jwt(client_id, username, "id")
self.id_tokens[id_token] = (client_id, username) self.id_tokens[id_token] = (client_id, username)
return id_token, expires_in return id_token, expires_in
@ -137,7 +139,7 @@ class CognitoIdpUserPool(BaseModel):
def create_access_token(self, client_id, username): def create_access_token(self, client_id, username):
extra_data = self.get_user_extra_data_by_client_id(client_id, username) extra_data = self.get_user_extra_data_by_client_id(client_id, username)
access_token, expires_in = self.create_jwt( access_token, expires_in = self.create_jwt(
client_id, username, extra_data=extra_data client_id, username, "access", extra_data=extra_data
) )
self.access_tokens[access_token] = (client_id, username) self.access_tokens[access_token] = (client_id, username)
return access_token, expires_in return access_token, expires_in

2
tests/test_cognitoidp/test_cognitoidp.py
View File

@ -1142,11 +1142,13 @@ def test_token_legitimacy():
id_claims = json.loads(jws.verify(id_token, json_web_key, "RS256")) id_claims = json.loads(jws.verify(id_token, json_web_key, "RS256"))
id_claims["iss"].should.equal(issuer) id_claims["iss"].should.equal(issuer)
id_claims["aud"].should.equal(client_id) id_claims["aud"].should.equal(client_id)
id_claims["token_use"].should.equal("id")
access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256")) access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))
access_claims["iss"].should.equal(issuer) access_claims["iss"].should.equal(issuer)
access_claims["aud"].should.equal(client_id) access_claims["aud"].should.equal(client_id)
for k, v in outputs["additional_fields"].items(): for k, v in outputs["additional_fields"].items():
access_claims[k].should.equal(v) access_claims[k].should.equal(v)
access_claims["token_use"].should.equal("access")
@mock_cognitoidp @mock_cognitoidp