moto/issues/2672 | Modified 'token_use' to return 'id' for an id token, and 'access' for an access token

2020-01-05 23:55:04 +08:00 · 2020-01-05 23:55:04 +08:00 · 68d882e6c0
commit 68d882e6c0
parent 1db617a530
2 changed files with 6 additions and 5 deletions
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@ -108,7 +108,7 @@ class CognitoIdpUserPool(BaseModel):

        return user_pool_json

-    def create_jwt(self, client_id, username, expires_in=60 * 60, extra_data={}):
+    def create_jwt(self, client_id, username, token_use, expires_in=60 * 60, extra_data={}):
        now = int(time.time())
        payload = {
            "iss": "https://cognito-idp.{}.amazonaws.com/{}".format(
@ -116,7 +116,7 @@ class CognitoIdpUserPool(BaseModel):
            ),
            "sub": self.users[username].id,
            "aud": client_id,
-            "token_use": "id",
+            "token_use": token_use,
            "auth_time": now,
            "exp": now + expires_in,
        }
@ -125,7 +125,7 @@ class CognitoIdpUserPool(BaseModel):
        return jws.sign(payload, self.json_web_key, algorithm="RS256"), expires_in

    def create_id_token(self, client_id, username):
-        id_token, expires_in = self.create_jwt(client_id, username)
+        id_token, expires_in = self.create_jwt(client_id, username, "id")
        self.id_tokens[id_token] = (client_id, username)
        return id_token, expires_in

@ -137,7 +137,7 @@ class CognitoIdpUserPool(BaseModel):
    def create_access_token(self, client_id, username):
        extra_data = self.get_user_extra_data_by_client_id(client_id, username)
        access_token, expires_in = self.create_jwt(
-            client_id, username, extra_data=extra_data
+            client_id, username, "access", extra_data=extra_data
        )
        self.access_tokens[access_token] = (client_id, username)
        return access_token, expires_in
--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@ -1142,12 +1142,13 @@ def test_token_legitimacy():
    id_claims = json.loads(jws.verify(id_token, json_web_key, "RS256"))
    id_claims["iss"].should.equal(issuer)
    id_claims["aud"].should.equal(client_id)
+    id_claims["token_use"].should.equal("id")
    access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))
    access_claims["iss"].should.equal(issuer)
    access_claims["aud"].should.equal(client_id)
    for k, v in outputs["additional_fields"].items():
        access_claims[k].should.equal(v)
-
+    access_claims["token_use"].should.equal("access")

@mock_cognitoidp
 def test_change_password():