@@ -19,12 +19,12 @@ def _get_app_and_auth_code(
19
19
authority = "https://login.microsoftonline.com/common" ,
20
20
port = 44331 ,
21
21
scopes = ["https://graph.microsoft.com/.default" ], # Microsoft Graph
22
- ):
22
+ ** kwargs ):
23
23
from msal .oauth2cli .authcode import obtain_auth_code
24
24
app = msal .ClientApplication (client_id , client_secret , authority = authority )
25
25
redirect_uri = "http://localhost:%d" % port
26
26
ac = obtain_auth_code (port , auth_uri = app .get_authorization_request_url (
27
- scopes , redirect_uri = redirect_uri ))
27
+ scopes , redirect_uri = redirect_uri , ** kwargs ))
28
28
assert ac is not None
29
29
return (app , ac , redirect_uri )
30
30
@@ -124,20 +124,20 @@ def test_username_password(self):
124
124
self .skipUnlessWithConfig (["client_id" , "username" , "password" , "scope" ])
125
125
self ._test_username_password (** self .config )
126
126
127
- def _get_app_and_auth_code (self ):
127
+ def _get_app_and_auth_code (self , ** kwargs ):
128
128
return _get_app_and_auth_code (
129
129
self .config ["client_id" ],
130
130
client_secret = self .config .get ("client_secret" ),
131
131
authority = self .config .get ("authority" ),
132
132
port = self .config .get ("listen_port" , 44331 ),
133
133
scopes = self .config ["scope" ],
134
- )
134
+ ** kwargs )
135
135
136
- def test_auth_code (self ):
136
+ def _test_auth_code (self , auth_kwargs , token_kwargs ):
137
137
self .skipUnlessWithConfig (["client_id" , "scope" ])
138
- (self .app , ac , redirect_uri ) = self ._get_app_and_auth_code ()
138
+ (self .app , ac , redirect_uri ) = self ._get_app_and_auth_code (** auth_kwargs )
139
139
result = self .app .acquire_token_by_authorization_code (
140
- ac , self .config ["scope" ], redirect_uri = redirect_uri )
140
+ ac , self .config ["scope" ], redirect_uri = redirect_uri , ** token_kwargs )
141
141
logger .debug ("%s.cache = %s" ,
142
142
self .id (), json .dumps (self .app .token_cache ._cache , indent = 4 ))
143
143
self .assertIn (
@@ -148,6 +148,18 @@ def test_auth_code(self):
148
148
error_description = result .get ("error_description" )))
149
149
self .assertCacheWorksForUser (result , self .config ["scope" ], username = None )
150
150
151
+ def test_auth_code (self ):
152
+ self ._test_auth_code ({}, {})
153
+
154
+ def test_auth_code_with_matching_nonce (self ):
155
+ self ._test_auth_code ({"nonce" : "foo" }, {"nonce" : "foo" })
156
+
157
+ def test_auth_code_with_mismatching_nonce (self ):
158
+ self .skipUnlessWithConfig (["client_id" , "scope" ])
159
+ (self .app , ac , redirect_uri ) = self ._get_app_and_auth_code (nonce = "foo" )
160
+ with self .assertRaises (ValueError ):
161
+ self .app .acquire_token_by_authorization_code (
162
+ ac , self .config ["scope" ], redirect_uri = redirect_uri , nonce = "bar" )
151
163
152
164
def test_ssh_cert (self ):
153
165
self .skipUnlessWithConfig (["client_id" , "scope" ])
0 commit comments