GSSKJr SSKrSSKrSSKrSSKrSSKJr SSKJ r SSK J r SSK J r Sr SrSr"S S \5rg) N) exceptions) transport)sts)utilsusernamepasswordzdXNlcm5hbWU6cGFzc3dvcmQ=c\rSrSrSrSrSrSS/rSrSr S r S r S r S r S S 0rSS/SS.0rSSSSSS.rSSSS.rSSSS.r\R("\R*R,\\5r\R("\R*R4\\5r\S1Sj5r\\R>4S j5r \S!5r!S"r"S#r#S$r$S%r%S&r&S'r'S(r(S)r)S*r*S+r+S,r,S-r-S.r.S/r/S0r0g)2 TestStsClient!z/urn:ietf:params:oauth:grant-type:token-exchangezhttps://api.example.com/zurn:example:cooperation-contextscope1scope2z-urn:ietf:params:oauth:token-type:access_tokenz&HEADER.SUBJECT_TOKEN_PAYLOAD.SIGNATUREz$urn:ietf:params:oauth:token-type:jwtz$HEADER.ACTOR_TOKEN_PAYLOAD.SIGNATUREz https://example.com/token.oauth2zx-client-versionz0.1.2 additionaloptionsz some-value)z non-standardother ACCESS_TOKENBeareriz scope1 scope2) access_tokenissued_token_type token_type expires_inscopeabcxyz)r refresh_tokenrinvalid_requestzInvalid subject tokenz#https://tools.ietf.org/html/rfc6749)errorerror_description error_uriNcD[R"URU5$N)rClientTOKEN_EXCHANGE_ENDPOINT)cls client_auths Oplatform/gsutil/third_party/google-auth-library-python/tests/oauth2/test_sts.py make_clientTestStsClient.make_clientFszz#55{CCc[R"[RSS9nX#l[ R "U5RS5Ul[R"[R5nX4l U$)NT)instanceutf-8) mockcreate_autospecrResponsestatusjsondumpsencodedataRequest return_value)r#r3r/responserequests r%make_mock_requestTestStsClient.make_mock_requestJs['' (:(:TJ  4(//8 &&y'8'89'r(cdUSUR:XdeUSS:XdeUSU:XdeUSce[RRUS5nUH-upVUR S5X5R S5:XaM-e [ U5[ UR 55:Xdeg)zEAsserts the request was called with the expected parameters. urlmethodPOSTheadersbodyNr+)r"urllibparse parse_qsldecodelenkeys)r#request_kwargsr> request_data body_tupleskvs r%assert_request_kwargs#TestStsClient.assert_request_kwargsUse$(C(CCCCh'6111i(G333f%111ll,,^F-CD !FQ88G$ XXg5F(GG GG";3|'8'8':#;;;;r(cUR5nURR5nSUS'URURUR SR UR5URURURURUR[RR[ R""UR$55S. nUR'[(R*UR,S9nUR/UURURURURUR URURURURUR$UR5 nUR1UR2SX#5 XPR,:Xdeg)zQTest token exchange success without client authentication using full parameters. !application/x-www-form-urlencoded Content-Type grant_typeresourceaudiencerrequested_token_type subject_tokensubject_token_type actor_tokenactor_token_typerr/r3N)r& ADDON_HEADERScopy GRANT_TYPERESOURCEAUDIENCEjoinSCOPESREQUESTED_TOKEN_TYPE SUBJECT_TOKENSUBJECT_TOKEN_TYPE ACTOR_TOKENACTOR_TOKEN_TYPEr@rAquoter0r1 ADDON_OPTIONSr8 http_clientOKSUCCESS_RESPONSEexchange_tokenrK call_argsselfclientr>rGr7r6s r%-test_exchange_token_full_success_without_auth;TestStsClient.test_exchange_token_full_success_without_authbso!!#$$))+"E//  XXdkk*$($=$=!//"&"9"9++ $ 5 5||))$**T5G5G*HI  ((>>(=(=) ((  OO     # # MM MM KK  % %     ! !         ""7#4#4Q#7O00000r(c UR5nSS0nURURURURUR S.nUR [RURS9nURUURURUR URURS9nURURSX#5 XPR:Xdeg)zdTest token exchange success without client authentication using partial (required only) parameters. rOrNrRrTrUrVrWrZrRrVrWrTrUr[N) r&r^r`rcrdrer8rjrkrlrmrKrnros r%0test_exchange_token_partial_success_without_auth>TestStsClient.test_exchange_token_partial_success_without_auths!!#!#FG// $($=$=!//"&"9"9  ((>>(=(=) (( ,,#66]]!%!:!: )  ""7#4#4Q#7O00000r(c4UR5nUR[RURS9n[ R "[R5nURUURURURURURURUR UR"UR$UR&UR(5 SSS5 WR+S5(deg!,(df  N'=f)zPTest token exchange without client auth responding with non-200 status. rZNWError code invalid_request: Invalid subject token - https://tools.ietf.org/html/rfc6749)r&r8rj BAD_REQUESTERROR_RESPONSEpytestraisesr OAuthErrorrmr^rdrer_r`rbrcrfrgrir\matchrprqr7excinfos r%'test_exchange_token_non200_without_auth5TestStsClient.test_exchange_token_non200_without_auths!!#((**1D1D) ]]:00 1W  ! !""''   ))  %%"""" 2 }} f    !2 1s B D  DcURUR5nURR5nSUS'SR [ 5US'UR URURSRUR5URURURURUR[ R"R%[&R("UR*55S. nUR-[.R0UR2S9nUR5UUR URURURURURURURURUR*UR5 nUR7UR8SX#5 XPR2:Xdeg ) zTTest token exchange success with basic client authentication using full parameters. rNrOBasic {} AuthorizationrPrQrZr[N)r&CLIENT_AUTH_BASICr\r]formatBASIC_AUTH_ENCODINGr^r_r`rarbrcrdrerfrgr@rArhr0r1rir8rjrkrlrmrKrnros r%0test_exchange_token_full_success_with_basic_auth>TestStsClient.test_exchange_token_full_success_with_basic_auths!!$"8"89$$))+"E#-#4#45H#I //  XXdkk*$($=$=!//"&"9"9++ $ 5 5||))$**T5G5G*HI  ((>>(=(=) ((  OO     # # MM MM KK  % %     ! !         ""7#4#4Q#7O00000r(c URUR5nSSR[5S.nURUR UR URURS.nUR[RURS9nURUURURURUR UR S9nURURSX#5 XPR:Xdeg) zgTest token exchange success with basic client authentication using partial (required only) parameters. rNr)rOrrurZrvr[N)r&rrrr^r`rcrdrer8rjrkrlrmrKrnros r%3test_exchange_token_partial_success_with_basic_authATestStsClient.test_exchange_token_partial_success_with_basic_auths!!$"8"89?'../BC  // $($=$=!//"&"9"9  ((>>(=(=) (( ,,#66]]!%!:!: )  ""7#4#4Q#7O00000r(cJURUR5nUR[RUR S9n[ R"[R5nURUURURURURURUR UR"UR$UR&UR(UR*5 SSS5 WR-S5(deg!,(df  N'=f)zKTest token exchange with basic client auth responding with non-200 status. rZNrz)r&rr8rjr{r|r}r~rrrmr^rdrer_r`rbrcrfrgrir\rrs r%*test_exchange_token_non200_with_basic_auth8TestStsClient.test_exchange_token_non200_with_basic_auths!!$"8"89((**1D1D) ]]:00 1W  ! !""''   ))  %%"""" 2 }} f    !2 1 (B D D"cURUR5nURR5nSUS'URUR UR SRUR5URURURURUR[RR!["R$"UR&55[([*S. nUR-[.R0UR2S9nUR5UURURURUR UR URURURURUR&UR5 nUR7UR8SX#5 XPR2:Xdeg)z[Test token exchange success with request body client authenticaiton using full parameters. rNrOrP) rRrSrTrrUrVrWrXrYr client_id client_secretrZr[N)r&CLIENT_AUTH_REQUEST_BODYr\r]r^r_r`rarbrcrdrerfrgr@rArhr0r1ri CLIENT_ID CLIENT_SECRETr8rjrkrlrmrKrnros r%2test_exchange_token_full_success_with_reqbody_auth@TestStsClient.test_exchange_token_full_success_with_reqbody_auth+s}!!$"?"?@$$))+"E//  XXdkk*$($=$=!//"&"9"9++ $ 5 5||))$**T5G5G*HI"*  ((>>(=(=) ((  OO     # # MM MM KK  % %     ! !         ""7#4#4Q#7O00000r(c URUR5nSS0nURURURUR UR [[S.nUR[RURS9nURUURUR UR URURS9nURURSX#5 XPR:Xdeg)znTest token exchange success with request body client authentication using partial (required only) parameters. rOrN)rRrTrUrVrWrrrZrvr[N)r&rr^r`rcrdrerrr8rjrkrlrmrKrnros r%5test_exchange_token_partial_success_with_reqbody_authCTestStsClient.test_exchange_token_partial_success_with_reqbody_authVs!!$"?"?@!#FG// $($=$=!//"&"9"9"* ((>>(=(=) (( ,,#66]]!%!:!: )  ""7#4#4Q#7O00000r(cJURUR5nUR[RUR S9n[ R"[R5nURUURURURURURUR UR"UR$UR&UR(UR*5 SSS5 WR-S5(deg!,(df  N'=f)zWTest token exchange with POST request body client auth responding with non-200 status. rZNrz)r&rr8rjr{r|r}r~rrrmr^rdrer_r`rbrcrfrgrir\rrs r%,test_exchange_token_non200_with_reqbody_auth:TestStsClient.test_exchange_token_non200_with_reqbody_authus!!$"?"?@((**1D1D) ]]:00 1W  ! !""''   ))  %%"""" 2 }} f    !2 1rc"URUR5nUR[RUR S9nUR US5nSSS.nSSS.nURURSXE5 X0R :Xdeg z,Test refresh token with successful response.rZ refreshtokenBasic dXNlcm5hbWU6cGFzc3dvcmQ=rN)rrOr)rRrr[N) r&rr8rjrkrlrrKrnrprqr7r6r>rGs r%test_refresh_token_success(TestStsClient.test_refresh_token_successs!!$"8"89((>>(=(=) ''@>? '6W  ""7#4#4Q#7O00000r(c"URUR5nUR[RUR S9nUR US5nSSS.nSSS.nURURSXE5 X0R :Xdeg r) r&rr8rjrkSUCCESS_RESPONSE_WITH_REFRESHrrKrnrs r%'test_refresh_token_success_with_refresh5TestStsClient.test_refresh_token_success_with_refreshs!!$"8"89((>>(J(J) ''@>? '6W  ""7#4#4Q#7O=====r(cZURUR5nUR[RUR S9n[ R"[R5nURUS5 SSS5 WRS5(deg!,(df  N'=f))Test refresh token with failure response.rZrNrz) r&rr8rjr{r|r}r~rrrrrs r%test_refresh_token_failure(TestStsClient.test_refresh_token_failures!!$"8"89((**1D1D) ]]:00 1W  . 92}} f    2 1s (B B*c,URUR5nUR[RUR S9nUR USS0SS05nSSSS.nSS0nURURS XE5 X0R :Xdeg ) z*Test base method with successful response.rZabcdrrN)rrOrr[N) r&rr8rjrkrl _make_requestrKrnrs r%test__make_request_success(TestStsClient.test__make_request_successs!!$"8"89((>>(=(=) ''#sc3ZH>?  Sz  ""7#4#4Q#7O00000r(cdURUR5nUR[RUR S9n[ R"[R5nURUSS0SS05 SSS5 WRS5(deg!,(df  N'=f)rrZrrrrNrz) r&rr8rjr{r|r}r~rrrrrs r%test_make_request_failure'TestStsClient.test_make_request_failures!!$"8"89((**1D1D) ]]:00 1W  3*sCj A2}} f    2 1s (B!! B/r )1__name__ __module__ __qualname____firstlineno__r^r_r`rbrcrdrerfrgr"r\rirlrr|rClientAuthenticationClientAuthTypebasicrrr request_bodyr classmethodr&rjrkr8rKrrrwrrrrrrrrrrrr__static_attributes__rr(r%r r !soBJ)H0H !FJ :1">"  1$  r(r ) http.clientrqrjr0r@r,r} google.authrr google.oauth2rrrrrobjectr rr(r%rs@" "!   0 F r(