authentik.providers.oauth2.tests.test_token_cc_jwt_provider
Test token view
1"""Test token view""" 2 3from datetime import datetime, timedelta 4from json import loads 5 6from django.test import RequestFactory 7from django.urls import reverse 8from django.utils.timezone import now 9from jwt import decode 10 11from authentik.blueprints.tests import apply_blueprint 12from authentik.common.oauth.constants import ( 13 GRANT_TYPE_CLIENT_CREDENTIALS, 14 SCOPE_OPENID, 15 SCOPE_OPENID_EMAIL, 16 SCOPE_OPENID_PROFILE, 17 TOKEN_TYPE, 18) 19from authentik.core.models import Application, Group 20from authentik.core.tests.utils import create_test_cert, create_test_flow, create_test_user 21from authentik.lib.generators import generate_id 22from authentik.policies.models import PolicyBinding 23from authentik.providers.oauth2.models import ( 24 AccessToken, 25 GrantType, 26 OAuth2Provider, 27 RedirectURI, 28 RedirectURIMatchingMode, 29 ScopeMapping, 30) 31from authentik.providers.oauth2.tests.utils import OAuthTestCase 32 33 34class TestTokenClientCredentialsJWTProvider(OAuthTestCase): 35 """Test token (client_credentials, with JWT) view""" 36 37 @apply_blueprint("system/providers-oauth2.yaml") 38 def setUp(self) -> None: 39 super().setUp() 40 self.factory = RequestFactory() 41 self.other_cert = create_test_cert() 42 self.cert = create_test_cert() 43 44 self.other_provider = OAuth2Provider.objects.create( 45 name=generate_id(), 46 authorization_flow=create_test_flow(), 47 signing_key=self.other_cert, 48 ) 49 self.other_provider.property_mappings.set(ScopeMapping.objects.all()) 50 self.app = Application.objects.create( 51 name=generate_id(), slug=generate_id(), provider=self.other_provider 52 ) 53 54 self.provider: OAuth2Provider = OAuth2Provider.objects.create( 55 name="test", 56 authorization_flow=create_test_flow(), 57 redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://testserver")], 58 signing_key=self.cert, 59 grant_types=[GrantType.CLIENT_CREDENTIALS], 60 ) 61 self.provider.jwt_federation_providers.add(self.other_provider) 62 self.provider.property_mappings.set(ScopeMapping.objects.all()) 63 self.app = Application.objects.create(name="test", slug="test", provider=self.provider) 64 65 def test_invalid_type(self): 66 """test invalid type""" 67 response = self.client.post( 68 reverse("authentik_providers_oauth2:token"), 69 { 70 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 71 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 72 "client_id": self.provider.client_id, 73 "client_assertion_type": "foo", 74 "client_assertion": "foo.bar", 75 }, 76 ) 77 self.assertEqual(response.status_code, 400) 78 body = loads(response.content.decode()) 79 self.assertEqual(body["error"], "invalid_grant") 80 81 def test_invalid_jwt(self): 82 """test invalid JWT""" 83 response = self.client.post( 84 reverse("authentik_providers_oauth2:token"), 85 { 86 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 87 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 88 "client_id": self.provider.client_id, 89 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 90 "client_assertion": "foo.bar", 91 }, 92 ) 93 self.assertEqual(response.status_code, 400) 94 body = loads(response.content.decode()) 95 self.assertEqual(body["error"], "invalid_grant") 96 97 def test_invalid_signature(self): 98 """test invalid JWT""" 99 token = self.provider.encode( 100 { 101 "sub": "foo", 102 "exp": datetime.now() + timedelta(hours=2), 103 } 104 ) 105 response = self.client.post( 106 reverse("authentik_providers_oauth2:token"), 107 { 108 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 109 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 110 "client_id": self.provider.client_id, 111 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 112 "client_assertion": token + "foo", 113 }, 114 ) 115 self.assertEqual(response.status_code, 400) 116 body = loads(response.content.decode()) 117 self.assertEqual(body["error"], "invalid_grant") 118 119 def test_invalid_expired(self): 120 """test invalid JWT""" 121 token = self.provider.encode( 122 { 123 "sub": "foo", 124 "exp": datetime.now() - timedelta(hours=2), 125 } 126 ) 127 response = self.client.post( 128 reverse("authentik_providers_oauth2:token"), 129 { 130 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 131 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 132 "client_id": self.provider.client_id, 133 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 134 "client_assertion": token, 135 }, 136 ) 137 self.assertEqual(response.status_code, 400) 138 body = loads(response.content.decode()) 139 self.assertEqual(body["error"], "invalid_grant") 140 141 def test_invalid_no_app(self): 142 """test invalid JWT""" 143 self.app.provider = None 144 self.app.save() 145 token = self.provider.encode( 146 { 147 "sub": "foo", 148 "exp": datetime.now() + timedelta(hours=2), 149 } 150 ) 151 response = self.client.post( 152 reverse("authentik_providers_oauth2:token"), 153 { 154 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 155 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 156 "client_id": self.provider.client_id, 157 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 158 "client_assertion": token, 159 }, 160 ) 161 self.assertEqual(response.status_code, 400) 162 body = loads(response.content.decode()) 163 self.assertEqual(body["error"], "invalid_grant") 164 165 def test_invalid_access_denied(self): 166 """test invalid JWT""" 167 group = Group.objects.create(name="foo") 168 PolicyBinding.objects.create( 169 group=group, 170 target=self.app, 171 order=0, 172 ) 173 token = self.provider.encode( 174 { 175 "sub": "foo", 176 "exp": datetime.now() + timedelta(hours=2), 177 } 178 ) 179 response = self.client.post( 180 reverse("authentik_providers_oauth2:token"), 181 { 182 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 183 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 184 "client_id": self.provider.client_id, 185 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 186 "client_assertion": token, 187 }, 188 ) 189 self.assertEqual(response.status_code, 400) 190 body = loads(response.content.decode()) 191 self.assertEqual(body["error"], "invalid_grant") 192 193 def test_successful(self): 194 """test successful""" 195 user = create_test_user() 196 token = self.other_provider.encode( 197 { 198 "sub": "foo", 199 "exp": datetime.now() + timedelta(hours=2), 200 } 201 ) 202 AccessToken.objects.create( 203 provider=self.other_provider, 204 token=token, 205 user=user, 206 auth_time=now(), 207 ) 208 209 response = self.client.post( 210 reverse("authentik_providers_oauth2:token"), 211 { 212 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 213 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 214 "client_id": self.provider.client_id, 215 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 216 "client_assertion": token, 217 }, 218 ) 219 self.assertEqual(response.status_code, 200) 220 body = loads(response.content.decode()) 221 self.assertEqual(body["token_type"], TOKEN_TYPE) 222 _, alg = self.provider.jwt_key 223 jwt = decode( 224 body["access_token"], 225 key=self.provider.signing_key.public_key, 226 algorithms=[alg], 227 audience=self.provider.client_id, 228 ) 229 self.assertEqual(jwt["given_name"], user.name) 230 self.assertEqual(jwt["preferred_username"], user.username)
35class TestTokenClientCredentialsJWTProvider(OAuthTestCase): 36 """Test token (client_credentials, with JWT) view""" 37 38 @apply_blueprint("system/providers-oauth2.yaml") 39 def setUp(self) -> None: 40 super().setUp() 41 self.factory = RequestFactory() 42 self.other_cert = create_test_cert() 43 self.cert = create_test_cert() 44 45 self.other_provider = OAuth2Provider.objects.create( 46 name=generate_id(), 47 authorization_flow=create_test_flow(), 48 signing_key=self.other_cert, 49 ) 50 self.other_provider.property_mappings.set(ScopeMapping.objects.all()) 51 self.app = Application.objects.create( 52 name=generate_id(), slug=generate_id(), provider=self.other_provider 53 ) 54 55 self.provider: OAuth2Provider = OAuth2Provider.objects.create( 56 name="test", 57 authorization_flow=create_test_flow(), 58 redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://testserver")], 59 signing_key=self.cert, 60 grant_types=[GrantType.CLIENT_CREDENTIALS], 61 ) 62 self.provider.jwt_federation_providers.add(self.other_provider) 63 self.provider.property_mappings.set(ScopeMapping.objects.all()) 64 self.app = Application.objects.create(name="test", slug="test", provider=self.provider) 65 66 def test_invalid_type(self): 67 """test invalid type""" 68 response = self.client.post( 69 reverse("authentik_providers_oauth2:token"), 70 { 71 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 72 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 73 "client_id": self.provider.client_id, 74 "client_assertion_type": "foo", 75 "client_assertion": "foo.bar", 76 }, 77 ) 78 self.assertEqual(response.status_code, 400) 79 body = loads(response.content.decode()) 80 self.assertEqual(body["error"], "invalid_grant") 81 82 def test_invalid_jwt(self): 83 """test invalid JWT""" 84 response = self.client.post( 85 reverse("authentik_providers_oauth2:token"), 86 { 87 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 88 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 89 "client_id": self.provider.client_id, 90 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 91 "client_assertion": "foo.bar", 92 }, 93 ) 94 self.assertEqual(response.status_code, 400) 95 body = loads(response.content.decode()) 96 self.assertEqual(body["error"], "invalid_grant") 97 98 def test_invalid_signature(self): 99 """test invalid JWT""" 100 token = self.provider.encode( 101 { 102 "sub": "foo", 103 "exp": datetime.now() + timedelta(hours=2), 104 } 105 ) 106 response = self.client.post( 107 reverse("authentik_providers_oauth2:token"), 108 { 109 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 110 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 111 "client_id": self.provider.client_id, 112 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 113 "client_assertion": token + "foo", 114 }, 115 ) 116 self.assertEqual(response.status_code, 400) 117 body = loads(response.content.decode()) 118 self.assertEqual(body["error"], "invalid_grant") 119 120 def test_invalid_expired(self): 121 """test invalid JWT""" 122 token = self.provider.encode( 123 { 124 "sub": "foo", 125 "exp": datetime.now() - timedelta(hours=2), 126 } 127 ) 128 response = self.client.post( 129 reverse("authentik_providers_oauth2:token"), 130 { 131 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 132 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 133 "client_id": self.provider.client_id, 134 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 135 "client_assertion": token, 136 }, 137 ) 138 self.assertEqual(response.status_code, 400) 139 body = loads(response.content.decode()) 140 self.assertEqual(body["error"], "invalid_grant") 141 142 def test_invalid_no_app(self): 143 """test invalid JWT""" 144 self.app.provider = None 145 self.app.save() 146 token = self.provider.encode( 147 { 148 "sub": "foo", 149 "exp": datetime.now() + timedelta(hours=2), 150 } 151 ) 152 response = self.client.post( 153 reverse("authentik_providers_oauth2:token"), 154 { 155 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 156 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 157 "client_id": self.provider.client_id, 158 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 159 "client_assertion": token, 160 }, 161 ) 162 self.assertEqual(response.status_code, 400) 163 body = loads(response.content.decode()) 164 self.assertEqual(body["error"], "invalid_grant") 165 166 def test_invalid_access_denied(self): 167 """test invalid JWT""" 168 group = Group.objects.create(name="foo") 169 PolicyBinding.objects.create( 170 group=group, 171 target=self.app, 172 order=0, 173 ) 174 token = self.provider.encode( 175 { 176 "sub": "foo", 177 "exp": datetime.now() + timedelta(hours=2), 178 } 179 ) 180 response = self.client.post( 181 reverse("authentik_providers_oauth2:token"), 182 { 183 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 184 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 185 "client_id": self.provider.client_id, 186 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 187 "client_assertion": token, 188 }, 189 ) 190 self.assertEqual(response.status_code, 400) 191 body = loads(response.content.decode()) 192 self.assertEqual(body["error"], "invalid_grant") 193 194 def test_successful(self): 195 """test successful""" 196 user = create_test_user() 197 token = self.other_provider.encode( 198 { 199 "sub": "foo", 200 "exp": datetime.now() + timedelta(hours=2), 201 } 202 ) 203 AccessToken.objects.create( 204 provider=self.other_provider, 205 token=token, 206 user=user, 207 auth_time=now(), 208 ) 209 210 response = self.client.post( 211 reverse("authentik_providers_oauth2:token"), 212 { 213 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 214 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 215 "client_id": self.provider.client_id, 216 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 217 "client_assertion": token, 218 }, 219 ) 220 self.assertEqual(response.status_code, 200) 221 body = loads(response.content.decode()) 222 self.assertEqual(body["token_type"], TOKEN_TYPE) 223 _, alg = self.provider.jwt_key 224 jwt = decode( 225 body["access_token"], 226 key=self.provider.signing_key.public_key, 227 algorithms=[alg], 228 audience=self.provider.client_id, 229 ) 230 self.assertEqual(jwt["given_name"], user.name) 231 self.assertEqual(jwt["preferred_username"], user.username)
Test token (client_credentials, with JWT) view
@apply_blueprint('system/providers-oauth2.yaml')
def
setUp(self) -> None:
38 @apply_blueprint("system/providers-oauth2.yaml") 39 def setUp(self) -> None: 40 super().setUp() 41 self.factory = RequestFactory() 42 self.other_cert = create_test_cert() 43 self.cert = create_test_cert() 44 45 self.other_provider = OAuth2Provider.objects.create( 46 name=generate_id(), 47 authorization_flow=create_test_flow(), 48 signing_key=self.other_cert, 49 ) 50 self.other_provider.property_mappings.set(ScopeMapping.objects.all()) 51 self.app = Application.objects.create( 52 name=generate_id(), slug=generate_id(), provider=self.other_provider 53 ) 54 55 self.provider: OAuth2Provider = OAuth2Provider.objects.create( 56 name="test", 57 authorization_flow=create_test_flow(), 58 redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://testserver")], 59 signing_key=self.cert, 60 grant_types=[GrantType.CLIENT_CREDENTIALS], 61 ) 62 self.provider.jwt_federation_providers.add(self.other_provider) 63 self.provider.property_mappings.set(ScopeMapping.objects.all()) 64 self.app = Application.objects.create(name="test", slug="test", provider=self.provider)
Hook method for setting up the test fixture before exercising it.
def
test_invalid_type(self):
66 def test_invalid_type(self): 67 """test invalid type""" 68 response = self.client.post( 69 reverse("authentik_providers_oauth2:token"), 70 { 71 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 72 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 73 "client_id": self.provider.client_id, 74 "client_assertion_type": "foo", 75 "client_assertion": "foo.bar", 76 }, 77 ) 78 self.assertEqual(response.status_code, 400) 79 body = loads(response.content.decode()) 80 self.assertEqual(body["error"], "invalid_grant")
test invalid type
def
test_invalid_jwt(self):
82 def test_invalid_jwt(self): 83 """test invalid JWT""" 84 response = self.client.post( 85 reverse("authentik_providers_oauth2:token"), 86 { 87 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 88 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 89 "client_id": self.provider.client_id, 90 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 91 "client_assertion": "foo.bar", 92 }, 93 ) 94 self.assertEqual(response.status_code, 400) 95 body = loads(response.content.decode()) 96 self.assertEqual(body["error"], "invalid_grant")
test invalid JWT
def
test_invalid_signature(self):
98 def test_invalid_signature(self): 99 """test invalid JWT""" 100 token = self.provider.encode( 101 { 102 "sub": "foo", 103 "exp": datetime.now() + timedelta(hours=2), 104 } 105 ) 106 response = self.client.post( 107 reverse("authentik_providers_oauth2:token"), 108 { 109 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 110 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 111 "client_id": self.provider.client_id, 112 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 113 "client_assertion": token + "foo", 114 }, 115 ) 116 self.assertEqual(response.status_code, 400) 117 body = loads(response.content.decode()) 118 self.assertEqual(body["error"], "invalid_grant")
test invalid JWT
def
test_invalid_expired(self):
120 def test_invalid_expired(self): 121 """test invalid JWT""" 122 token = self.provider.encode( 123 { 124 "sub": "foo", 125 "exp": datetime.now() - timedelta(hours=2), 126 } 127 ) 128 response = self.client.post( 129 reverse("authentik_providers_oauth2:token"), 130 { 131 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 132 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 133 "client_id": self.provider.client_id, 134 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 135 "client_assertion": token, 136 }, 137 ) 138 self.assertEqual(response.status_code, 400) 139 body = loads(response.content.decode()) 140 self.assertEqual(body["error"], "invalid_grant")
test invalid JWT
def
test_invalid_no_app(self):
142 def test_invalid_no_app(self): 143 """test invalid JWT""" 144 self.app.provider = None 145 self.app.save() 146 token = self.provider.encode( 147 { 148 "sub": "foo", 149 "exp": datetime.now() + timedelta(hours=2), 150 } 151 ) 152 response = self.client.post( 153 reverse("authentik_providers_oauth2:token"), 154 { 155 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 156 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 157 "client_id": self.provider.client_id, 158 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 159 "client_assertion": token, 160 }, 161 ) 162 self.assertEqual(response.status_code, 400) 163 body = loads(response.content.decode()) 164 self.assertEqual(body["error"], "invalid_grant")
test invalid JWT
def
test_invalid_access_denied(self):
166 def test_invalid_access_denied(self): 167 """test invalid JWT""" 168 group = Group.objects.create(name="foo") 169 PolicyBinding.objects.create( 170 group=group, 171 target=self.app, 172 order=0, 173 ) 174 token = self.provider.encode( 175 { 176 "sub": "foo", 177 "exp": datetime.now() + timedelta(hours=2), 178 } 179 ) 180 response = self.client.post( 181 reverse("authentik_providers_oauth2:token"), 182 { 183 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 184 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 185 "client_id": self.provider.client_id, 186 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 187 "client_assertion": token, 188 }, 189 ) 190 self.assertEqual(response.status_code, 400) 191 body = loads(response.content.decode()) 192 self.assertEqual(body["error"], "invalid_grant")
test invalid JWT
def
test_successful(self):
194 def test_successful(self): 195 """test successful""" 196 user = create_test_user() 197 token = self.other_provider.encode( 198 { 199 "sub": "foo", 200 "exp": datetime.now() + timedelta(hours=2), 201 } 202 ) 203 AccessToken.objects.create( 204 provider=self.other_provider, 205 token=token, 206 user=user, 207 auth_time=now(), 208 ) 209 210 response = self.client.post( 211 reverse("authentik_providers_oauth2:token"), 212 { 213 "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, 214 "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", 215 "client_id": self.provider.client_id, 216 "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 217 "client_assertion": token, 218 }, 219 ) 220 self.assertEqual(response.status_code, 200) 221 body = loads(response.content.decode()) 222 self.assertEqual(body["token_type"], TOKEN_TYPE) 223 _, alg = self.provider.jwt_key 224 jwt = decode( 225 body["access_token"], 226 key=self.provider.signing_key.public_key, 227 algorithms=[alg], 228 audience=self.provider.client_id, 229 ) 230 self.assertEqual(jwt["given_name"], user.name) 231 self.assertEqual(jwt["preferred_username"], user.username)
test successful