Add tests for scope validation in userinfo endpoint.
This commit is contained in:
parent
03634f90e9
commit
e92308e421
|
@ -76,3 +76,19 @@ class UserInfoTestCase(TestCase):
|
||||||
except KeyError:
|
except KeyError:
|
||||||
is_header_field_ok = False
|
is_header_field_ok = False
|
||||||
self.assertEqual(is_header_field_ok, True)
|
self.assertEqual(is_header_field_ok, True)
|
||||||
|
|
||||||
|
def test_response_with_invalid_scope(self):
|
||||||
|
token = self._create_token()
|
||||||
|
|
||||||
|
token.scope = ['otherone']
|
||||||
|
token.save()
|
||||||
|
|
||||||
|
response = self._post_request(token.access_token)
|
||||||
|
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
try:
|
||||||
|
is_header_field_ok = 'insufficient_scope' in response['WWW-Authenticate']
|
||||||
|
except KeyError:
|
||||||
|
is_header_field_ok = False
|
||||||
|
self.assertEqual(is_header_field_ok, True)
|
Loading…
Reference in a new issue