From edbc0bca855e1231af671ccfcaa41c9467cc1e3c Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Wed, 29 Jan 2025 17:05:42 +0530 Subject: [PATCH 1/3] Adding Support For RAR and JAR Requests --- .../pushed_authorization_requests.py | 2 + .../test_pushed_authorization_requests.py | 57 +++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/auth0/authentication/pushed_authorization_requests.py b/auth0/authentication/pushed_authorization_requests.py index 2b543fce..0d5492bc 100644 --- a/auth0/authentication/pushed_authorization_requests.py +++ b/auth0/authentication/pushed_authorization_requests.py @@ -16,6 +16,8 @@ def pushed_authorization_request( redirect_uri (str): The URL to which Auth0 will redirect the browser after authorization has been granted by the user. **kwargs: Other fields to send along with the PAR. + For RAR requests, authorization_details parameter should be added in a proper format. See:https://datatracker.ietf.org/doc/html/rfc9396 + For JAR requests, requests parameter should be send with the JWT as the value. See: https://datatracker.ietf.org/doc/html/rfc9126#name-the-request-request-paramet See: https://www.rfc-editor.org/rfc/rfc9126.html """ diff --git a/auth0/test/authentication/test_pushed_authorization_requests.py b/auth0/test/authentication/test_pushed_authorization_requests.py index 8dee0b78..3a76b6f8 100644 --- a/auth0/test/authentication/test_pushed_authorization_requests.py +++ b/auth0/test/authentication/test_pushed_authorization_requests.py @@ -1,4 +1,5 @@ import unittest +import json from unittest import mock from ...authentication.pushed_authorization_requests import PushedAuthorizationRequests @@ -45,3 +46,59 @@ def test_par_custom_params(self, mock_post): "foo": "bar", }, ) + + @mock.patch("auth0.rest.RestClient.post") + def test_rar(self, mock_post): + a = PushedAuthorizationRequests("my.domain.com", "cid", client_secret="sh!") + a.pushed_authorization_request( + response_type="code", + redirect_uri="https://example.com/callback", + authorization_details=[{"type": "money_transfer", "instructedAmount": {"amount": 2500, "currency": "USD"}}], + ) + + args, kwargs = mock_post.call_args + + expected_data = { + "client_id": "cid", + "client_secret": "sh!", + "response_type": "code", + "redirect_uri": "https://example.com/callback", + "authorization_details": [{"type": "money_transfer", "instructedAmount": {"amount": 2500, "currency": "USD"}}], + } + + actual_data = kwargs["data"] + + self.assertEqual(args[0], "https://my.domain.com/oauth/par") + + self.assertEqual( + json.dumps(actual_data, sort_keys=True), + json.dumps(expected_data, sort_keys=True) + ) + + @mock.patch("auth0.rest.RestClient.post") + def test_jar(self, mock_post): + a = PushedAuthorizationRequests("my.domain.com", "cid", client_secret="sh!") + a.pushed_authorization_request( + response_type="code", + redirect_uri="https://example.com/callback", + request="my-jwt-request", + ) + + args, kwargs = mock_post.call_args + + expected_data = { + "client_id": "cid", + "client_secret": "sh!", + "response_type": "code", + "redirect_uri": "https://example.com/callback", + "request": 'my-jwt-request', + } + + actual_data = kwargs["data"] + + self.assertEqual(args[0], "https://my.domain.com/oauth/par") + + self.assertEqual( + json.dumps(actual_data, sort_keys=True), + json.dumps(expected_data, sort_keys=True) + ) \ No newline at end of file From dbb96778a3dcf528526148734435ee40f6fa683b Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Wed, 29 Jan 2025 17:38:44 +0530 Subject: [PATCH 2/3] Fixing publish.yml --- .github/workflows/publish.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3e920e6c..0191821e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,17 +12,17 @@ permissions: jobs: rl-scanner: - uses: ./.github/workflows/rl-scanner - with: - python-version: 3.10 - artifact-name: "auth0-python.tgz" - secrets: - RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} - RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} - SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} - PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }} - PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }} - PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }} + uses: ./.github/workflows/rl-scanner + with: + python-version: 3.10 + artifact-name: "auth0-python.tgz" + secrets: + RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} + RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} + SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }} + PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }} + PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }} + PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }} publish-pypi: if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) name: "PyPI" From 339df8745b208209b87bf564e2ac2df13b28bee1 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Wed, 29 Jan 2025 17:40:47 +0530 Subject: [PATCH 3/3] Adding .yml extension --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0191821e..5e3f9e37 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,7 +12,7 @@ permissions: jobs: rl-scanner: - uses: ./.github/workflows/rl-scanner + uses: ./.github/workflows/rl-scanner.yml with: python-version: 3.10 artifact-name: "auth0-python.tgz"