How to use oauthlib - 10 common examples

uri.format('code'), scopes=['foo'])
            self.assertEqual(s, 302)
            self.assertIn('Location', h)
            self.assertIn('error=invalid_request', h['Location'])
        invalid_bodies = [
            # duplicate params
            'grant_type=authorization_code&client_id=nope&client_id=nope&code=foo'
        ]
        for body in invalid_bodies:
            _, body, _ = self.web.create_token_response(token_uri,
                    body=body)
            self.assertEqual('invalid_request', json.loads(body)['error'])

        # Implicit grant
        for uri in invalid_uris:
            self.assertRaises(errors.InvalidRequestError,
                    self.mobile.validate_authorization_request,
                    uri.format('token'))
            h, _, s = self.mobile.create_authorization_response(
                    uri.format('token'), scopes=['foo'])
            self.assertEqual(s, 302)
            self.assertIn('Location', h)
            self.assertIn('error=invalid_request', h['Location'])

        # Password credentials grant
        invalid_bodies = [
            # duplicate params
            'grant_type=password&username=foo&username=bar&password=baz'
            # missing username
            'grant_type=password&password=baz'
            # missing password
            'grant_type=password&username=foo'

def test_pkce_required_verifier_missing_challenge_valid(self):
        self.mock_validator.is_pkce_required.return_value = True
        self.request.code_verifier = None
        self.mock_validator.get_code_challenge.return_value = "foo"
        self.assertRaises(errors.MissingCodeVerifierError,
                          self.auth.validate_token_request, self.request)

def test_invalid_grant_type(self):
        self.request.grant_type = 'foo'
        self.assertRaises(errors.UnsupportedGrantTypeError,
                          self.auth.validate_token_request, self.request)

def test_sanitized_request_non_debug_mode(self):
        """make sure requests are sanitized when in non debug mode.
        For the debug mode, the other tests checking sanitization should prove
        that debug mode is working.
        """
        try:
            oauthlib.set_debug(False)
            r = Request(URI, headers={'token': 'foobar'}, body='token=banana')
            self.assertNotIn('token', repr(r))
            self.assertIn('SANITIZED', repr(r))
        finally:
            # set flag back for other tests
            oauthlib.set_debug(True)

def test_get_oauth_params():
    """Verifies oauth_token is added to the list of params when an empty string."""

    client = MKMClient(
        client_key="app_token",
        client_secret="app_secret",
        resource_owner_key="",
        resource_owner_secret="",
        realm="https://sandbox.cardmarket.com",
        nonce="0987654321",
        timestamp="1234567890",
    )

    params = client.get_oauth_params(Request(uri="https://sandbox.cardmarket.com"))

    assert params[0][0] == "oauth_nonce"
    assert params[0][1] == "0987654321"
    assert params[1][0] == "oauth_timestamp"
    assert params[1][1] == "1234567890"
    assert params[2][0] == "oauth_version"
    assert params[2][1] == "1.0"
    assert params[3][0] == "oauth_signature_method"
    assert params[3][1] == "HMAC-SHA1"
    assert params[4][0] == "oauth_consumer_key"
    assert params[4][1] == "app_token"
    assert params[5][0] == "oauth_token"
    assert params[5][1] == ""

def oauth_sign_params(cls, url, params):
        params.update(
            {
                "oauth_consumer_key": cls.OAUTH_CONSUMER_KEY,
                "oauth_nonce": cls.OAUTH_NONCE,
                "oauth_timestamp": str(int(time.time())),
            }
        )
        params["oauth_signature"] = cls.OAUTH_CLIENT.get_oauth_signature(
            oauthlib.common.Request(f"http://localhost{url}", "POST", body=params)
        )

        return params

def generate_launch_request(
        url,
        body=None,
        http_method="GET",
        base_url="http://localhost",
        roles="Instructor",
        headers=None,
    ):
        params = {}

        if roles is not None:
            params["roles"] = roles

        urlparams = urlencode(params)

        client = oauthlib.oauth1.Client(
            "key",
            client_secret="secret",
            signature_method=oauthlib.oauth1.SIGNATURE_HMAC,
            signature_type=oauthlib.oauth1.SIGNATURE_TYPE_QUERY,
        )
        signature = client.sign(
            "{}{}?{}".format(base_url, url, urlparams),
            body=body,
            http_method=http_method,
            headers=headers,
        )
        signed_url = signature[0]
        new_url = signed_url[len(base_url) :]
        return new_url

def test_invalid_oauth_and_XML(self):
        # OAuth credentials are invalid and the body XML causes ParseError
        req_xml = '''
'''
        
        # OAuth1 signature and body hash for the HTTP request Authorization header
        oauth_client = oauthlib.oauth1.Client(
            client_key=self.lti_service.consumer_key,
            client_secret='thewrongsecret',
            signature_method=oauthlib.oauth1.SIGNATURE_HMAC,
            signature_type=oauthlib.oauth1.SIGNATURE_TYPE_AUTH_HEADER,
        )
        oa_uri, oa_headers, oa_body = oauth_client.sign('http://aplus.local/api/v2/lti-outcomes',
            http_method='POST',
            body=req_xml,
            headers={
                'Content-Type': 'application/xml',
            },
        )
        
        # make the test request
        response = self.client.post(self.OUTCOMES_API_URL, data=req_xml, content_type='application/xml',
                         HTTP_AUTHORIZATION=oa_headers['Authorization'],

def test_request_body(self):
        client = WebApplicationClient(self.client_id, code=self.code)

        # Basic, no extra arguments
        body = client.prepare_request_body(body=self.body)
        self.assertFormBodyEqual(body, self.body_code)

        rclient = WebApplicationClient(self.client_id)
        body = rclient.prepare_request_body(code=self.code, body=self.body)
        self.assertFormBodyEqual(body, self.body_code)

        # With redirection uri
        body = client.prepare_request_body(body=self.body, redirect_uri=self.redirect_uri)
        self.assertFormBodyEqual(body, self.body_redirect)

        # With extra parameters
        body = client.prepare_request_body(body=self.body, **self.kwargs)
        self.assertFormBodyEqual(body, self.body_kwargs)

def test_populate_attributes(self):

        client = WebApplicationClient(self.client_id)

        response_uri = (self.response_uri +
                        "&access_token=EVIL-TOKEN"
                        "&refresh_token=EVIL-TOKEN"
                        "&mac_key=EVIL-KEY")

        client.parse_request_uri_response(response_uri, self.state)

        self.assertEqual(client.code, self.code)

        # We must not accidentally pick up any further security
        # credentials at this point.
        self.assertIsNone(client.access_token)
        self.assertIsNone(client.refresh_token)
        self.assertIsNone(client.mac_key)