chore: src/oidcop/token/id_token.py coverage from 86% to 90%

Author: peppelinux

src/oidcop/token/id_token.py

@@ -298,16 +298,21 @@ def info(self, token):
         :param token: A token
         :return: tuple of token type and session id
         """
+
         _context = self.server_get("endpoint_context")
 
         _jwt = factory(token)
         _payload = _jwt.jwt.payload()
-        client_info = _context.cdb[_payload["aud"][0]]
+        client_id = _payload["aud"][0]
+        client_info = _context.cdb[client_id]
         alg_dict = get_sign_and_encrypt_algorithms(
             _context, client_info, "id_token", sign=True
         )
 
-        verifier = JWT(key_jar=_context.keyjar, allowed_sign_algs=alg_dict["sign_alg"])
+        verifier = JWT(
+            key_jar=_context.keyjar,
+            allowed_sign_algs=alg_dict["sign_alg"]
+        )
         try:
             _payload = verifier.unpack(token)
         except JWSException:
@@ -317,8 +322,9 @@ def info(self, token):
             raise ToOld("Token has expired")
         # All the token metadata
         return {
-            "sid": _payload["sid"],
+            "sid": _payload.get("sid", ''), # TODO: would sid be there?
             # "type": _payload["ttype"],
             "exp": _payload["exp"],
+            "aud": client_id,
             "handler": self,
         }

tests/test_05_id_token.py

@@ -387,11 +387,20 @@ def test_sign_encrypt_id_token(self):
     def test_get_sign_algorithm(self):
         client_info = self.endpoint_context.cdb[AREQ["client_id"]]
         algs = get_sign_and_encrypt_algorithms(
-            self.endpoint_context, client_info, "id_token", sign=True
+            self.endpoint_context, client_info, "id_token", sign=True,
         )
         # default signing alg
         assert algs == {"sign": True, "encrypt": False, "sign_alg": "RS256"}
 
+        algs = get_sign_and_encrypt_algorithms(
+            self.endpoint_context, client_info, "id_token", sign=True, encrypt=True
+        )
+        # default signing alg
+        assert algs == {
+            'sign': True, 'encrypt': True, 'sign_alg': 'RS256',
+            'enc_alg': 'RSA-OAEP', 'enc_enc': 'A128CBC-HS256'
+        }
+
     def test_available_claims(self):
         session_id = self._create_session(AREQ)
         grant = self.session_manager[session_id]
@@ -542,3 +551,35 @@ def test_client_claims_scopes_and_request_claims_one_match(self):
         assert "email" not in res
         # Scope -> claims
         assert "address" in res
+
+
+    def test_id_token_info(self):
+        session_id = self._create_session(AREQ)
+        grant = self.session_manager[session_id]
+        code = self._mint_code(grant, session_id)
+        access_token = self._mint_access_token(grant, session_id, code)
+
+        id_token = self._mint_id_token(
+            grant, session_id, token_ref=code, access_token=access_token.value
+        )
+
+        endpoint_context = self.endpoint_context
+        sman = endpoint_context.session_manager
+        server_get = sman.token_handler.handler['id_token'].server_get
+        _info = self.session_manager.token_handler.info(id_token.value)
+        assert 'sid' in _info
+        assert 'exp' in _info
+        assert 'aud' in _info
+
+        client_id = AREQ.get('client_id')
+        _id_token = sman.token_handler.handler['id_token']
+        _id_token.sign_encrypt(session_id, client_id)
+
+        # TODO: we need an authentication event for this id_token for a better coverage
+        _id_token.payload(session_id)
+
+        client_info = endpoint_context.cdb[client_id]
+        get_sign_and_encrypt_algorithms(
+            endpoint_context, client_info, payload_type="id_token",
+            sign=True, encrypt=True
+        )

tests/test_05_jwt_token.py

@@ -86,6 +86,7 @@
     "authorization_code": "code",
     "access_token": "access_token",
     "refresh_token": "refresh_token",
+    "id_token": "id_token"
 }