Add Authorization header with token to user info call

While not required, it is recommended to send the token as an Authorization header to the UserInfo call in OIDC: http://openid.net/specs/openid-connect-core-1_0.html#UserInfo Some implementations expect this and will fail if not present
2017-04-27 11:24:12 -04:00 · 2017-04-27 11:24:12 -04:00 · c0cc574ca2
commit c0cc574ca2
parent a9337ff484
2 changed files with 9 additions and 2 deletions
--- a/oauth/test/test_oidc.py
+++ b/oauth/test/test_oidc.py
@ -153,7 +153,10 @@ def preferred_username(request):
@pytest.fixture
 def userinfo_handler(oidc_service, preferred_username):
  @urlmatch(netloc=r'fakeoidc', path=r'/userinfo')
-  def handler(_, __):
+  def handler(_, req):
+    if req.headers.get('Authorization') != 'Bearer sometoken':
+      return {'status_code': 401, 'content': 'Missing expected header'}
+
    content = {
      'sub': 'cooluser',
      'preferred_username':preferred_username,