From c05b8b52e3bbc096cf32e2d4bb5bd45986d3cd04 Mon Sep 17 00:00:00 2001
From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com>
Date: Mon, 29 Jun 2020 16:27:30 -0700
Subject: feat: check 'iss' in `verify_oauth2_token` (#500)

Co-authored-by: Tianzi Cai <tianzi@google.com>
---
 tests/oauth2/test_id_token.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'tests')

diff --git a/tests/oauth2/test_id_token.py b/tests/oauth2/test_id_token.py
index ff85807..0c70d68 100644
--- a/tests/oauth2/test_id_token.py
+++ b/tests/oauth2/test_id_token.py
@@ -95,6 +95,7 @@ def test_verify_token_args(_fetch_certs, decode):
 
 @mock.patch("google.oauth2.id_token.verify_token", autospec=True)
 def test_verify_oauth2_token(verify_token):
+    verify_token.return_value = {"iss": "accounts.google.com"}
     result = id_token.verify_oauth2_token(
         mock.sentinel.token, mock.sentinel.request, audience=mock.sentinel.audience
     )
@@ -108,6 +109,16 @@ def test_verify_oauth2_token(verify_token):
     )
 
 
+@mock.patch("google.oauth2.id_token.verify_token", autospec=True)
+def test_verify_oauth2_token_invalid_iss(verify_token):
+    verify_token.return_value = {"iss": "invalid_issuer"}
+
+    with pytest.raises(exceptions.GoogleAuthError):
+        id_token.verify_oauth2_token(
+            mock.sentinel.token, mock.sentinel.request, audience=mock.sentinel.audience
+        )
+
+
 @mock.patch("google.oauth2.id_token.verify_token", autospec=True)
 def test_verify_firebase_token(verify_token):
     result = id_token.verify_firebase_token(
-- 
cgit v1.2.3