Merge pull request #16 from paypal/openidconnect-for-sandbox

Support OpenIDConnect for sandbox environment

paypalrestsdk/openid_connect.py

@@ -82,8 +82,7 @@ def get(cls, options={}):
 
 
 def endpoint():
-    return api.default().options.get("openid_endpoint", "https://api.paypal.com/")
-
+    return api.default().options.get("openid_endpoint", api.default().endpoint)
 
 def client_id():
     return api.default().options.get("openid_client_id", api.default().client_id)
@@ -97,9 +96,15 @@ def redirect_uri():
     return api.default().options.get("openid_redirect_uri")
 
 
-start_session_path = "https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize"
-end_session_path = "https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/endsession"
+start_session_path = "/webapps/auth/protocol/openidconnect/v1/authorize"
+end_session_path = "/webapps/auth/protocol/openidconnect/v1/endsession"
 
+def session_url(path, options={}):
+    if api.default().mode == "live":
+        path = util.join_url("https://www.paypal.com", path)
+    else:
+        path = util.join_url("https://www.sandbox.paypal.com", path)
+    return util.join_url_params(path, options)
 
 def authorize_url(options={}):
     options = util.merge_dict({
@@ -108,12 +113,11 @@ def authorize_url(options={}):
         'client_id': client_id(),
         'redirect_uri': redirect_uri()
     }, options)
-    return util.join_url_params(start_session_path, options)
-
+    return session_url(start_session_path, options)
 
 def logout_url(options={}):
     options = util.merge_dict({
         'logout': 'true',
         'redirect_uri': redirect_uri()
     }, options)
-    return util.join_url_params(end_session_path, options)
+    return session_url(end_session_path, options)

test/openid_connect_test.py

@@ -1,20 +1,20 @@
-from test_helper import unittest, paypal, client_id, assert_regex_matches
-from paypalrestsdk.openid_connect import Tokeninfo, Userinfo, authorize_url, logout_url
+from test_helper import unittest, paypal, client_id, client_secret, assert_regex_matches
+from paypalrestsdk.openid_connect import Tokeninfo, Userinfo, authorize_url, logout_url, endpoint
 
 
 class TestTokeninfo(unittest.TestCase):
 
   def test_create(self):
-    self.assertRaises(paypal.BadRequest, Tokeninfo.create, {})
+    self.assertRaises(paypal.ResourceNotFound, Tokeninfo.create, "invalid-code")
 
   def test_userinfo(self):
     self.assertRaises(paypal.UnauthorizedAccess, Tokeninfo().userinfo, {})
 
   def test_refresh(self):
-    self.assertRaises(paypal.BadRequest, Tokeninfo().refresh, {})
+    self.assertRaises(paypal.ResourceNotFound, Tokeninfo().refresh, {})
 
   def test_create_with_refresh_token(self):
-    self.assertRaises(paypal.BadRequest, Tokeninfo.create_with_refresh_token, {})
+    self.assertRaises(paypal.ResourceNotFound, Tokeninfo.create_with_refresh_token, "invalid-token")
 
 class TestUserinfo(unittest.TestCase):
 
@@ -28,6 +28,22 @@ def test_authorize_url(self):
     assert_regex_matches(self, url, 'response_type=code')
     assert_regex_matches(self, url, 'scope=openid')
     assert_regex_matches(self, url, 'client_id=%s'%(client_id))
+    assert_regex_matches(self, url, 'https://www.sandbox.paypal.com')
+
+    self.assertEqual(endpoint(), 'https://api.sandbox.paypal.com')
+
+  def test_live_mode_url(self):
+    try:
+      paypal.configure( mode='live',  client_id=client_id, client_secret=client_secret )
+      url = authorize_url()
+      assert_regex_matches(self, url, 'response_type=code')
+      assert_regex_matches(self, url, 'scope=openid')
+      assert_regex_matches(self, url, 'client_id=%s'%(client_id))
+      assert_regex_matches(self, url, 'https://www.paypal.com')
+
+      self.assertEqual(endpoint(), 'https://api.paypal.com')
+    finally:
+      paypal.configure( mode='sandbox', client_id=client_id, client_secret=client_secret )
 
   def test_authorize_url_options(self):
     url = authorize_url({ 'scope': 'openid profile' })