pytest-iam spawns a lightweight OAuth2 / OpenID Server (OIDC) / SCIM in a thread to be used in your test suite. The machinery involves Canaille and Authlib.
uv add pytest-iam --group devpytest-iam provides tools to test your application authentication mechanism against a OAuth2/OIDC server, with SCIM support:
- It launches a Canaille instance on a random port;
- It provides a
iam_serverfixture that comes with several features:- the URL of the IAM server to configure your application
- IAM models (Users, groups, clients, tokens etc.) to prepare your tests and check the side effects. More details on the reference
- utilities to log-in users and give their consent to your application
- utilities to generate random users and groups
To run a full authentication process for a client application in your test, you can write something like this:
def test_authentication(iam_server, test_client):
# create a random user on the IAM server
user = iam_server.random_user()
# log the user in and make it consent all the clients
iam_server.login(user)
iam_server.consent(user)
# 1. attempt to access a protected page, returns a redirection to the IAM
res = test_client.get("/protected")
# 2. authorization code request
res = iam_server.test_client.get(res.location)
# 3. load your application authorization endpoint
res = test_client.get(res.location)
# 4. now you have access to the protected page
res = test_client.get("/protected")
assert "Hello, world!" in res.textCheck the client application or resource server tutorials for more usecases.