mozilla · escattone · Dec 17, 2025 · Dec 17, 2025
diff --git a/mozilla_django_oidc/auth.py b/mozilla_django_oidc/auth.py
@@ -141,7 +141,9 @@ def _verify_jws(self, payload, key):
 
         try:
             # Maybe add a settings to enforce audiance validation
-            return jwt.decode(payload, key, algorithms=alg, options={"verify_aud": False})
+            return jwt.decode(
+                payload, key, algorithms=alg, options={"verify_aud": False}
+            )
         except jwt.DecodeError:
             msg = "JWS token verification failed."
             raise SuspiciousOperation(msg)
@@ -262,7 +264,11 @@ def get_userinfo(self, access_token, id_token, payload):
         )
         user_response.raise_for_status()
 
-        if user_response.headers.get("content-type", "").lower().startswith("application/jwt"):
+        if (
+            user_response.headers.get("content-type", "")
+            .lower()
+            .startswith("application/jwt")
+        ):
             # OIDC userinfo claims can be encoded as JWT
             return self.verify_token(user_response.text)
 
@@ -354,7 +360,7 @@ def get_or_create_user(self, access_token, id_token, payload):
             return user
         else:
             LOGGER.debug(
-                "Login failed: No user with %s found, and " "OIDC_CREATE_USER is False",
+                "Login failed: No user with %s found, and OIDC_CREATE_USER is False",
                 self.describe_user_by_claims(user_info),
             )
             return None

diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -217,6 +217,7 @@ def test_successful_authentication_existing_user_namespaced(
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -266,6 +267,7 @@ def test_successful_authentication_existing_user(self, token_mock, request_mock)
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -319,6 +321,7 @@ def test_successful_authentication_existing_user_upper_case(
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -372,6 +375,7 @@ def test_failed_authentication_verify_claims(
         get_json_mock = Mock()
         claims_response = {"nickname": "a_username", "email": "email@example.com"}
         get_json_mock.json.return_value = claims_response
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -423,6 +427,7 @@ def test_successful_authentication_new_user(
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -483,6 +488,7 @@ def test_successful_authentication_basic_auth_token(self, token_mock, request_mo
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -642,6 +648,7 @@ def test_create_user_enabled(self, request_mock, jws_mock):
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -671,6 +678,7 @@ def test_custom_username_algo(self, request_mock, jws_mock, algo_mock):
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -701,6 +709,7 @@ def test_custom_username_algo_dotted_path(self, request_mock, jws_mock):
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -733,6 +742,7 @@ def test_dotted_username_algo_callback_with_claims(self, request_mock, jws_mock)
             "email": "email@example.com",
             "domain": domain,
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -820,6 +830,7 @@ def update_user(user, claims):
             "nickname": "a_username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {
@@ -845,7 +856,10 @@ def test_get_userinfo_with_jwt_response(self, verify_token_mock, request_mock):
         request_mock.get.return_value = jwt_response
 
         # Mock the verify_token method to return a specific payload
-        verify_token_mock.return_value = {"email": "email@example.com", "name": "John Doe"}
+        verify_token_mock.return_value = {
+            "email": "email@example.com",
+            "name": "John Doe",
+        }
 
         # Call the get_userinfo method
         user_info = self.backend.get_userinfo("access_token", "id_token", {})
@@ -900,6 +914,7 @@ def test_jwt_verify_sign_key(self, request_mock):
             "nickname": "username",
             "email": "email@example.com",
         }
+        get_json_mock.headers.get.return_value = "application/json"
         request_mock.get.return_value = get_json_mock
         post_json_mock = Mock(status_code=200)
         post_json_mock.json.return_value = {