def update_config(conf, tool_params):
# provider_info and registration_response
dicts = {'tool': conf['tool']}
_prof = conf['tool']['profile']
_spec = from_profile(conf['tool']['profile'])
_spec['return_type'] = abbr_return_type(_spec['return_type'])
del dicts['tool']['profile']
dicts['tool'].update(_spec)
for item in tool_params:
if item == 'profile':
continue
if item not in dicts['tool']:
dicts['tool'][item] = ''
multi = {'tool': ['acr_values', 'claims_locales', 'ui_locales']}
for typ in ['provider_info', 'registration_response']:
multi[typ] = multi_value(typ)
try:
dicts[typ] = conf['client'][typ]
except KeyError:
try:
dicts[typ] = update(typ, conf[typ])
except KeyError:
pass
state = {
'tool': {'immutable': ['issuer', 'tag', 'register', 'discover',
'webfinger'],
'required': ['return_type', 'contact_email']}}
notes = ''
if _spec['webfinger']:
state['tool']['required'].extend(['webfinger_email',
'webfinger_url'])
notes = ("If <i>webfinger</i> is True then one of "
"<i>webfinger_email</i> and <i>webfinger_url</i> "
"<b>MUST</b> have a value.")
if 'registration_response' in dicts:
state['registration_response'] = {
'immutable': ['redirect_uris'],
'required': ['client_id', 'client_secret']}
if 'provider_info' in dicts:
_req = ['authorization_endpoint', 'jwks_uri',
'response_types_supported', 'subject_types_supported',
'id_token_signing_alg_values_supported']
state['provider_info'] = {'immutable': ['issuer']}
if return_type(_prof) not in ['I', 'IT']:
_req.append('token_endpoint')
state['provider_info']['required'] = _req
return dicts, state, multi, notes
def update_config(conf, tool_params):
# provider_info and registration_response
dicts = {'tool': conf['tool']}
_prof = conf['tool']['profile']
_spec = from_profile(conf['tool']['profile'])
_spec['return_type'] = abbr_return_type(_spec['return_type'])
del dicts['tool']['profile']
dicts['tool'].update(_spec)
for item in tool_params:
if item == 'profile':
continue
if item not in dicts['tool']:
dicts['tool'][item] = ''
multi = {'tool': ['acr_values', 'claims_locales', 'ui_locales']}
for typ in ['provider_info', 'registration_response']:
multi[typ] = multi_value(typ)
try:
dicts[typ] = conf['client'][typ]
except KeyError:
try:
dicts[typ] = update(typ, conf[typ])
except KeyError:
pass
state = {
'tool': {'immutable': ['issuer', 'tag', 'register', 'discover',
'webfinger'],
'required': ['return_type', 'contact_email']}}
notes = ''
if _spec['webfinger']:
state['tool']['required'].extend(['webfinger_email',
'webfinger_url'])
notes = ("If <i>webfinger</i> is True then one of "
"<i>webfinger_email</i> and <i>webfinger_url</i> "
"<b>MUST</b> have a value.")
if 'registration_response' in dicts:
state['registration_response'] = {
'immutable': ['redirect_uris'],
'required': ['client_id', 'client_secret']}
if 'provider_info' in dicts:
_req = ['authorization_endpoint', 'jwks_uri',
'response_types_supported', 'subject_types_supported',
'id_token_signing_alg_values_supported']
state['provider_info'] = {'immutable': ['issuer']}
if return_type(_prof) not in ['I', 'IT']:
_req.append('token_endpoint')
state['provider_info']['required'] = _req
return dicts, state, multi, notes
def update_instance(self, *parts):
resp = Response(mako_template="instance.mako",
template_lookup=self.lookup,
headers=[])
lp = [unquote_plus(p) for p in parts]
qp = [quote_plus(p) for p in lp]
format, _conf = self.rest.read_conf(qp[0], qp[1])
# provider_info and registration_response
dicts = {'tool': _conf['tool']}
for item in tool_conf:
if item not in dicts['tool']:
dicts['tool'][item] = ''
for typ in ['provider_info', 'registration_response']:
try:
dicts[typ] = _conf['client'][typ]
except KeyError:
try:
dicts[typ] = update(typ, _conf[typ])
except KeyError:
pass
state = {'immutable': {}, 'required': {}}
if 'registration_response' in dicts:
state['registration_response'] = {
'immutable': ['redirect_uris'],
'required': ['client_id', 'client_secret']
}
if 'provider_info':
state['provider_info'] = {
'immutable': ['issuer'],
'required': [
'authorization_endpoint', 'jwks_uri',
'response_types_supported', 'subject_types_supported',
'id_token_signing_alg_values_supported'
]
}
if return_type(_conf['tool']['profile']) not in ['I', 'IT']:
state['provider_info']['required'].append('token_endpoint')
arg = {
'base': '',
'iss': qp[0],
'tag': qp[1],
'dicts': dicts,
'state': state
}
return resp(self.environ, self.start_response, **arg)
def set_essential_arg_claim(oper, args):
"""
Context: AsyncAuthn
Action: Specify an essential claim. Whether it should be placed in the
id_token or returned together with the user info depends on the profile
used.
Example:
"set_essential_arg_claim": "name"
:param args: A claim
"""
if return_type(oper.tool_conf['profile']) == 'I':
oper.req_args["claims"] = {"id_token": {args: {"essential": True}}}
else:
oper.req_args["claims"] = {"userinfo": {args: {"essential": True}}}
def set_essential_arg_claim(oper, args):
"""
Context: AsyncAuthn
Action: Specify an essential claim. Whether it should be placed in the
id_token or returned together with the user info depends on the profile
used.
Example:
"set_essential_arg_claim": "name"
:param args: A claim
"""
if return_type(oper.tool_conf['profile']) == 'I':
oper.req_args["claims"] = {"id_token": {args: {"essential": True}}}
else:
oper.req_args["claims"] = {"userinfo": {args: {"essential": True}}}
def update_instance(self, *parts):
resp = Response(mako_template="instance.mako",
template_lookup=self.lookup,
headers=[])
lp = [unquote_plus(p) for p in parts]
qp = [quote_plus(p) for p in lp]
format, _conf = self.rest.read_conf(qp[0], qp[1])
# provider_info and registration_response
dicts = {'tool': _conf['tool']}
for item in tool_conf:
if item not in dicts['tool']:
dicts['tool'][item] = ''
for typ in ['provider_info', 'registration_response']:
try:
dicts[typ] = _conf['client'][typ]
except KeyError:
try:
dicts[typ] = update(typ, _conf[typ])
except KeyError:
pass
state = {'immutable': {}, 'required': {}}
if 'registration_response' in dicts:
state['registration_response'] = {
'immutable': ['redirect_uris'],
'required': ['client_id', 'client_secret']}
if 'provider_info':
state['provider_info'] = {
'immutable': ['issuer'],
'required': ['authorization_endpoint', 'jwks_uri',
'response_types_supported',
'subject_types_supported',
'id_token_signing_alg_values_supported']
}
if return_type(_conf['tool']['profile']) not in ['I', 'IT']:
state['provider_info']['required'].append('token_endpoint')
arg = {'base': '',
'iss': qp[0],
'tag': qp[1],
'dicts': dicts,
'state': state}
return resp(self.environ, self.start_response, **arg)
