def setup_authorization(self):
"""
SET
token_default
token_scope_hr_r
token_scope_brk_plus
header_auth_default
header_auth_scope_hr_r
header_auth_scope_brk_plus
"""
jwks = get_keyset()
assert len(jwks['keys']) > 0
key = next(iter(jwks['keys']))
now = int(time.time())
header = {
'alg': 'ES256', # algorithm of the test key
'kid': key.key_id
}
token_default = JWT(header=header,
claims={
'iat': now,
'exp': now + 600,
'scopes': []
})
token_scope_hr_r = JWT(header=header,
claims={
'iat': now,
'exp': now + 600,
'scopes': [authorization_levels.SCOPE_HR_R]
})
token_scope_brk_plus = JWT(header=header,
claims={
'iat':
now,
'exp':
now + 600,
'scopes': [
authorization_levels.SCOPE_HR_R,
authorization_levels.SCOPE_BRK_RS,
authorization_levels.SCOPE_BRK_RSN
]
})
token_default.make_signed_token(key)
self.token_default = token_default.serialize()
self.header_auth_default = {
AUTH_HEADER: "Bearer {}".format(self.token_default)
}
token_scope_hr_r.make_signed_token(key)
self.token_scope_hr_r = token_scope_hr_r.serialize()
self.header_auth_scope_hr_r = {
AUTH_HEADER: "Bearer {}".format(self.token_scope_hr_r)
}
token_scope_brk_plus.make_signed_token(key)
self.token_scope_brk_plus = token_scope_brk_plus.serialize()
self.header_auth_scope_brk_plus = {
AUTH_HEADER: "Bearer {}".format(self.token_scope_brk_plus)
}
def _get_token(self, scope):
"""
Obtain a token to be used in the http client:
self.client.credentials(
HTTP_AUTHORIZATION='Bearer {}'.format(token))
"""
jwks = get_keyset()
assert len(jwks["keys"]) > 0
key = next(iter(jwks["keys"]))
now = int(time.time())
header = {"alg": "ES256", "kid": key.key_id} # algorithm of the test key
token = JWT(
header=header,
claims={
"iat": now,
"exp": now + 600,
"scopes": [scope],
},
)
token.make_signed_token(key)
return token.serialize()
def setUpAuthorization(self):
"""
SET
token_scope_hr
to use with:
self.client.credentials(
HTTP_AUTHORIZATION='Bearer {}'.format(self.token_scope_hr))
"""
jwks = get_keyset()
assert len(jwks['keys']) > 0
key = next(iter(jwks['keys']))
now = int(time.time())
headers = {
'alg': 'ES256', # algorithm of the test key
'kid': key.key_id
}
payload = {
'iat': now,
'exp': now + 600,
'scopes': [settings.SCOPE_HR_R]
}
token = JWT(header=headers, claims=payload)
token.make_signed_token(key)
self.token_scope_hr_r = token.serialize()
def _fetcher(scopes):
kid = "2aedafba-8170-4064-b704-ce92b7c89cc6"
key = jwks.get_keyset().get_key(kid)
token = JWT(header={
"alg": "ES256",
"kid": kid
},
claims=fetch_tokendata(scopes))
token.make_signed_token(key)
return token.serialize()
def make_grex_token():
jwks = get_keyset()
assert len(jwks['keys']) > 0
key = next(iter(jwks['keys']))
now = int(time.time())
header = {
'alg': 'ES256', # algorithm of the test key
'kid': key.key_id
}
token = JWT(
header=header,
claims={
'iat': now,
'exp': now + 600,
'scopes': ['GREX/R']
}
)
token.make_signed_token(key)
return token.serialize()
class JWTMixin(object):
jwks = get_keyset()
assert len(jwks['keys']) > 0
key = next(iter(jwks['keys']))
kid = key.key_id
def employee_credentials(self, scope=None):
return dict(HTTP_AUTHORIZATION=('Bearer ' + self.jwt_token(scope)))
def jwt_token(self, scope):
now = int(time.time())
scopes = [scope] if isinstance(scope, str) else []
payload = {'iat': now, 'exp': now + 300, 'scopes': scopes}
headers = {
'alg': 'ES256', # algorithm of the test key
'kid': self.kid
}
token = JWT(header=headers, claims=payload)
token.make_signed_token(self.key)
return token.serialize()
def setUpAuthorization(self):
"""
SET
token_default
token_employee_plus
token_scope_brk_rs
token_scope_brk_rsn
token_scope_brk_ro
token_scope_wkpd_rdbu
to use with:
self.client.credentials(
HTTP_AUTHORIZATION='Bearer {}'.format(self.token_employee_plus))
"""
jwks = get_keyset()
assert len(jwks['keys']) > 0
key = next(iter(jwks['keys']))
now = int(time.time())
header = {
'alg': 'ES256', # algorithm of the test key
'kid': key.key_id
}
token_default = JWT(header=header,
claims={
'iat': now,
'exp': now + 600,
'scopes': []
})
token_employee_plus = JWT(header=header,
claims={
'iat':
now,
'exp':
now + 600,
'scopes': [
authorization_levels.SCOPE_BRK_RSN,
authorization_levels.SCOPE_BRK_RS,
authorization_levels.SCOPE_BRK_RO,
authorization_levels.SCOPE_WKPB_RBDU
]
})
token_scope_brk_rs = JWT(header=header,
claims={
'iat': now,
'exp': now + 600,
'scopes':
[authorization_levels.SCOPE_BRK_RS]
})
token_scope_brk_rsn = JWT(header=header,
claims={
'iat':
now,
'exp':
now + 600,
'scopes': [
authorization_levels.SCOPE_BRK_RSN,
authorization_levels.SCOPE_BRK_RS
]
})
token_scope_brk_ro = JWT(header=header,
claims={
'iat': now,
'exp': now + 600,
'scopes':
[authorization_levels.SCOPE_BRK_RO]
})
token_scope_wkpd_rdbu = JWT(header=header,
claims={
'iat':
now,
'exp':
now + 600,
'scopes':
[authorization_levels.SCOPE_WKPB_RBDU]
})
token_default.make_signed_token(key)
self.token_default = token_default.serialize()
token_employee_plus.make_signed_token(key)
self.token_employee_plus = token_employee_plus.serialize()
token_scope_brk_rs.make_signed_token(key)
self.token_scope_brk_rs = token_scope_brk_rs.serialize()
token_scope_brk_rsn.make_signed_token(key)
self.token_scope_brk_rsn = token_scope_brk_rsn.serialize()
token_scope_brk_ro.make_signed_token(key)
self.token_scope_brk_ro = token_scope_brk_ro.serialize()
token_scope_wkpd_rdbu.make_signed_token(key)
self.token_scope_wkpd_rdbu = token_scope_wkpd_rdbu.serialize()
def create_token(tokendata, kid, alg):
key = jwks.get_keyset().get_key(kid)
token = JWT(header={"alg": alg, "kid": kid}, claims=tokendata)
token.make_signed_token(key)
return token