def _get_token(self, timeout=100):
if self.client_id is None:
raise AuthError("Could not find CLIENT_ID")
if self.client_secret is None:
raise AuthError("Could not find CLIENT_SECRET")
s = requests.Session()
retries = Retry(total=5,
backoff_factor=random.uniform(1, 10),
method_whitelist=frozenset(['GET', 'POST']),
status_forcelist=[429, 500, 502, 503, 504])
s.mount('https://', HTTPAdapter(max_retries=retries))
headers = {"content-type": "application/json"}
params = {
"scope": " ".join(self.scope),
"client_id": self.client_id,
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"target": self.client_id,
"api_type": "app",
"refresh_token": self.client_secret
}
r = s.post(self.domain + "/auth/delegation", headers=headers, data=json.dumps(params), timeout=timeout)
if r.status_code != 200:
raise OauthError("%s: %s" % (r.status_code, r.text))
data = r.json()
self._token = data['id_token']
token_info = {}
if self.token_info_path:
try:
with open(self.token_info_path) as fp:
token_info = json.load(fp)
except (IOError, ValueError):
pass
token_info['jwt_token'] = self._token
if self.token_info_path:
token_info_directory = os.path.dirname(self.token_info_path)
makedirs_if_not_exists(token_info_directory)
try:
with open(self.token_info_path, 'w+') as fp:
json.dump(token_info, fp)
os.chmod(self.token_info_path, stat.S_IRUSR | stat.S_IWUSR)
except IOError as e:
warnings.warn('failed to save token: {}'.format(e))
def _get_token(self, timeout=100):
if self.client_id is None:
raise AuthError("Could not find client_id")
if self.client_secret is None and self.refresh_token is None:
raise AuthError("Could not find client_secret or refresh token")
if self.client_id in ["ZOBAi4UROl5gKZIpxxlwOEfx8KpqXf2c"
]: # TODO(justin) remove legacy handling
# TODO (justin) insert deprecation warning
if self.scope is None:
scope = ["openid", "name", "groups", "org", "email"]
else:
scope = self.scope
params = {
"scope": " ".join(scope),
"client_id": self.client_id,
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"target": self.client_id,
"api_type": "app",
"refresh_token": self.refresh_token,
}
else:
params = {
"client_id": self.client_id,
"grant_type": "refresh_token",
"refresh_token": self.refresh_token,
}
if self.scope is not None:
params["scope"] = " ".join(self.scope)
r = self.session.post(self.domain + "/token",
json=params,
timeout=timeout)
if r.status_code != 200:
raise OauthError("%s: %s" % (r.status_code, r.text))
data = r.json()
access_token = data.get("access_token")
id_token = data.get(
"id_token") # TODO(justin) remove legacy id_token usage
if access_token is not None:
self._token = access_token
elif id_token is not None:
self._token = id_token
else:
raise OauthError("could not retrieve token")
token_info = {}
if self.token_info_path:
try:
with open(self.token_info_path) as fp:
token_info = json.load(fp)
except (IOError, ValueError):
pass
token_info["jwt_token"] = self._token
if self.token_info_path:
token_info_directory = os.path.dirname(self.token_info_path)
makedirs_if_not_exists(token_info_directory)
try:
with open(self.token_info_path, "w+") as fp:
json.dump(token_info, fp)
os.chmod(self.token_info_path, stat.S_IRUSR | stat.S_IWUSR)
except IOError as e:
warnings.warn("failed to save token: {}".format(e))