def pick_authn_method(self, request, redirect_uri):
"""
:param request:
:param redirect_uri:
:return:
"""
_context = self.endpoint_context
acrs = self._acr_claims(request)
if acrs:
# If acr claims are present the picked acr value MUST match
# one of the given
tup = (None, None)
for acr in acrs:
res = _context.authn_broker.pick(acr, "exact")
logger.debug("Picked AuthN broker for ACR %s: %s" % (
str(acr), str(res)))
if res: # Return the best guess by pick.
tup = res[0]
break
authn, authn_class_ref = tup
else:
authn, authn_class_ref = pick_auth(_context, request)
if not authn:
authn, authn_class_ref = pick_auth(_context, request, "better")
if not authn:
authn, authn_class_ref = pick_auth(_context, request, "any")
if authn is None:
return AuthorizationErrorResponse(error="access_denied",
redirect_uri=redirect_uri,
return_type=request[
"response_type"])
else:
logger.info('Authentication class: {}, acr: {}'.format(
authn.__class__.__name__, authn_class_ref))
return authn, authn_class_ref
def pick_authn_method(self, request, redirect_uri, acr=None, **kwargs):
auth_id = kwargs.get("auth_method_id")
if auth_id:
return self.endpoint_context.authn_broker[auth_id]
if acr:
res = self.endpoint_context.authn_broker.pick(acr)
else:
res = pick_auth(self.endpoint_context, request)
if res:
return res
else:
return {
"error": "access_denied",
"error_description": "ACR I do not support",
"return_uri": redirect_uri,
"return_type": request["response_type"],
}
def test_pick_authn_all(self):
request = {"acr_values": INTERNETPROTOCOLPASSWORD}
res = pick_auth(self.endpoint_context, request, all=True)
assert len(res) == 2
def test_pick_authn_one(self):
request = {"acr_values": INTERNETPROTOCOLPASSWORD}
res = pick_auth(self.endpoint_context, request)
assert res["acr"] == INTERNETPROTOCOLPASSWORD