def get_oauth_token_from_login(code,
grant_type,
auth_options=None,
headers=None):
logger.debug("OktaAuth.get_oauth_token()")
okta_headers = OktaUtil.get_oauth_okta_headers(headers)
redirect_url = url_for(
"streamingservice_views_bp.streamingservice_callback",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
url = ("{issuer}/v1/token?"
"grant_type={grant_type}&"
"code={code}&"
"redirect_uri={redirect_uri}").format(
issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"],
code=code,
redirect_uri=redirect_url,
grant_type=grant_type)
body = {"authorization_code": code}
if auth_options:
for key in auth_options:
url = "{url}&{key}={value}".format(url=url,
key=key,
value=auth_options[key])
return RestUtil.execute_post(url, body, okta_headers)
def get_udp_oauth_access_token(udp_config):
logger.debug("get_app_vertical()")
results = None
udp_issuer = udp_config["issuer"]
udp_token_endpoint = "{issuer}/v1/token".format(issuer=udp_issuer)
udp_oauth_client_id = udp_config["client_id"]
udp_oauth_client_secret = udp_config["client_secret"]
basic_auth_encoded = OktaUtil.get_encoded_auth(udp_oauth_client_id,
udp_oauth_client_secret)
oauth2_headers = {
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic {0}".format(basic_auth_encoded)
}
# logger.debug(oauth2_headers)
url = "{0}?grant_type=client_credentials&scope=secrets:read".format(
udp_token_endpoint)
responseData = RestUtil.execute_post(url, headers=oauth2_headers)
# logger.debug(responseData)
if "access_token" in responseData:
results = responseData["access_token"]
else:
logger.warning(
"Failed to get UDP Service OAuth token: {message}".format(
message=responseData))
return results
def gbac_idverification_getverificationcode():
logger.debug("gbac_idverification_bp")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
evidenttoken = ""
basicauth = OktaUtil.get_encoded_auth("okta", "Ry4EZf8SyxKyStLK6BqxBBLXEW4SrIo6hc0m2rR3PoI")
headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Basic {0}".format(basicauth)
}
my_str = user["profile"]["email"]
idx = my_str.index("@")
email = my_str[:idx] + str(time.time()) + my_str[idx:]
body = {
"email": email,
"templateId": "1ce55f4e-7bb2-4907-9643-dc61f1f04f4d"
}
response = RestUtil.execute_post(" https://verify.api.demo.evidentid.com/api/v1/verify/requests", headers=headers, body=body)
evidenttoken = response["userIdentityToken"]
user_data = {"profile": {get_udp_ns_fieldname("evident_id"): response["id"]}}
okta_admin.update_user(user["id"], user_data)
return evidenttoken
def gbac_idverification_updateidentity():
logger.debug("gbac_idverification_updateidentity")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
basicauth = OktaUtil.get_encoded_auth(
"okta", "Ry4EZf8SyxKyStLK6BqxBBLXEW4SrIo6hc0m2rR3PoI")
headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Basic {0}".format(basicauth)
}
evident_id = user["profile"][get_udp_ns_fieldname("evident_id")]
response = RestUtil.execute_get(
"https://verify.api.demo.evidentid.com/api/v1/verify/requests/{0}".
format(evident_id),
headers=headers)
now = datetime.datetime.now()
# dd/mm/YY H:M:S
verifydate = now.strftime("%d/%m/%Y %H:%M:%S")
user_data = {
"profile": {
get_udp_ns_fieldname("last_verified_date"): str(verifydate)
}
}
status = ""
for item in response["attributes"]:
status = item["status"]
if status == "pending":
break
if item["type"] == "core.firstname":
user_data["profile"]["firstName"] = item["values"][0]
if item["type"] == "core.lastname":
user_data["profile"]["lastName"] = item["values"][0]
if item["type"] == "core.address.zipcode":
user_data["profile"]["zipCode"] = item["values"][0]
if item["type"] == "core.address.city":
user_data["profile"]["city"] = item["values"][0]
if item["type"] == "core.address.state":
user_data["profile"]["state"] = item["values"][0]
if status == "pending":
return status
else:
logging.debug(user_data)
okta_admin.update_user(user["id"], user_data)
return response
def auth_api():
secret = request.form.get('secret')
key = request.form.get('key')
scopes = request.form.get('scopes')
api_headers = {
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization":
"Basic {0}".format(OktaUtil.get_encoded_auth(key, secret))
}
url = "{issuer}/v1/token".format(
issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"])
body = "grant_type=client_credentials&scope={scopes}".format(scopes=scopes)
return execute_post(url=url, body=body, headers=api_headers)
def api_proxy():
authorization = request.form.get('Authorization')
url = request.form.get('url')
secret = request.form.get('secret')
key = request.form.get('key')
tid = request.form.get('task_id')
title = request.form.get('title')
description = request.form.get('description')
done = request.form.get('done')
api_headers = {
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization":
"Basic {0}".format(OktaUtil.get_encoded_auth(key, secret))
}
introspecturl = "{issuer}/v1/introspect?token={token}".format(
issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"],
token=authorization)
body = {}
accesstoken = RestUtil.execute_post(introspecturl,
body,
headers=api_headers)
if "error" not in accesstoken:
if accesstoken["active"]:
authorization_info = TokenUtil.get_claims_from_token(authorization)
scopes = authorization_info["scp"]
else:
return {"Issue": "Unauthorized"}
else:
return {"Issue": "Unauthorized"}
apiresponse = check_task_event(url=url,
tid=tid,
title=title,
description=description,
done=done,
scopes=scopes)
if not apiresponse:
apiresponse = {
"Issue": "Error when processing request. Please check your values."
}
return apiresponse
def get_authtoken(refresh_token, client_id, client_secret, grant_type, headers, redirect_uri, scopes, device_id):
logger.debug("OktaAuth.get_oauth_token_from_refresh_token()")
okta_headers = OktaUtil.get_oauth_okta_headers(headers, client_id, client_secret)
url = (
"{issuer}/v1/token?"
"grant_type={grant_type}&"
"redirect_uri={redirect_uri}&"
"scopes={scopes}&"
"refresh_token={refresh_token}&"
"device_id={device_id}"
).format(
issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"],
refresh_token=refresh_token,
redirect_uri=redirect_uri,
scopes=scopes,
grant_type=grant_type,
device_id=device_id
)
body = {}
return RestUtil.execute_post(url, body, okta_headers)