def get_userinfo():
logger.debug("get_userinfo()")
user_info = None
session[SESSION_INSTANCE_SETTINGS_KEY][GET_NEW_TOKEN_URL] = ""
if TokenUtil.is_valid_remote(TokenUtil.get_access_token(request.cookies),
session[SESSION_INSTANCE_SETTINGS_KEY]):
logger.debug("valid")
user_info = TokenUtil.get_claims_from_token(
TokenUtil.get_id_token(request.cookies))
else:
logger.debug("notvalid")
session[SESSION_INSTANCE_SETTINGS_KEY][
GET_NEW_TOKEN_URL] = get_oauth_authorize_url()
return user_info
def api_proxy():
authorization = request.form.get('Authorization')
url = request.form.get('url')
secret = request.form.get('secret')
key = request.form.get('key')
tid = request.form.get('task_id')
title = request.form.get('title')
description = request.form.get('description')
done = request.form.get('done')
api_headers = {
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization":
"Basic {0}".format(OktaUtil.get_encoded_auth(key, secret))
}
introspecturl = "{issuer}/v1/introspect?token={token}".format(
issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"],
token=authorization)
body = {}
accesstoken = RestUtil.execute_post(introspecturl,
body,
headers=api_headers)
if "error" not in accesstoken:
if accesstoken["active"]:
authorization_info = TokenUtil.get_claims_from_token(authorization)
scopes = authorization_info["scp"]
else:
return {"Issue": "Unauthorized"}
else:
return {"Issue": "Unauthorized"}
apiresponse = check_task_event(url=url,
tid=tid,
title=title,
description=description,
done=done,
scopes=scopes)
if not apiresponse:
apiresponse = {
"Issue": "Error when processing request. Please check your values."
}
return apiresponse
def gbac_id_tokenp():
token = TokenUtil.get_id_token(request.cookies)
decodedToken = TokenUtil.get_claims_from_token(token)
return json.dumps(decodedToken)
def streamingservice_token_check():
logger.debug("streamingservice_token_check()")
access_token = request.form['access_token']
id_token = request.form['id_token']
refresh_token = request.form['refresh_token']
device_id = request.form['device_id']
client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][
"app_deviceflow_clientid"]
client_secret = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][
"app_deviceflow_clientsecret"]
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
isactiveID = okta_auth.introspect_with_clientid(
id_token,
client_id=client_id,
client_secret=client_secret,
token_type_hint="idtoken")
if isactiveID["active"]:
id_token_info = TokenUtil.get_claims_from_token(id_token)
user_app_profile = okta_admin.get_user_application_by_client_id(
user_id=id_token_info["sub"], client_id=client_id)
if get_udp_ns_fieldname(
"authorized_devices") in user_app_profile["profile"]:
devices = user_app_profile["profile"][get_udp_ns_fieldname(
"authorized_devices")]
if device_id in devices:
isactiveAT = okta_auth.introspect_with_clientid(
access_token,
client_id=client_id,
client_secret=client_secret,
token_type_hint="access_token")
if isactiveAT["active"]:
response = "true"
else:
isactiveRT = okta_auth.introspect_with_clientid(
refresh_token,
client_id=client_id,
client_secret=client_secret,
token_type_hint="refresh_token")
if isactiveRT['active']:
logging.debug("get new AT")
responseurl = url_for(
"streamingservice_views_bp.streamingservice_devicepage",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]
["app_scheme"])
tokens = okta_auth.get_oauth_token_from_refresh_token(
headers=None,
refresh_token=refresh_token,
client_id=client_id,
client_secret=client_secret,
grant_type="refresh_token",
redirect_uri=responseurl,
scopes="openid profile email offline_access")
response = tokens
else:
response = "false"
else:
response = "false"
else:
response = "false"
else:
response = "false"
return response