def get_token(body: JsonObject):
user_client_id = util.maybe_raise_for_env("AUTH0_USER_MANAGEMENT_CLIENT_ID")
oauth_token = OauthToken.from_dict(body)
if oauth_token.client_id == user_client_id:
token = _get_management_token(client_id=oauth_token.client_id, client_secret=oauth_token.client_secret)
return token
aud = util.maybe_raise_for_env("XCUBE_HUB_OAUTH_AUD")
token = _get_management_token()
res = get_user_by_credentials(token=token,
client_id=oauth_token.client_id,
client_secret=oauth_token.client_secret)
user = User.from_dict(res[0])
permissions = users.get_permissions_by_user_id(user.user_id, token=token)
permissions = users.get_permissions(permissions=permissions)
claims = {
"iss": "https://xcube-gen.brockmann-consult.de/",
"aud": [aud],
"scope": " ".join(permissions),
"gty": "client-credentials",
"email": user.email,
"sub": users.create_user_id_from_email(user.email),
"permissions": permissions
}
if user.app_metadata and user.app_metadata.geodb_role:
claims["https://geodb.brockmann-consult.de/dbrole"] = user.app_metadata.geodb_role
return create_token(claims)
def _get_user(self, user_id, token: str, raising=True) -> Optional[User]:
r = requests.get(f"https://{self._domain}/users/auth0|{user_id}",
headers=self._get_header(token=token))
try:
r.raise_for_status()
except HTTPError as e:
if raising:
raise api.ApiError(r.status_code, str(e))
else:
return None
return User.from_dict(r.json())
def get_subscription(self, service_id: str, subscription_id: str,
token: str):
r = requests.get(
f"https://{self._domain}/users/auth0|{subscription_id}",
headers=self._get_header(token=token))
try:
r.raise_for_status()
except HTTPError as e:
raise api.ApiError(r.status_code, str(e))
user = User.from_dict(r.json())
if service_id not in user.user_metadata.subscriptions:
raise api.ApiError(
404,
f"Subscription {subscription_id} not found in service {service_id}"
)
return user.user_metadata.subscriptions[service_id]