def _parse_id_token(self, request, token, claims_options=None):
"""Return an instance of UserInfo from token's ``id_token``."""
if 'id_token' not in token:
return None
def load_key(header, payload):
jwk_set = self._fetch_jwk_set()
try:
return jwk.loads(jwk_set, header.get('kid'))
except ValueError:
# re-try with new jwk set
jwk_set = self._fetch_jwk_set(force=True)
return jwk.loads(jwk_set, header.get('kid'))
nonce = self._get_session_data(request, 'nonce')
claims_params = dict(
nonce=nonce,
client_id=self.client_id,
)
if 'access_token' in token:
claims_params['access_token'] = token['access_token']
claims_cls = CodeIDToken
else:
claims_cls = ImplicitIDToken
metadata = self._load_server_metadata()
if claims_options is None and 'issuer' in metadata:
claims_options = {'iss': {'values': [metadata['issuer']]}}
alg_values = metadata.get('id_token_signing_alg_values_supported')
if not alg_values:
alg_values = ['RS256']
jwt = JsonWebToken(alg_values)
claims = jwt.decode(
token['id_token'], key=load_key,
claims_cls=claims_cls,
claims_options=claims_options,
claims_params=claims_params,
)
claims.validate(leeway=120)
return UserInfo(claims)
async def _parse_id_token(self, token, nonce, claims_options=None):
"""Return an instance of UserInfo from token's ``id_token``."""
claims_params = dict(
nonce=nonce,
client_id=self.client_id,
)
if 'access_token' in token:
claims_params['access_token'] = token['access_token']
claims_cls = CodeIDToken
else:
claims_cls = ImplicitIDToken
metadata = await self.load_server_metadata()
if claims_options is None and 'issuer' in metadata:
claims_options = {'iss': {'values': [metadata['issuer']]}}
alg_values = metadata.get('id_token_signing_alg_values_supported')
if not alg_values:
alg_values = ['RS256']
jwt = JsonWebToken(alg_values)
jwk_set = await self._fetch_jwk_set()
try:
claims = jwt.decode(
token['id_token'],
key=JsonWebKey.import_key_set(jwk_set),
claims_cls=claims_cls,
claims_options=claims_options,
claims_params=claims_params,
)
except ValueError:
jwk_set = await self._fetch_jwk_set(force=True)
claims = jwt.decode(
token['id_token'],
key=JsonWebKey.import_key_set(jwk_set),
claims_cls=claims_cls,
claims_options=claims_options,
claims_params=claims_params,
)
claims.validate(leeway=120)
return UserInfo(claims)
async def _fetch_userinfo(self, token: Token) -> UserInfo:
"""Fetch user information from the ``userinfo_endpoint``.
Args:
token: the token given by the ``token_endpoint``.
Must include an ``access_token`` field.
Returns:
UserInfo: an object representing the user.
"""
metadata = await self.load_metadata()
resp = await self._http_client.get_json(
metadata["userinfo_endpoint"],
headers={
"Authorization": ["Bearer {}".format(token["access_token"])]
},
)
return UserInfo(resp)
def test_authorization_callback_success(mocker, client_without_db):
client = client_without_db
mocker.patch("app.auth.routes.oauth.google.authorize_access_token")
mocker.patch("app.auth.routes.oauth.google.parse_id_token")
query = mocker.patch("data.models.user.User.query")
oauth.google.authorize_access_token.return_value = {
"access_token": "TOKEN"
}
oauth.google.parse_id_token.return_value = UserInfo(regular_user_info())
query.filter_by.one_or_none.return_value = True
resp = client.get("/auth/authorized")
assert resp.status_code == 302
assert resp.headers.get("Location") == "http://localhost/"
oauth.google.authorize_access_token.assert_called_once()
oauth.google.parse_id_token.assert_called_once_with(
{"access_token": "TOKEN"})
with client.session_transaction() as session:
assert "user_info" in session
def generate_user_info(user, scope):
return UserInfo(sub=str(user.id), name=user.username)
def userinfo(self, **kwargs):
"""Fetch user info from ``userinfo_endpoint``."""
resp = self.get(self.metadata["userinfo_endpoint"], **kwargs)
resp.raise_for_status()
data = resp.json()
return UserInfo(data)
def test_getattribute(self):
user = UserInfo({'sub': '1'})
self.assertEqual(user.sub, '1')
self.assertIsNone(user.email, None)
self.assertRaises(AttributeError, lambda: user.invalid)
def userinfo(self, **kwargs):
"""Fetch user info from ``userinfo_endpoint``."""
metadata = self.load_server_metadata()
resp = self.get(metadata['userinfo_endpoint'], **kwargs)
data = resp.json()
return UserInfo(data)
def generate_user_info(self, user, scope):
return UserInfo(sub=str(user.get_user_id()))
def generate_user_info(self, scopes):
profile = {'sub': str(self.id), 'name': self.username}
return UserInfo(profile)
def generate_user_info(self, scopes):
profile = {"sub": str(self.id), "name": self.username}
return UserInfo(profile)
def generate_user_info(user, scope):
user_info = UserInfo(sub=user.id, email = user.email)
return user_info
