def get_bearer_token(email,
password,
scopes=None,
account_server_url=None,
oauth_server_url=None,
client_id=None):
message = None
if not account_server_url:
message = 'Please define an account_server_url.'
elif not oauth_server_url:
message = 'Please define an oauth_server_url.'
elif not client_id:
message = 'Please define a client_id.'
if message:
raise ValueError(message)
if scopes is None:
scopes = ['profile']
client = core.Client(server_url=account_server_url)
session = client.login(email, password)
url = urlparse(oauth_server_url)
audience = "%s://%s/" % (url.scheme, url.netloc)
bid_assertion = session.get_identity_assertion(audience)
oauth_client = oauth.Client(server_url=oauth_server_url)
token = oauth_client.authorize_token(bid_assertion, ' '.join(scopes),
client_id)
return token
def create_new_fxa_account(fxa_user_salt=None,
account_server_url=None,
prefix="fxa",
content_server_url=None):
if account_server_url and 'stage' in account_server_url:
if not fxa_user_salt:
fxa_user_salt = os.urandom(36)
else:
fxa_user_salt = base64.urlsafe_b64decode(fxa_user_salt)
password = hmac.new(fxa_user_salt, b"loadtest").hexdigest()
email = "*****@*****.**" % (prefix, password)
client = core.Client(server_url=account_server_url)
try:
client.create_account(email, password=password, preVerified=True)
except errors.ClientError as e:
if e.errno != FXA_ERROR_ACCOUNT_EXISTS:
raise
finally:
return email, password
else:
message = ("You are not using stage (%s), make sure your FxA test "
"account exists: %s" %
(account_server_url, content_server_url))
raise ValueError(message)
def get_bearer_token(email,
password,
scopes=None,
account_server_url=None,
oauth_server_url=None,
client_id=None,
client_secret=None,
use_pkce=False,
unblock_code=None):
message = None
if not account_server_url:
message = 'Please define an account_server_url.'
elif not oauth_server_url:
message = 'Please define an oauth_server_url.'
elif not client_id:
message = 'Please define a client_id.'
if message:
raise ValueError(message)
if scopes is None:
scopes = ['profile']
client = core.Client(server_url=account_server_url)
session = client.login(email, password, unblock_code=unblock_code)
oauth_client = oauth.Client(client_id,
client_secret,
server_url=oauth_server_url)
# XXX TODO: we should be able to automaticaly choose the most
# direct route to getting a token, based on registered client
# metadata. Unfortunately the oauth-server doesn't (yet) expose
# client properties like `canGrant` and `isPublic`.
# print metadata
# metadata = oauth_client.get_client_metadata()
scope = ' '.join(scopes)
if client_secret is None and not use_pkce:
token = oauth_client.authorize_token(session, scope)
else:
challenge = verifier = {}
if use_pkce:
(challenge, verifier) = oauth_client.generate_pkce_challenge()
code = oauth_client.authorize_code(session, scope, **challenge)
token = oauth_client.trade_code(code, **verifier)
return token
def get_browserid_assertion(email,
password,
audience,
account_server_url=None,
duration=core.DEFAULT_ASSERTION_DURATION):
if not account_server_url:
message = 'Please define an account_server_url.'
raise ValueError(message)
client = core.Client(server_url=account_server_url)
session = client.login(email, password, keys=True)
bid_assertion = session.get_identity_assertion(audience=audience,
duration=duration)
_, keyB = session.fetch_keys()
client_state = hexlify(sha256(keyB).digest()[0:16]).decode('utf-8')
return bid_assertion, client_state
def send_unblock_code(email, account_server_url=None):
if not account_server_url:
raise ValueError('Please define an account_server_url.')
client = core.Client(server_url=account_server_url)
return client.send_unblock_code(email)