def userinfo_claims(access_token, scope_names=None, claims_request=None):
"""
Creates claims data for OpenID Connect UserInfo endpoint, according:
http://openid.net/specs/openid-connect-basic-1_0.html#UserInfoResponse
Support scope and claims request parameter as described in:
http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Arguments:
access_token (AccessToken): Associated access token
scope_names (list): Optional list of requested scopes
claims_request (dict): Optional dictionary with a claims request parameter
Information on the claims request parameter specification:
http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Returns dictionary of the claims required by the specification.
"""
handlers = USERINFO_HANDLERS
claims = claims_request.get('userinfo', {}) if claims_request else {}
result = collect(handlers,
access_token,
scope_names,
claims,
inclusive=False)
return result
def id_token_claims(access_token, nonce=None, claims_request=None):
"""
Creates claims data for an OpenID Connect ID Token according to:
http://openid.net/specs/openid-connect-basic-1_0.html#IDToken
Arguments:
access_token (AccessToken): Associated OAuth2 access token.
nonce (str): Optional nonce to protect against replay attacks.
claims_request (dict): Optional dictionary with a claims request parameter.
Information on the claims request parameter specification:
http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Returns dictionary of the claims required by the specification.
"""
claims = claims_request.get('id_token', {}) if claims_request else {}
handlers = ID_TOKEN_HANDLERS
if nonce:
claims.update({'nonce': {'value': nonce}})
result = collect(handlers, access_token, claims=claims, inclusive=True)
return result
def userinfo_claims(access_token, scope_names=None, claims_request=None):
"""
Creates claims data for OpenID Connect UserInfo endpoint, according:
http://openid.net/specs/openid-connect-basic-1_0.html#UserInfoResponse
Support scope and claims request parameter as described in:
http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Arguments:
access_token (AccessToken): Associated access token
scope_names (list): Optional list of requested scopes
claims_request (dict): Optional dictionary with a claims request parameter
Information on the claims request parameter specification:
http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Returns dictionary of the claims required by the specification.
"""
handlers = USERINFO_HANDLERS
claims = claims_request.get('userinfo', {}) if claims_request else {}
result = collect(handlers, access_token, scope_names, claims, inclusive=False)
return result
def id_token_claims(access_token, nonce=None, claims_request=None):
"""
Creates claims data for an OpenID Connect ID Token according to:
http://openid.net/specs/openid-connect-basic-1_0.html#IDToken
Arguments:
access_token (AccessToken): Associated OAuth2 access token.
nonce (str): Optional nonce to protect against replay attacks.
claims_request (dict): Optional dictionary with a claims request parameter.
Information on the claims request parameter specification:
http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Returns dictionary of the claims required by the specification.
"""
claims = claims_request.get('id_token', {}) if claims_request else {}
handlers = ID_TOKEN_HANDLERS
if nonce:
claims.update({'nonce': {'value': nonce}})
result = collect(handlers, access_token, claims=claims, inclusive=True)
return result
def userinfo(access_token, scope_request=None, claims_request=None):
"""
Returns data required for an OpenID Connect UserInfo response, according to:
http://openid.net/specs/openid-connect-basic-1_0.html#UserInfoResponse
Supports scope and claims request parameter as described in:
- http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
- http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Arguments: access_token (:class:`AccessToken`): Associated access
token. scope_request (list): Optional list of requested
scopes. Only scopes authorized in the `access_token` will be
considered. claims_request
(dict): Optional dictionary with a claims request parameter.
Information on the claims request parameter specification:
- http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
As a convinience, if neither `scope_request` or user_info claim is
specified in the `claims_request`, it will return the claims for
all the scopes in the `access_token`.
Returns an :class:`IDToken` instance with the scopes from the
`scope_request` and the corresponding claims. Claims in the
`claims_request` paramater userinfo section will be included *in
addition* to the ones corresponding to `scope_request`.
"""
handlers = HANDLERS['userinfo']
# Select only the relevant section of the claims request.
claims_request_section = claims_request.get('userinfo', {}) if claims_request else {}
# If nothing is requested, return the claims for the scopes in the access token.
if not scope_request and not claims_request_section:
scope_request = provider.scope.to_names(access_token.scope)
else:
scope_request = scope_request
scopes, claims = collect(
handlers,
access_token,
scope_request=scope_request,
claims_request=claims_request_section,
)
return IDToken(access_token, scopes, claims)
def userinfo(access_token, scope_request=None, claims_request=None):
"""
Returns data required for an OpenID Connect UserInfo response, according to:
http://openid.net/specs/openid-connect-basic-1_0.html#UserInfoResponse
Supports scope and claims request parameter as described in:
- http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
- http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Arguments: access_token (:class:`AccessToken`): Associated access
token. scope_request (list): Optional list of requested
scopes. Only scopes authorized in the `access_token` will be
considered. claims_request
(dict): Optional dictionary with a claims request parameter.
Information on the claims request parameter specification:
- http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
As a convinience, if neither `scope_request` or user_info claim is
specified in the `claims_request`, it will return the claims for
all the scopes in the `access_token`.
Returns an :class:`IDToken` instance with the scopes from the
`scope_request` and the corresponding claims. Claims in the
`claims_request` paramater userinfo section will be included *in
addition* to the ones corresponding to `scope_request`.
"""
handlers = HANDLERS["userinfo"]
# Select only the relevant section of the claims request.
claims_request_section = claims_request.get("userinfo", {}) if claims_request else {}
# If nothing is requested, return the claims for the scopes in the access token.
if not scope_request and not claims_request_section:
scope_request = provider.scope.to_names(access_token.scope)
else:
scope_request = scope_request
scopes, claims = collect(handlers, access_token, scope_request=scope_request, claims_request=claims_request_section)
return IDToken(access_token, scopes, claims)
def id_token(access_token, nonce=None, claims_request=None):
"""
Returns data required for an OpenID Connect ID Token according to:
- http://openid.net/specs/openid-connect-basic-1_0.html#IDToken
Arguments:
access_token (:class:`AccessToken`): Associated OAuth2 access token.
nonce (str): Optional nonce to protect against replay attacks.
claims_request (dict): Optional dictionary with the claims request parameters.
Information on the `claims_request` parameter specification:
- http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Returns an :class:`IDToken` instance with the scopes from the
access_token and the corresponding claims. Claims in the
`claims_request` paramater id_token section will be included *in
addition* to the ones corresponding to the scopes specified in the
`access_token`.
"""
handlers = HANDLERS['id_token']
# Select only the relevant section of the claims request.
claims_request_section = claims_request.get('id_token', {}) if claims_request else {}
scope_request = provider.scope.to_names(access_token.scope)
if nonce:
claims_request_section.update({'nonce': {'value': nonce}})
scopes, claims = collect(
handlers,
access_token,
scope_request=scope_request,
claims_request=claims_request_section,
)
return IDToken(access_token, scopes, claims)
def id_token(access_token, nonce=None, claims_request=None):
"""
Returns data required for an OpenID Connect ID Token according to:
- http://openid.net/specs/openid-connect-basic-1_0.html#IDToken
Arguments:
access_token (:class:`AccessToken`): Associated OAuth2 access token.
nonce (str): Optional nonce to protect against replay attacks.
claims_request (dict): Optional dictionary with the claims request parameters.
Information on the `claims_request` parameter specification:
- http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
Returns an :class:`IDToken` instance with the scopes from the
access_token and the corresponding claims. Claims in the
`claims_request` paramater id_token section will be included *in
addition* to the ones corresponding to the scopes specified in the
`access_token`.
"""
handlers = HANDLERS["id_token"]
# Select only the relevant section of the claims request.
claims_request_section = claims_request.get("id_token", {}) if claims_request else {}
scope_request = provider.scope.to_names(access_token.scope)
if nonce:
claims_request_section.update({"nonce": {"value": nonce}})
scopes, claims = collect(handlers, access_token, scope_request=scope_request, claims_request=claims_request_section)
return IDToken(access_token, scopes, claims)
