def encode_response(self, request, response, audience=None):
"""Encode the response to the request as a JSON Web Token."""
jwt_payload = {
"iss": self.node.id,
"aud": request["iss"] if audience is None else audience,
"iat": datetime.utcnow(),
"exp": datetime.utcnow() + timedelta(seconds=60),
"response": response
}
if "sub" in request:
jwt_payload["sub"] = request["sub"]
# Create a JSON Web Token signed using the authorization server's private key.
return encode_jwt(jwt_payload, self.node.node_name)
def register_node_external(self):
"""Register node attributes for external authorization"""
# FIXME: should this include certificate exchange?
payload = {
"iss": self.node.id,
"aud": self.node.authorization.authz_server_id,
"iat": datetime.utcnow(),
"exp": datetime.utcnow() + timedelta(seconds=60),
"attributes": self.node.attributes.get_indexed_public_with_keys()
}
# Create a JSON Web Token signed using the node's Elliptic Curve private key.
jwt_request = encode_jwt(payload, self.node.node_name)
# Send registration request to authorization server.
self.node.proto.authorization_register(self.node.authorization.authz_server_id,
CalvinCB(self._register_node_external_cb),
jwt_request)
