def encode_response(self, request, response, audience=None): """Encode the response to the request as a JSON Web Token.""" jwt_payload = { "iss": self.node.id, "aud": request["iss"] if audience is None else audience, "iat": datetime.utcnow(), "exp": datetime.utcnow() + timedelta(seconds=60), "response": response } if "sub" in request: jwt_payload["sub"] = request["sub"] # Create a JSON Web Token signed using the authorization server's private key. return encode_jwt(jwt_payload, self.node.node_name)
def register_node_external(self): """Register node attributes for external authorization""" # FIXME: should this include certificate exchange? payload = { "iss": self.node.id, "aud": self.node.authorization.authz_server_id, "iat": datetime.utcnow(), "exp": datetime.utcnow() + timedelta(seconds=60), "attributes": self.node.attributes.get_indexed_public_with_keys() } # Create a JSON Web Token signed using the node's Elliptic Curve private key. jwt_request = encode_jwt(payload, self.node.node_name) # Send registration request to authorization server. self.node.proto.authorization_register(self.node.authorization.authz_server_id, CalvinCB(self._register_node_external_cb), jwt_request)