def construct(self, cis, request_args=None, http_args=None, **kwargs): """ :param cis: Request class instance :param request_args: Request arguments :param http_args: HTTP arguments :return: dictionary of HTTP arguments """ if http_args is None: http_args = {} try: passwd = kwargs["password"] except KeyError: try: passwd = http_args["password"] except KeyError: try: passwd = cis["client_secret"] except KeyError: passwd = self.cli.client_secret try: user = kwargs["user"] except KeyError: user = self.cli.client_id if "headers" not in http_args: http_args["headers"] = {} http_args["headers"]["Authorization"] = "Basic {}".format( b64e_enc_dec("{}:{}".format(user, passwd), "utf-8", "utf-8") ) try: del cis["client_secret"] except KeyError: pass if cis and not cis.c_param["client_id"][VREQUIRED]: try: del cis["client_id"] except KeyError: pass return http_args
def sign_json(self, keys=None, headers=None, flatten=False): """ Produce JWS using the JWS JSON Serialization :param keys: list of keys to use for signing the JWS :param headers: list of tuples (protected headers, unprotected headers) for each signature :return: """ def create_signature(protected, unprotected): protected_headers = protected or {} # always protect the signing alg header protected_headers.setdefault("alg", self.alg) _jws = JWS(self.msg, **protected_headers) encoded_header, payload, signature = _jws.sign_compact( protected=protected, keys=keys).split(".") signature_entry = {"signature": signature} if unprotected: signature_entry["header"] = unprotected if encoded_header: signature_entry["protected"] = encoded_header return signature_entry res = {"payload": b64e_enc_dec(self.msg, "utf-8", "ascii")} if headers is None: headers = [(dict(alg=self.alg), None)] if flatten and len( headers) == 1: # Flattened JWS JSON Serialization Syntax signature_entry = create_signature(*headers[0]) res.update(signature_entry) else: res["signatures"] = [] for protected, unprotected in headers: signature_entry = create_signature(protected, unprotected) res["signatures"].append(signature_entry) return json.dumps(res)
# register at the AS reg_info = _uma_client.construct_RegistrationRequest( request_args=_uma_client.registration_info) reg_resp = authzsrv.oauth_registration_endpoint(reg_info.to_json()) reginfo = RegistrationResponse().from_json(reg_resp.message) _uma_client.store_registration_info(reginfo) # Get a RPT from the AS using the issued client credentials using HTTP Basic # auth # (OIDC 'client_secret_basic') combined with the user id of the Requesting Party # as authentication and the ticket received in (3). authn = "Basic {}".format( b64e_enc_dec( "{}:{}".format(_uma_client.client_id, _uma_client.client_secret), "ascii", "ascii")) rqp_claims = b64e_enc_dec(json.dumps({"uid": REQUESTOR}), "utf-8", "ascii") request = RPTRequest( grant_type=RQP_CLAIMS_GRANT_TYPE, ticket=ticket, claim_tokens=[ClaimToken(format="json", token=rqp_claims)]) resp = authzsrv.rpt_token_endpoint(authn=authn, request=request.to_json()) rtr = RPTResponse().from_json(resp.message) _uma_client.token[REQUESTOR] = {} _uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
# register at the AS reg_info = _uma_client.construct_RegistrationRequest( request_args=_uma_client.registration_info) reg_resp = authzsrv.oauth_registration_endpoint(reg_info.to_json()) reginfo = RegistrationResponse().from_json(reg_resp.message) _uma_client.store_registration_info(reginfo) # Get a RPT from the AS using the issued client credentials using HTTP Basic # auth # (OIDC 'client_secret_basic') combined with the user id of the Requesting Party # as authentication and the ticket received in (3). authn = "Basic {}".format( b64e_enc_dec("{}:{}".format(client.client_id, client.client_secret), "ascii", "ascii")) rqp_claims = b64e_enc_dec(json.dumps({"uid": REQUESTOR}), "utf-8", "ascii") request = RPTRequest(grant_type=RQP_CLAIMS_GRANT_TYPE, ticket=ticket, claim_tokens=[ClaimToken(format="json", token=rqp_claims)]) resp = authzsrv.rpt_token_endpoint(authn=authn, request=request.to_json()) rtr = RPTResponse().from_json(resp.message) _uma_client.token[REQUESTOR] = {} _uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"] # Introspection of the RPT