def verify_client(inst, areq, authn, type_method=TYPE_METHOD):
"""
Guess authentication method and get client from that.
:param inst: Entity instance
:param areq: The request
:param authn: client authentication information
:return: tuple containing client id and client authentication method
"""
if authn: # HTTP Basic auth (client_secret_basic)
cid = get_client_id(inst.cdb, areq, authn)
auth_method = "client_secret_basic"
elif "client_secret" in areq: # client_secret_post
client_id = get_client_id(inst.cdb, areq, authn)
logger.debug("Verified Client ID: %s" % client_id)
cid = ClientSecretBasic(inst).verify(areq, client_id)
auth_method = "client_secret_post"
elif "client_assertion" in areq: # client_secret_jwt or private_key_jwt
check_key_availability(inst, areq["client_assertion"])
for typ, method in type_method:
if areq["client_assertion_type"] == typ:
cid, auth_method = method(inst).verify(areq)
break
else:
logger.error(
"UnknownAssertionType: {}".format(areq["client_assertion_type"])
)
raise UnknownAssertionType(areq["client_assertion_type"], areq)
else:
logger.error("Missing client authentication.")
raise FailedAuthentication("Missing client authentication.")
if isinstance(areq, AccessTokenRequest):
try:
_method = inst.cdb[cid]["token_endpoint_auth_method"]
except KeyError:
_method = "client_secret_basic"
if _method != auth_method:
logger.error(
"Wrong authentication method used: {} != {}".format(
auth_method, _method
)
)
raise FailedAuthentication("Wrong authentication method used")
# store which authn method was used where
try:
inst.cdb[cid]["auth_method"][areq.__class__.__name__] = auth_method
except KeyError:
try:
inst.cdb[cid]["auth_method"] = {areq.__class__.__name__: auth_method}
except KeyError:
pass
return cid
def verify_client(inst, areq, authn, type_method=TYPE_METHOD):
"""
Initiated Guessing !
:param areq: The request
:param authn: client authentication information
:return: tuple containing client id and client authentication method
"""
if authn: # HTTP Basic auth (client_secret_basic)
cid = get_client_id(inst.cdb, areq, authn)
auth_method = 'client_secret_basic'
elif "client_secret" in areq: # client_secret_post
client_id = get_client_id(inst.cdb, areq, authn)
logger.debug("Verified Client ID: %s" % client_id)
cid = ClientSecretBasic(inst).verify(areq, client_id)
auth_method = 'client_secret_post'
elif "client_assertion" in areq: # client_secret_jwt or private_key_jwt
for typ, method in type_method:
if areq["client_assertion_type"] == typ:
cid, auth_method = method(inst).verify(areq)
break
else:
raise UnknownAssertionType(areq["client_assertion_type"], areq)
else:
raise FailedAuthentication("Missing client authentication.")
if isinstance(areq, AccessTokenRequest):
try:
_method = inst.cdb[cid]['token_endpoint_auth_method']
except KeyError:
_method = 'client_secret_basic'
if _method != auth_method:
raise FailedAuthentication("Wrong authentication method used")
# store which authn method was used where
try:
inst.cdb[cid]['auth_method'][areq.__class__.__name__] = auth_method
except KeyError:
try:
inst.cdb[cid]['auth_method'] = {
areq.__class__.__name__: auth_method
}
except KeyError:
pass
return cid
def verify_client(inst, areq, authn, type_method=TYPE_METHOD):
"""
:param areq: The request
:param authn: client authentication information
:return:
"""
client_id = inst.get_client_id(areq, authn)
logger.debug("Verified Client ID: %s" % client_id)
if "client_secret" in areq: # client_secret_post/client_secret_basic
return ClientSecretBasic(inst).verify(areq, client_id)
elif "client_assertion" in areq: # client_secret_jwt or public_key_jwt
for typ, method in type_method:
if areq["client_assertion_type"] == typ:
return method(inst).verify(areq)
else:
raise UnknownAssertionType(areq["client_assertion_type"], areq)
else:
return client_id
def verify_client(inst, areq, authn, type_method=TYPE_METHOD):
"""
Initiated Guessing !
:param areq: The request
:param authn: client authentication information
:return:
"""
if authn: # HTTP Basic auth (client_secret_basic)
return get_client_id(inst.cdb, areq, authn)
elif "client_secret" in areq: # client_secret_post
client_id = get_client_id(inst.cdb, areq, authn)
logger.debug("Verified Client ID: %s" % client_id)
return ClientSecretBasic(inst).verify(areq, client_id)
elif "client_assertion" in areq: # client_secret_jwt or private_key_jwt
for typ, method in type_method:
if areq["client_assertion_type"] == typ:
return method(inst).verify(areq)
else:
raise UnknownAssertionType(areq["client_assertion_type"], areq)
else:
raise FailedAuthentication("Missing client authentication.")