def provider_features(self, pcr_class=ASConfigurationResponse, provider_config=None): """ Specifies what the server capabilities are. :param pcr_class: :return: ProviderConfigurationResponse instance """ _provider_info = pcr_class(**CAPABILITIES) _scopes = list(SCOPE2CLAIMS.keys()) _provider_info["scopes_supported"] = _scopes sign_algs = list(jws.SIGNER_ALGS.keys()) # Remove 'none' for token_endpoint_auth_signing_alg_values_supported # since it is not allowed sign_algs = sign_algs[:] sign_algs.remove('none') _provider_info[ "token_endpoint_auth_signing_alg_values_supported"] = sign_algs if provider_config: _provider_info.update(provider_config) return _provider_info
def provider_features(self, pcr_class=ProviderConfigurationResponse): """ Specifies what the server capabilities are. :param pcr_class: :return: ProviderConfigurationResponse instance """ _provider_info = pcr_class(**CAPABILITIES) _claims = [] for _cl in SCOPE2CLAIMS.values(): _claims.extend(_cl) _provider_info["claims_supported"] = list(set(_claims)) _scopes = list(SCOPE2CLAIMS.keys()) _scopes.append("openid") _provider_info["scopes_supported"] = _scopes sign_algs = list(jws.SIGNER_ALGS.keys()) for typ in ["userinfo", "id_token", "request_object"]: _provider_info["%s_signing_alg_values_supported" % typ] = sign_algs # Remove 'none' for token_endpoint_auth_signing_alg_values_supported # since it is not allowed sign_algs = sign_algs[:] sign_algs.remove("none") _provider_info["token_endpoint_auth_signing_alg_values_supported"] = sign_algs algs = jwe.SUPPORTED["alg"] for typ in ["userinfo", "id_token", "request_object"]: _provider_info["%s_encryption_alg_values_supported" % typ] = algs encs = jwe.SUPPORTED["enc"] for typ in ["userinfo", "id_token", "request_object"]: _provider_info["%s_encryption_enc_values_supported" % typ] = encs # acr_values if self.authn_broker: acr_values = self.authn_broker.getAcrValuesString() if acr_values is not None: _provider_info["acr_values_supported"] = acr_values return _provider_info
def create_providerinfo(self, pcr_class=ProviderConfigurationResponse): _response = pcr_class( issuer=self.baseurl, token_endpoint_auth_methods_supported=[ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt"], scopes_supported=["openid"], response_types_supported=["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"], subject_types_supported=["public", "pairwise"], grant_types_supported=[ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer"], claim_types_supported=["normal", "aggregated", "distributed"], claims_supported=SCOPE2CLAIMS.keys(), claims_parameter_supported="true", request_parameter_supported="true", request_uri_parameter_supported="true", ) sign_algs = jws.SIGNER_ALGS.keys() for typ in ["userinfo", "id_token", "request_object", "token_endpoint_auth"]: _response["%s_signing_alg_values_supported" % typ] = sign_algs algs = jwe.SUPPORTED["alg"] for typ in ["userinfo", "id_token", "request_object"]: _response["%s_encryption_alg_values_supported" % typ] = algs encs = jwe.SUPPORTED["enc"] for typ in ["userinfo", "id_token", "request_object"]: _response["%s_encryption_enc_values_supported" % typ] = encs if not self.baseurl.endswith("/"): self.baseurl += "/" #keys = self.keyjar.keys_by_owner(owner=".") if self.jwks_uri and self.keyjar: _response["jwks_uri"] = self.jwks_uri #acr_values if self.authn_broker: acr_values = self.authn_broker.getAcrValuesString() if acr_values is not None: _response["acr_values_supported"] = acr_values for endp in self.endp: #_log_info("# %s, %s" % (endp, endp.name)) _response[endp(None).name] = "%s%s" % (self.baseurl, endp.etype) return _response
from oic.oic.message import SCOPE2CLAIMS ISSUER = "https://server.example.com" ENDPOINTS = ["authorization_endpoint", "token_endpoint", "userinfo_endpoint", "refresh_session_endpoint", #"check_session_endpoint", "end_session_endpoint", "registration_endpoint"] info = { "issuer": "%s" % ISSUER, "token_endpoint_auth_types_supported": ["client_secret_basic", "private_key_jwt"], "jwk_url": "https://server.example.com/jwk.json", "scopes_supported": SCOPE2CLAIMS.keys(), "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"], "acrs_supported": ["1","2"], "user_id_types_supported": ["public", "pairwise"], "userinfo_algs_supported": SIGNER_ALGS.keys(), "id_token_algs_supported": SIGNER_ALGS.keys(), "request_object_algs_supported": SIGNER_ALGS.keys() } for end in ENDPOINTS: info[end] = "%s/%s" % (ISSUER, end) print json.dumps(info)
def providerinfo_endpoint(self, handle="", **kwargs): _log_debug = logger.debug _log_info = logger.info _log_info("@providerinfo_endpoint") try: _response = ProviderConfigurationResponse( issuer=self.baseurl, token_endpoint_auth_methods_supported=[ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt"], scopes_supported=["openid"], response_types_supported=["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"], subject_types_supported=["public", "pairwise"], grant_types_supported=[ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer"], claim_types_supported=["normal", "aggregated", "distributed"], claims_supported=SCOPE2CLAIMS.keys(), claims_parameter_supported="true", request_parameter_supported="true", request_uri_parameter_supported="true", #request_object_algs_supported=["HS256"] ) sign_algs = jws.SIGNER_ALGS.keys() for typ in ["userinfo", "id_token", "request_object", "token_endpoint_auth"]: _response["%s_signing_alg_values_supported" % typ] = sign_algs algs = jwe.SUPPORTED["alg"] for typ in ["userinfo", "id_token", "request_object"]: _response["%s_encryption_alg_values_supported" % typ] = algs encs = jwe.SUPPORTED["enc"] for typ in ["userinfo", "id_token", "request_object"]: _response["%s_encryption_enc_values_supported" % typ] = encs if not self.baseurl.endswith("/"): self.baseurl += "/" #keys = self.keyjar.keys_by_owner(owner=".") if self.jwks_uri: _response["jwks_uri"] = self.jwks_uri #_log_info("endpoints: %s" % self.endpoints) for endp in self.endpoints: #_log_info("# %s, %s" % (endp, endp.name)) _response[endp.name] = "%s%s" % (self.baseurl, endp.etype) _log_info("provider_info_response: %s" % (_response.to_dict(),)) headers = [("Cache-Control", "no-store"), ("x-ffo", "bar")] if handle: (key, timestamp) = handle if key.startswith(STR) and key.endswith(STR): cookie = self.cookie_func(key, self.cookie_name, "pinfo", self.sso_ttl) headers.append(cookie) resp = Response(_response.to_json(), content="application/json", headers=headers) except Exception, err: message = traceback.format_exception(*sys.exc_info()) logger.error(message) resp = Response(message, content="html/text")
"userinfo_endpoint", "refresh_session_endpoint", #"check_session_endpoint", "end_session_endpoint", "registration_endpoint" ] info = { "issuer": "%s" % ISSUER, "token_endpoint_auth_types_supported": ["client_secret_basic", "private_key_jwt"], "jwk_url": "https://server.example.com/jwk.json", "scopes_supported": SCOPE2CLAIMS.keys(), "response_types_supported": [ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ], "acrs_supported": ["1", "2"], "user_id_types_supported": ["public", "pairwise"], "userinfo_algs_supported": SIGNER_ALGS.keys(), "id_token_algs_supported": SIGNER_ALGS.keys(), "request_object_algs_supported": SIGNER_ALGS.keys() } for end in ENDPOINTS: