def __init__(self,
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey=None,
urlmap=None,
iv=0,
default_scope="",
ca_bundle=None,
seed=b"",
client_authn_methods=None,
authn_at_registration="",
client_info_url="",
secret_lifetime=86400,
jwks_uri='',
keyjar=None,
capabilities=None,
verify_ssl=True,
baseurl='',
hostname='',
config=None,
behavior=None,
lifetime_policy=None,
**kwargs):
if not name.endswith("/"):
name += "/"
try:
args = {'server_cls': kwargs['server_cls']}
except KeyError:
args = {}
provider.Provider.__init__(self, name, sdb, cdb, authn_broker, authz,
client_authn, symkey, urlmap, iv,
default_scope, ca_bundle, **args)
self.endp.extend([
RegistrationEndpoint, ClientInfoEndpoint, RevocationEndpoint,
IntrospectionEndpoint
])
# dictionary of client authentication methods
self.client_authn_methods = client_authn_methods
if authn_at_registration:
if authn_at_registration not in client_authn_methods:
raise UnknownAuthnMethod(authn_at_registration)
self.authn_at_registration = authn_at_registration
self.seed = seed
self.client_info_url = client_info_url
self.secret_lifetime = secret_lifetime
self.jwks_uri = jwks_uri
self.verify_ssl = verify_ssl
try:
self.scopes = kwargs['scopes']
except KeyError:
self.scopes = ['offline_access']
self.keyjar = keyjar
if self.keyjar is None:
self.keyjar = KeyJar(verify_ssl=self.verify_ssl)
if capabilities:
self.capabilities = self.provider_features(
provider_config=capabilities)
else:
self.capabilities = self.provider_features()
self.baseurl = baseurl or name
self.hostname = hostname or socket.gethostname()
self.kid = {"sig": {}, "enc": {}}
self.config = config or {}
self.behavior = behavior or {}
self.token_policy = {'access_token': {}, 'refresh_token': {}}
if lifetime_policy is None:
self.lifetime_policy = {
'access_token': {
'code': 600,
'token': 120,
'implicit': 120,
'authorization_code': 600,
'client_credentials': 600,
'password': 600
},
'refresh_token': {
'code': 3600,
'token': 3600,
'implicit': 3600,
'authorization_code': 3600,
'client_credentials': 3600,
'password': 3600
}
}
else:
self.lifetime_policy = lifetime_policy
self.token_handler = TokenHandler(self.baseurl,
self.token_policy,
keyjar=self.keyjar)
def __init__(
self,
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey=None,
urlmap=None,
iv=0,
default_scope="",
ca_bundle=None,
seed=b"",
client_authn_methods=None,
authn_at_registration="",
client_info_url="",
secret_lifetime=86400,
jwks_uri="",
keyjar=None,
capabilities=None,
verify_ssl=True,
baseurl="",
hostname="",
config=None,
behavior=None,
lifetime_policy=None,
message_factory=ExtensionMessageFactory,
**kwargs
):
if not name.endswith("/"):
name += "/"
try:
args = {"server_cls": kwargs["server_cls"]}
except KeyError:
args = {}
super().__init__(
name,
sdb,
cdb,
authn_broker,
authz,
client_authn,
symkey,
urlmap,
iv,
default_scope,
ca_bundle,
message_factory=message_factory,
**args
)
self.endp.extend(
[
RegistrationEndpoint,
ClientInfoEndpoint,
RevocationEndpoint,
IntrospectionEndpoint,
]
)
# dictionary of client authentication methods
self.client_authn_methods = client_authn_methods
if authn_at_registration:
if authn_at_registration not in client_authn_methods:
raise UnknownAuthnMethod(authn_at_registration)
self.authn_at_registration = authn_at_registration
self.seed = seed
self.client_info_url = client_info_url
self.secret_lifetime = secret_lifetime
self.jwks_uri = jwks_uri
self.verify_ssl = verify_ssl
self.scopes.extend(kwargs.get("scopes", []))
self.keyjar = keyjar
if self.keyjar is None:
self.keyjar = KeyJar(verify_ssl=self.verify_ssl)
if capabilities:
self.capabilities = self.provider_features(provider_config=capabilities)
else:
self.capabilities = self.provider_features()
self.baseurl = baseurl or name
self.hostname = hostname or socket.gethostname()
self.kid = {"sig": {}, "enc": {}} # type: Dict[str, Dict[str, str]]
self.config = config or {}
self.behavior = behavior or {}
self.token_policy = {
"access_token": {},
"refresh_token": {},
} # type: Dict[str, Dict[str, str]]
if lifetime_policy is None:
self.lifetime_policy = {
"access_token": {
"code": 600,
"token": 120,
"implicit": 120,
"authorization_code": 600,
"client_credentials": 600,
"password": 600,
},
"refresh_token": {
"code": 3600,
"token": 3600,
"implicit": 3600,
"authorization_code": 3600,
"client_credentials": 3600,
"password": 3600,
},
}
else:
self.lifetime_policy = lifetime_policy
self.token_handler = TokenHandler(
self.baseurl, self.token_policy, keyjar=self.keyjar
)
