def claims_ser(val, sformat="urlencoded", lev=0):
# everything in c_extension
if isinstance(val, str):
item = val
elif isinstance(val, list):
item = val[0]
else:
item = val
if isinstance(item, Message):
return item.serialize(method=sformat, lev=lev + 1)
if sformat == "urlencoded":
res = urlencode(item)
elif sformat == "json":
if lev:
res = item
else:
res = json.dumps(item)
elif sformat == "dict":
if isinstance(item, dict):
res = item
else:
raise MessageException("Wrong type: %s" % type(item))
else:
raise OidcMsgError("Unknown sformat: %s" % sformat, val)
return res
def backchannel_logout(client, request='', request_args=None):
"""
:param request: URL encoded logout request
:return:
"""
if request:
req = BackChannelLogoutRequest().from_urlencoded(as_unicode(request))
elif request_args:
req = BackChannelLogoutRequest(**request_args)
else:
raise MissingRequiredAttribute('logout_token')
_context = client.client_get("service_context")
kwargs = {
'aud':
client.get_client_id(),
'iss':
_context.get('issuer'),
'keyjar':
_context.keyjar,
'allowed_sign_alg':
_context.get('registration_response').get(
"id_token_signed_response_alg", "RS256")
}
logger.debug(f"(backchannel_logout) Verifying request using: {kwargs}")
try:
req.verify(**kwargs)
except (MessageException, ValueError, NotForMe) as err:
raise MessageException('Bogus logout request: {}'.format(err))
else:
logger.debug("Request verified OK")
# Find the subject through 'sid' or 'sub'
sub = req[verified_claim_name('logout_token')].get('sub')
sid = None
if not sub:
sid = req[verified_claim_name('logout_token')].get('sid')
if not sub and not sid:
raise MessageException('Neither "sid" nor "sub"')
elif sub:
_state = _context.state.get_state_by_sub(sub)
elif sid:
_state = _context.state.get_state_by_sid(sid)
return _state
def backchannel_logout(client, request='', request_args=None):
"""
:param request: URL encoded logout request
:return:
"""
if request:
req = BackChannelLogoutRequest().from_urlencoded(as_unicode(request))
else:
req = BackChannelLogoutRequest(**request_args)
kwargs = {
'aud':
client.service_context.get('client_id'),
'iss':
client.service_context.get('issuer'),
'keyjar':
client.service_context.keyjar,
'allowed_sign_alg':
client.service_context.get('registration_response').get(
"id_token_signed_response_alg", "RS256")
}
try:
req.verify(**kwargs)
except (MessageException, ValueError, NotForMe) as err:
raise MessageException('Bogus logout request: {}'.format(err))
# Find the subject through 'sid' or 'sub'
try:
sub = req[verified_claim_name('logout_token')]['sub']
except KeyError:
try:
sid = req[verified_claim_name('logout_token')]['sid']
except KeyError:
raise MessageException('Neither "sid" nor "sub"')
else:
_state = client.session_interface.get_state_by_sid(sid)
else:
_state = client.session_interface.get_state_by_sub(sub)
return _state
def msg_ser_json(inst, sformat="json", lev=0):
# sformat = "json" always except when dict
if lev:
sformat = "dict"
if sformat == "dict":
if isinstance(inst, Message):
res = inst.serialize(sformat, lev)
elif isinstance(inst, dict):
res = inst
else:
raise MessageException("Wrong type: %s" % type(inst))
else:
sformat = "json"
if isinstance(inst, dict):
res = json.dumps(inst)
elif isinstance(inst, Message):
res = inst.serialize(sformat, lev)
else:
res = inst
return res
def link_ser(inst, sformat, lev=0):
if sformat in ["urlencoded", "json"]:
if isinstance(inst, dict):
if sformat == "json":
res = json.dumps(inst)
else:
res = urlencode([(k, v) for k, v in inst.items()])
elif isinstance(inst, Link):
res = inst.serialize(sformat, lev)
else:
res = inst
elif sformat == "dict":
if isinstance(inst, Link):
res = inst.serialize(sformat, lev)
elif isinstance(inst, dict):
res = inst
elif isinstance(inst, str): # Iff ID Token
res = inst
else:
raise MessageException("Wrong type: %s" % type(inst))
else:
raise OidcMsgError("Unknown sformat", inst)
return res