def update_config(conf, tool_params): # provider_info and registration_response dicts = {'tool': conf['tool']} _prof = conf['tool']['profile'] _spec = from_profile(conf['tool']['profile']) _spec['return_type'] = abbr_return_type(_spec['return_type']) del dicts['tool']['profile'] dicts['tool'].update(_spec) for item in tool_params: if item == 'profile': continue if item not in dicts['tool']: dicts['tool'][item] = '' multi = {'tool': ['acr_values', 'claims_locales', 'ui_locales']} for typ in ['provider_info', 'registration_response']: multi[typ] = multi_value(typ) try: dicts[typ] = conf['client'][typ] except KeyError: try: dicts[typ] = update(typ, conf[typ]) except KeyError: pass state = { 'tool': {'immutable': ['issuer', 'tag', 'register', 'discover', 'webfinger'], 'required': ['return_type', 'contact_email']}} notes = '' if _spec['webfinger']: state['tool']['required'].extend(['webfinger_email', 'webfinger_url']) notes = ("If <i>webfinger</i> is True then one of " "<i>webfinger_email</i> and <i>webfinger_url</i> " "<b>MUST</b> have a value.") if 'registration_response' in dicts: state['registration_response'] = { 'immutable': ['redirect_uris'], 'required': ['client_id', 'client_secret']} if 'provider_info' in dicts: _req = ['authorization_endpoint', 'jwks_uri', 'response_types_supported', 'subject_types_supported', 'id_token_signing_alg_values_supported'] state['provider_info'] = {'immutable': ['issuer']} if return_type(_prof) not in ['I', 'IT']: _req.append('token_endpoint') state['provider_info']['required'] = _req return dicts, state, multi, notes
def update_config(conf, tool_params): # provider_info and registration_response dicts = {'tool': conf['tool']} _prof = conf['tool']['profile'] _spec = from_profile(conf['tool']['profile']) _spec['return_type'] = abbr_return_type(_spec['return_type']) del dicts['tool']['profile'] dicts['tool'].update(_spec) for item in tool_params: if item == 'profile': continue if item not in dicts['tool']: dicts['tool'][item] = '' multi = {'tool': ['acr_values', 'claims_locales', 'ui_locales']} for typ in ['provider_info', 'registration_response']: multi[typ] = multi_value(typ) try: dicts[typ] = conf['client'][typ] except KeyError: try: dicts[typ] = update(typ, conf[typ]) except KeyError: pass state = { 'tool': {'immutable': ['issuer', 'tag', 'register', 'discover', 'webfinger'], 'required': ['return_type', 'contact_email']}} notes = '' if _spec['webfinger']: state['tool']['required'].extend(['webfinger_email', 'webfinger_url']) notes = ("If <i>webfinger</i> is True then one of " "<i>webfinger_email</i> and <i>webfinger_url</i> " "<b>MUST</b> have a value.") if 'registration_response' in dicts: state['registration_response'] = { 'immutable': ['redirect_uris'], 'required': ['client_id', 'client_secret']} if 'provider_info' in dicts: _req = ['authorization_endpoint', 'jwks_uri', 'response_types_supported', 'subject_types_supported', 'id_token_signing_alg_values_supported'] state['provider_info'] = {'immutable': ['issuer']} if return_type(_prof) not in ['I', 'IT']: _req.append('token_endpoint') state['provider_info']['required'] = _req return dicts, state, multi, notes
def update_instance(self, *parts): resp = Response(mako_template="instance.mako", template_lookup=self.lookup, headers=[]) lp = [unquote_plus(p) for p in parts] qp = [quote_plus(p) for p in lp] format, _conf = self.rest.read_conf(qp[0], qp[1]) # provider_info and registration_response dicts = {'tool': _conf['tool']} for item in tool_conf: if item not in dicts['tool']: dicts['tool'][item] = '' for typ in ['provider_info', 'registration_response']: try: dicts[typ] = _conf['client'][typ] except KeyError: try: dicts[typ] = update(typ, _conf[typ]) except KeyError: pass state = {'immutable': {}, 'required': {}} if 'registration_response' in dicts: state['registration_response'] = { 'immutable': ['redirect_uris'], 'required': ['client_id', 'client_secret'] } if 'provider_info': state['provider_info'] = { 'immutable': ['issuer'], 'required': [ 'authorization_endpoint', 'jwks_uri', 'response_types_supported', 'subject_types_supported', 'id_token_signing_alg_values_supported' ] } if return_type(_conf['tool']['profile']) not in ['I', 'IT']: state['provider_info']['required'].append('token_endpoint') arg = { 'base': '', 'iss': qp[0], 'tag': qp[1], 'dicts': dicts, 'state': state } return resp(self.environ, self.start_response, **arg)
def set_essential_arg_claim(oper, args): """ Context: AsyncAuthn Action: Specify an essential claim. Whether it should be placed in the id_token or returned together with the user info depends on the profile used. Example: "set_essential_arg_claim": "name" :param args: A claim """ if return_type(oper.tool_conf['profile']) == 'I': oper.req_args["claims"] = {"id_token": {args: {"essential": True}}} else: oper.req_args["claims"] = {"userinfo": {args: {"essential": True}}}
def set_essential_arg_claim(oper, args): """ Context: AsyncAuthn Action: Specify an essential claim. Whether it should be placed in the id_token or returned together with the user info depends on the profile used. Example: "set_essential_arg_claim": "name" :param args: A claim """ if return_type(oper.tool_conf['profile']) == 'I': oper.req_args["claims"] = {"id_token": {args: {"essential": True}}} else: oper.req_args["claims"] = {"userinfo": {args: {"essential": True}}}
def update_instance(self, *parts): resp = Response(mako_template="instance.mako", template_lookup=self.lookup, headers=[]) lp = [unquote_plus(p) for p in parts] qp = [quote_plus(p) for p in lp] format, _conf = self.rest.read_conf(qp[0], qp[1]) # provider_info and registration_response dicts = {'tool': _conf['tool']} for item in tool_conf: if item not in dicts['tool']: dicts['tool'][item] = '' for typ in ['provider_info', 'registration_response']: try: dicts[typ] = _conf['client'][typ] except KeyError: try: dicts[typ] = update(typ, _conf[typ]) except KeyError: pass state = {'immutable': {}, 'required': {}} if 'registration_response' in dicts: state['registration_response'] = { 'immutable': ['redirect_uris'], 'required': ['client_id', 'client_secret']} if 'provider_info': state['provider_info'] = { 'immutable': ['issuer'], 'required': ['authorization_endpoint', 'jwks_uri', 'response_types_supported', 'subject_types_supported', 'id_token_signing_alg_values_supported'] } if return_type(_conf['tool']['profile']) not in ['I', 'IT']: state['provider_info']['required'].append('token_endpoint') arg = {'base': '', 'iss': qp[0], 'tag': qp[1], 'dicts': dicts, 'state': state} return resp(self.environ, self.start_response, **arg)