def decorated_function(*args, **kws):
""" Decorator fucntion to make endpoint authorization checks easier for read only scopes defined in Okta """
print("authorize_read_access()")
authorization_header = None
has_access = False
# If
if "Authorization" in request.headers:
authorization_header = request.headers["Authorization"]
authorization_token = authorization_header.replace(
"Bearer ", "") # Just get the access toke for introspection
okta_util = OktaUtil(request.headers, config.okta)
introspection_response = okta_util.introspect_oauth_token(
authorization_token)
# print "introspection_response: {0}".format(json.dumps(introspection_response, indent=4, sort_keys=True))
if "active" in introspection_response:
if introspection_response["scope"] == "read_only":
has_access = True
# print "authorization_header: {0}".format(authorization_header)
if has_access:
return f(*args, **kws)
else:
print("Unauthorized")
json_response = {"status": "failed"}
return json.dumps(json_response,
default=default_date_to_string_converter)
def is_logged_in():
print "is_logged_in()"
result = False
okta_util = OktaUtil(request.headers, config.okta)
# first check there is a token
if("token" in request.cookies):
token = request.cookies["token"]
if token != "" and token != "NO_TOKEN":
# introspect token
introspection_results_json = okta_util.introspect_oauth_token(token)
if("active" in introspection_results_json):
result = True
return result
def get_current_user_token():
print "get_current_user_token()"
user_results_json = None
okta_util = OktaUtil(request.headers, config.okta)
if ("token" in request.cookies):
introspection_results_json = okta_util.introspect_oauth_token(
request.cookies.get("token"))
if ("active" in introspection_results_json):
if (introspection_results_json["active"]):
print "Has active token"
user_results_json = {
"active": introspection_results_json["active"],
"username": introspection_results_json["username"],
"uid": introspection_results_json["uid"]
}
else:
print "Has inactive token"
else:
print "has inactive token error"
check_okta_session_url = okta_util.create_oidc_auth_code_url(
None, config.okta["oidc_client_id"],
config.okta["redirect_uri"])
user_results_json = {
"active": False,
"redirect_url": check_okta_session_url
}
else:
print "has no token"
check_okta_session_url = okta_util.create_oidc_auth_code_url(
None, config.okta["oidc_client_id"], config.okta["redirect_uri"])
user_results_json = {
"active": False,
"redirect_url": check_okta_session_url
}
if (not user_results_json):
print "has no token default"
user_results_json = {"active": False}
return user_results_json