def streamingservice_device_validatecode(): logger.debug("streamingservice_device_validatecode()") url = "https://jl0tn0gk0e.execute-api.us-east-2.amazonaws.com/default/prd-zartan-deviceinformation?user_code=" + request.form["user_code"] headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"], } s3response = RestUtil.execute_get(url, headers=headers) if ("device_code" in s3response): logger.debug("Save Device State") state = str(uuid.uuid4()) session["device_state"] = state url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate" headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"], } body = { "device_code": s3response['device_code'], "device_id": s3response['device_id'], "state": state } RestUtil.execute_post(url, body, headers=headers) response = url_for( "streamingservice_views_bp.streamingservice_device_register", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"] ) else: response = "invalid" return response
def get_oauth_token_from_login(code, grant_type, auth_options=None, headers=None): logger.debug("OktaAuth.get_oauth_token()") okta_headers = OktaUtil.get_oauth_okta_headers(headers) redirect_url = url_for( "streamingservice_views_bp.streamingservice_callback", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) url = ("{issuer}/v1/token?" "grant_type={grant_type}&" "code={code}&" "redirect_uri={redirect_uri}").format( issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"], code=code, redirect_uri=redirect_url, grant_type=grant_type) body = {"authorization_code": code} if auth_options: for key in auth_options: url = "{url}&{key}={value}".format(url=url, key=key, value=auth_options[key]) return RestUtil.execute_post(url, body, okta_headers)
def get_oauth_token(self, code, grant_type, auth_options=None, headers=None): self.logger.debug("OktaAuth.get_oauth_token()") okta_headers = OktaUtil.get_oauth_okta_headers(headers) url = ("{issuer}/v1/token?" "grant_type={grant_type}&" "code={code}&" "redirect_uri={redirect_uri}").format( issuer=self.okta_config["issuer"], code=code, redirect_uri=self.okta_config["redirect_uri"], grant_type=grant_type) body = {"authorization_code": code} if auth_options: for key in auth_options: url = "{url}&{key}={value}".format(url=url, key=key, value=auth_options[key]) return RestUtil.execute_post(url, body, okta_headers)
def create_idp(self, idp): self.logger.debug("OktaAdmin.create_idp(idp)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/idps".format( base_url=self.okta_config["okta_org_name"]) self.logger.debug(idp) return RestUtil.execute_post(url, idp, okta_headers)
def gbac_idverification_getverificationcode(): logger.debug("gbac_idverification_bp") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) evidenttoken = "" basicauth = OktaUtil.get_encoded_auth("okta", "Ry4EZf8SyxKyStLK6BqxBBLXEW4SrIo6hc0m2rR3PoI") headers = { "Accept": "application/json", "Content-Type": "application/json", "Authorization": "Basic {0}".format(basicauth) } my_str = user["profile"]["email"] idx = my_str.index("@") email = my_str[:idx] + str(time.time()) + my_str[idx:] body = { "email": email, "templateId": "1ce55f4e-7bb2-4907-9643-dc61f1f04f4d" } response = RestUtil.execute_post(" https://verify.api.demo.evidentid.com/api/v1/verify/requests", headers=headers, body=body) evidenttoken = response["userIdentityToken"] user_data = {"profile": {get_udp_ns_fieldname("evident_id"): response["id"]}} okta_admin.update_user(user["id"], user_data) return evidenttoken
def send_mail_via_sendgrid(subject, message, recipients): Email.logger.debug("send_mail_via_sendgrid()") logging.debug(recipients) url = "https://api.sendgrid.com/v3/mail/send" headers = { "Authorization": "Bearer {apikey}".format( apikey=session[SESSION_INSTANCE_SETTINGS_KEY]["settings"] ["sendgrid_api_key"]), "Content-Type": "application/json" } body = { "personalizations": [{ "to": [{ "email": recipients[0]['address'] }] }], "from": { "email": "noreply@{domain}".format( domain=session[SESSION_INSTANCE_SETTINGS_KEY]["settings"] ["sendgrid_from_domain"]) }, "subject": subject, "content": [{ "type": "text/html", "value": message }] } return RestUtil.execute_post(url, body, headers=headers)
def send_mail_via_sparkpost(subject, message, recipients): Email.logger.debug("send_mail_via_sparkpost()") url = "https://api.sparkpost.com/api/v1/transmissions" headers = { "Authorization": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"] ["sparkpost_api_key"], "Content-Type": "application/json" } body = { "options": { "sandbox": False }, "content": { "from": "noreply@{domain}".format( domain=session[SESSION_INSTANCE_SETTINGS_KEY]["settings"] ["sparkpost_from_domain"]), "subject": subject, "html": message }, "recipients": recipients } return RestUtil.execute_post(url, body, headers=headers)
def get_oauth_token(self, code, grant_type, auth_options=None, headers=None): print("OktaAuth.get_oauth_token()") okta_headers = OktaUtil.get_oauth_okta_headers(headers) url = ("{host}/oauth2{auth_server}/v1/token?" "grant_type={grant_type}&" "code={code}&" "redirect_uri={redirect_uri}").format( host=self.okta_config["org_url"], auth_server=OktaUtil.get_authserver_id( self.okta_config["auth_server_id"]), code=code, redirect_uri=self.okta_config["redirect_uri"], grant_type=grant_type) body = {"authorization_code": code} if auth_options: for key in auth_options: url = "{url}&{key}={value}".format(url=url, key=key, value=auth_options[key]) return RestUtil.execute_post(url, body, okta_headers)
def userinfo(self, token, headers=None): self.logger.debug("OktaAuth.userinfo()") okta_headers = OktaUtil.get_oauth_okta_bearer_token_headers(headers, token) # self.logger.debug("okta_headers: {0}".format(okta_headers)) url = "{issuer}/v1/userinfo".format(issuer=self.okta_config["issuer"]) body = {} return RestUtil.execute_post(url, body, okta_headers)
def get_udp_oauth_access_token(udp_config): logger.debug("get_app_vertical()") results = None udp_issuer = udp_config["issuer"] udp_token_endpoint = "{issuer}/v1/token".format(issuer=udp_issuer) udp_oauth_client_id = udp_config["client_id"] udp_oauth_client_secret = udp_config["client_secret"] basic_auth_encoded = OktaUtil.get_encoded_auth(udp_oauth_client_id, udp_oauth_client_secret) oauth2_headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded", "Authorization": "Basic {0}".format(basic_auth_encoded) } # logger.debug(oauth2_headers) url = "{0}?grant_type=client_credentials&scope=secrets:read".format( udp_token_endpoint) responseData = RestUtil.execute_post(url, headers=oauth2_headers) # logger.debug(responseData) if "access_token" in responseData: results = responseData["access_token"] else: logger.warning( "Failed to get UDP Service OAuth token: {message}".format( message=responseData)) return results
def upload_idp_certificate(self, idp_cert): self.logger.debug("OktaAdmin.upload_idp_certificate(idp_cert)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/idps/credentials/keys".format( base_url=self.okta_config["okta_org_name"]) return RestUtil.execute_post(url, idp_cert, okta_headers)
def deactivate_idp(self, idp_id): self.logger.debug("OktaAdmin.deactivate_idp(idp_id)") # self.logger.debug("User profile: {0}".format(json.dumps(user))) okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/idps/{idp_id}/lifecycle/deactivate".format( base_url=self.okta_config["okta_org_name"], idp_id=idp_id) return RestUtil.execute_post(url, {}, okta_headers)
def create_user(self, user, activate_user=False): print("OktaAdmin.create_user(user)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/users?activate={activate_user}".format( base_url=self.okta_config["okta_org_name"], activate_user=activate_user) return RestUtil.execute_post(url, user, okta_headers)
def update_user(self, user_id, user): self.logger.debug("OktaAdmin.update_user()") # self.logger.debug("User profile: {0}".format(json.dumps(user))) okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/users/{user_id}".format( base_url=self.okta_config["okta_org_name"], user_id=user_id) return RestUtil.execute_post(url, user, okta_headers)
def reset_password_for_user(self, user_id): self.logger.debug("OktaAdmin.unsuspend_user(user_id)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/users/{user_id}/lifecycle/reset_password".format( base_url=self.okta_config["okta_org_name"], user_id=user_id) body = {} return RestUtil.execute_post(url, body, okta_headers)
def activate_push(self, factor_id, state_token, headers=None): self.logger.debug("activate_push()") okta_headers = OktaUtil.get_default_okta_headers(headers) url = "{0}/api/v1/authn/factors/{1}/lifecycle/activate".format( self.okta_config["okta_org_name"], factor_id) body = {"stateToken": state_token} return RestUtil.execute_post(url, body, okta_headers)
def poll_for_push(self, factor_id, state_token, headers=None): print("poll_for_push()") okta_headers = OktaUtil.get_default_okta_headers(headers) url = "{0}/api/v1/authn/factors/{1}/verify".format( self.okta_config["okta_org_name"], factor_id) body = {"stateToken": state_token} return RestUtil.execute_post(url, body, okta_headers)
def enroll_totp(self, user_id, factor_type, provider, headers=None): self.logger.debug("enroll_totp()") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{0}/api/v1/users/{1}/factors".format( self.okta_config["okta_org_name"], user_id) body = {"factorType": factor_type, "provider": provider} return RestUtil.execute_post(url, body, okta_headers)
def get_transaction_state(self, token, headers=None): self.logger.debug("OktaAuth.authenticate_with_activation_token()") url = "{host}/api/v1/authn".format( host=self.okta_config["okta_org_name"]) okta_headers = OktaUtil.get_default_okta_headers(self.okta_config) body = {"stateToken": token} return RestUtil.execute_post(url, body, okta_headers)
def resend_push(self, user_id, factor_id, headers=None): self.logger.debug("resend_push()") okta_headers = OktaUtil.get_default_okta_headers(headers) url = "{0}/api/v1/users/{1}/factors/{2}/lifecycle/activate".format( self.okta_config["okta_org_name"], user_id, factor_id) body = {} return RestUtil.execute_post(url, body, okta_headers)
def poll_for_enrollment_push(self, user_id, factor_id, headers=None): self.logger.debug("poll_for_enrollment_push()") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{0}/api/v1/users/{1}/factors/{2}/lifecycle/activate/poll".format( self.okta_config["okta_org_name"], user_id, factor_id) body = {} return RestUtil.execute_post(url, body, okta_headers)
def activate_totp(self, factor_id, state_token, pass_code, headers=None): print("enroll_totp()") okta_headers = OktaUtil.get_default_okta_headers(headers) url = "{0}/api/v1/authn/factors/{1}/lifecycle/activate".format( self.okta_config["okta_org_name"], factor_id) body = {"stateToken": state_token, "passCode": pass_code} return RestUtil.execute_post(url, body, okta_headers)
def authenticate_with_activation_token(self, token, headers=None): print("OktaAuth.authenticate_with_activation_token()") url = "{host}/api/v1/authn".format( host=self.okta_config["okta_org_name"]) okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) body = {"token": token} return RestUtil.execute_post(url, body, okta_headers)
def activate_totp(self, user_id, factor_id, pass_code, headers=None): self.logger.debug("verify_totp()") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{0}/api/v1/users/{1}/factors/{2}/lifecycle/activate".format( self.okta_config["okta_org_name"], user_id, factor_id) body = {"passCode": pass_code} return RestUtil.execute_post(url, body, okta_headers)
def reset_password_with_state_token(self, token, password, headers=None): self.logger.debug("OktaAuth.reset_password_with_state_token()") url = "{host}/api/v1/authn/credentials/reset_password".format( host=self.okta_config["okta_org_name"]) okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) body = {"stateToken": token, "newPassword": password} return RestUtil.execute_post(url, body, okta_headers)
def introspect_mfa(self, token, client_id): self.logger.debug("OktaAuth.introspect_mfa()") okta_headers = OktaUtil.get_introspect_mfa_okta_headers() url = "{baseurl}/oauth2/v1/introspect".format( baseurl=self.okta_config["okta_org_name"]) body = "&token={token}&client_id={client_id}&token_type_hint=id_token".format( token=token, client_id=client_id) return RestUtil.execute_post(url=url, body=body, headers=okta_headers)
def verify_answer(self, factor_id, state_token, answer, headers=None): self.logger.debug("verify_answer()") okta_headers = OktaUtil.get_default_okta_headers(headers) url = "{0}/api/v1/authn/factors/{1}/verify".format( self.okta_config["okta_org_name"], factor_id) body = {"stateToken": state_token, "answer": answer} return RestUtil.execute_post(url, body, okta_headers)
def introspect(self, token, headers=None): self.logger.debug("OktaAuth.introspect()") okta_headers = OktaUtil.get_oauth_okta_headers(headers, self.okta_config["client_id"], self.okta_config["client_secret"]) url = "{issuer}/v1/introspect?token={token}".format( issuer=self.okta_config["issuer"], token=token) body = {} return RestUtil.execute_post(url, body, okta_headers)
def userinfo(self, token, headers=None): print("OktaAuth.userinfo()") okta_headers = OktaUtil.get_oauth_okta_bearer_token_headers( headers, token) url = "{issuer}/v1/userinfo?token={token}".format( issuer=self.okta_config["issuer"], token=token) body = {} return RestUtil.execute_post(url, body, okta_headers)
def activate_user(self, user_id, send_email=True): self.logger.debug("OktaAdmin.activate_user(user_id)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/users/{user_id}/lifecycle/activate/?sendEmail={send_email}".format( base_url=self.okta_config["okta_org_name"], user_id=user_id, send_email=str(send_email).lower()) body = {} return RestUtil.execute_post(url, body, okta_headers)