def oidc_callback_handler():
""" handler for the oidc call back of the app """
logger.debug("oidc_callback_handler()")
response = None
logger.debug(request.form)
has_app_level_mfa_policy = False
if "code" in request.form:
oidc_code = request.form["code"]
okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
oauth_token = okta_auth.get_oauth_token(
code=oidc_code,
grant_type="authorization_code",
auth_options={
"client_id":
session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"],
"client_secret":
session[SESSION_INSTANCE_SETTINGS_KEY]["client_secret"],
})
logger.debug("oauth_token: {0}".format(
json.dumps(oauth_token, indent=4, sort_keys=True)))
app_landing_page_url = get_post_login_landing_page_url()
response = make_response(redirect(app_landing_page_url))
okta_token_cookie = TokenUtil.create_encoded_okta_token_cookie(
oauth_token["access_token"], oauth_token["id_token"])
# logger.debug("okta_token_cookie: {0}".format(okta_token_cookie))
response.set_cookie(TokenUtil.OKTA_TOKEN_COOKIE_KEY, okta_token_cookie)
elif "error" in request.form:
# This is in the case there is an Okta App level MFA policy
logger.error("ERROR: {0}, MESSAGE: {1}".format(
request.form["error"], request.form["error_description"]))
if ("The client specified not to prompt, but the client app requires re-authentication or MFA."
== request.form["error_description"]):
has_app_level_mfa_policy = True
# Error occured with Accessing the app instance
if has_app_level_mfa_policy:
error_message = "Failed to Authenticate. Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}".format(
request.form["error"], request.form["error_description"])
response = gvalidation_bp_error(error_message)
else:
error_message = "Failed to Authenticate. Check to make sure the user has access to the application. Error: {0} - {1}".format(
request.form["error"], request.form["error_description"])
response = gvalidation_bp_error(error_message)
else:
# catch all error
response = gvalidation_bp_error(
"Failed to Authenticate. Check to make sure the user has access to the application."
)
return response
def streamingservice_callback():
""" handler for the oidc call back of the app """
logger.debug("streamingservice_callback()")
response = None
has_app_level_mfa_policy = False
client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][
"app_deviceflow_clientid"]
client_secret = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][
"app_deviceflow_clientsecret"]
if "code" in request.form:
oidc_code = request.form["code"]
oidc_state = request.form["state"]
okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
oauth_token = get_oauth_token_from_login(
code=oidc_code,
grant_type="authorization_code",
auth_options={
"client_id": client_id,
"client_secret": client_secret,
})
url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate?state={0}".format(
oidc_state)
headers = {
"x-api-key":
session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sparkpost_api_key"],
}
s3response = RestUtil.execute_get(url, headers=headers)
url = "https://sngfyrr4b2.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicetoken"
headers = {
"x-api-key":
session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sparkpost_api_key"],
}
body = {
"device_code": s3response["device_code"],
"device_id": s3response["device_id"],
"access_token": oauth_token["access_token"],
"id_token": oauth_token['id_token'],
"refresh_token": oauth_token['refresh_token']
}
RestUtil.execute_post(url, body, headers=headers)
user = okta_auth.introspect_with_clientid(oauth_token['id_token'],
client_id=client_id,
client_secret=client_secret,
token_type_hint="idtoken")
responseurl = url_for(
"streamingservice_views_bp.streamingservice_device_complete",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
responseurl = responseurl + "?device_id={0}&user_id={1}".format(
s3response["device_id"], user["sub"])
response = redirect(responseurl)
elif "error" in request.form:
# This is in the case there is an Okta App level MFA policy
logger.error("ERROR: {0}, MESSAGE: {1}".format(
request.form["error"], request.form["error_description"]))
if ("The client specified not to prompt, but the client app requires re-authentication or MFA."
== request.form["error_description"]):
has_app_level_mfa_policy = True
# Error occured with Accessing the app instance
if has_app_level_mfa_policy:
error_message = "Failed to Authenticate. Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}".format(
request.form["error"], request.form["error_description"])
response = gvalidation_bp_error(error_message)
else:
error_message = "Failed to Authenticate. Check to make sure the user has access to the application. Error: {0} - {1}".format(
request.form["error"], request.form["error_description"])
response = gvalidation_bp_error(error_message)
else:
# catch all error
response = gvalidation_bp_error(
"Failed to Authenticate. Check to make sure the user has access to the application."
)
return response