Esempio n. 1
0
    def request_client_credential_sshagent(self, client_id=None, agent_keyname = None):
        """
        This is designed to support section 4.4 of the OAuth 2.0 spec:

        "The client can request an access token using only its client
         credentials (or other supported means of authentication) when the
         client is requesting access to the protected resources under its
         control"
        """
        body = 'grant_type=client_credentials'
        path = '/goauth/token'
        method = 'POST'
        url_parts = ('https', self.server, path, None, None)
        url = urlparse.urlunsplit(url_parts)
        # Handle options based on explicitly parameters - ignore implicit options based
        # on instance attributes
        if client_id is None:
            client_id = self.client
        if agent_keyname is None:
            agent_keyname = self.agent_keyname

        if agent_keyname and client_id:
            headers = sign_with_sshagent(self.agent_keys[agent_keyname],
                                         path,
                                         method,
                                         client_id,
                                         body=body)
            response = requests.post(url, data={'grant_type': 'client_credentials'}, headers=headers, verify=self.verify_ssl)
        else:
            raise Exception('Requires client_id and ssh agent_keyname as parameters or as part of initial config to authenticate credential request')
        return response.json()
Esempio n. 2
0
 def sshagent_get_request_token(self, username, client_id, keyname):
     query_params = {"response_type": "code", "client_id": client_id}
     query_params = urllib.urlencode(query_params)
     path = '/goauth/authorize'
     method = 'GET'
     headers = sign_with_sshagent(self.agent_keys[keyname],
                                  path,
                                  method,
                                  username,
                                  query=query_params)
     url_parts = ('https', self.server, '/goauth/authorize', query_params,
                  None)
     url = urlparse.urlunsplit(url_parts)
     response = requests.get(url, headers=headers, verify=self.verify_ssl)
     return response.json()
Esempio n. 3
0
 def sshagent_get_request_token(self, username, client_id, keyname):
     query_params = {
             "response_type": "code",
             "client_id": client_id
             }
     query_params = urllib.urlencode(query_params)
     path = '/goauth/authorize'
     method = 'GET'
     headers = sign_with_sshagent(self.agent_keys[keyname],
             path,
             method,
             username,
             query=query_params)
     url_parts = ('https', self.server, '/goauth/authorize', query_params, None)
     url = urlparse.urlunsplit(url_parts)
     response = requests.get(url, headers=headers, verify=self.verify_ssl)
     return response.json()
Esempio n. 4
0
    def request_client_credential_sshagent(self,
                                           client_id=None,
                                           agent_keyname=None):
        """
        This is designed to support section 4.4 of the OAuth 2.0 spec:

        "The client can request an access token using only its client
         credentials (or other supported means of authentication) when the
         client is requesting access to the protected resources under its
         control"
        """
        body = 'grant_type=client_credentials'
        path = '/goauth/token'
        method = 'POST'
        url_parts = ('https', self.server, path, None, None)
        url = urlparse.urlunsplit(url_parts)
        # Handle options based on explicitly parameters - ignore implicit options based
        # on instance attributes
        if client_id is None:
            client_id = self.client
        if agent_keyname is None:
            agent_keyname = self.agent_keyname

        if agent_keyname and client_id:
            headers = sign_with_sshagent(self.agent_keys[agent_keyname],
                                         path,
                                         method,
                                         client_id,
                                         body=body)
            response = requests.post(url,
                                     data={'grant_type': 'client_credentials'},
                                     headers=headers,
                                     verify=self.verify_ssl)
        else:
            raise Exception(
                'Requires client_id and ssh agent_keyname as parameters or as part of initial config to authenticate credential request'
            )
        return response.json()