def __init__(self, *, azure_tenancy_id: str, azure_application_id: str, azure_client_application_ids: List[str], azure_jwks: Optional[dict] = None): """ :type azure_tenancy_id: str :param azure_tenancy_id: Azure Active Directory tenancy ID :type azure_application_id: str :param azure_application_id: ID of the Azure Active Directory application registration representing this app :type azure_client_application_ids: List[str] :param azure_client_application_ids: IDs of Azure Active Directory application registrations representing clients of this app :type azure_jwks: Optional[dict] :param azure_jwks: trusted JWKs formatted as a JSON Web Key Set """ super().__init__() self.azure_tenancy_id = azure_tenancy_id self.azure_application_id = azure_application_id self.azure_client_application_ids = azure_client_application_ids self.jwks = azure_jwks self.validator = AzureTokenValidator( azure_tenancy_id=self.azure_tenancy_id, azure_application_id=self.azure_application_id, azure_client_application_ids=self.azure_client_application_ids, azure_jwks=self.jwks) self.register_token_validator(self.validator)
def init_app(self, app: App): """ Initialises extension using settings from the Flask application :type app: App :param app: Flask application """ self.azure_tenancy_id = app.config["AZURE_OAUTH_TENANCY"] self.azure_application_id = app.config["AZURE_OAUTH_APPLICATION_ID"] self.azure_client_application_ids = None self.jwks = self._get_jwks() try: self.azure_client_application_ids = app.config[ "AZURE_OAUTH_CLIENT_APPLICATION_IDS"] if isinstance(self.azure_client_application_ids, list): if len(self.azure_client_application_ids) == 0: self.azure_client_application_ids = None except KeyError: pass self.validator = AzureTokenValidator( azure_tenancy_id=self.azure_tenancy_id, azure_application_id=self.azure_application_id, azure_client_application_ids=self.azure_client_application_ids, azure_jwks=self.jwks, ) self.register_token_validator(self.validator)
def use_restored_jwks(self) -> None: """ Replaces the token validator with a version where the JSON Web Key Set is unaltered and working """ self.deregister_token_validator(self.validator) token_validator = AzureTokenValidator( azure_tenancy_id=self.azure_tenancy_id, azure_application_id=self.azure_application_id, azure_client_application_ids=self.azure_client_application_ids, azure_jwks=self.jwks) self.register_token_validator(token_validator)
def use_null_jwks(self) -> None: """ Replaces the token validator with a version where the JSON Web Key Set is empty """ self.deregister_token_validator(self.validator) token_validator = AzureTokenValidator( azure_tenancy_id=self.azure_tenancy_id, azure_application_id=self.azure_application_id, azure_client_application_ids=self.azure_client_application_ids, azure_jwks=TestJwk(null_jwks=True).jwks()) self.register_token_validator(token_validator)
def use_replaced_jwks(self) -> None: """ Replaces the token validator with a version where the JSON Web Key Set has been replaced but uses the same KID """ self.deregister_token_validator(self.validator) previous_kid = self.jwks['keys'][0]['kid'] token_validator = AzureTokenValidator( azure_tenancy_id=self.azure_tenancy_id, azure_application_id=self.azure_application_id, azure_client_application_ids=self.azure_client_application_ids, azure_jwks=TestJwk(kid=previous_kid).jwks()) self.register_token_validator(token_validator)
def use_broken_jwks(self) -> None: """ Replaces the token validator with a version where the JSON Web Key Set contains a broken JWK (missing key type) """ self.deregister_token_validator(self.validator) broken_jwks = self.jwks del broken_jwks['keys'][0]['kty'] token_validator = AzureTokenValidator( azure_tenancy_id=self.azure_tenancy_id, azure_application_id=self.azure_application_id, azure_client_application_ids=self.azure_client_application_ids, azure_jwks=broken_jwks) self.register_token_validator(token_validator)
def init_app(self, app: App): """ Initialises extension using settings from the Flask application :type app: App :param app: Flask application """ self.azure_tenancy_id = app.config["AZURE_OAUTH_TENANCY"] self.azure_application_id = app.config["AZURE_OAUTH_APPLICATION_ID"] self.azure_client_application_ids = app.config[ "AZURE_OAUTH_CLIENT_APPLICATION_IDS"] self.jwks = self._get_jwks(app=app) self.validator = AzureTokenValidator( azure_tenancy_id=self.azure_tenancy_id, azure_application_id=self.azure_application_id, azure_client_application_ids=self.azure_client_application_ids, azure_jwks=self.jwks, ) self.register_token_validator(self.validator)