def create_user_session(region=''): if region is '': region = cli_setup.prompt_for_region() # try to set up http server so we can fail early if the required port is in use try: server_address = ('', BOOTSTRAP_SERVICE_PORT) httpd = StoppableHttpServer(server_address, StoppableHttpRequestHandler) except OSError as e: if e.errno == errno.EADDRINUSE: click.echo("Could not complete bootstrap process because port {port} is already in use.".format( port=BOOTSTRAP_SERVICE_PORT) ) sys.exit(1) raise e # create new key pair # this key pair is used to get the initial token and also uploaded as a new API key for the user private_key = cli_util.generate_key() public_key = private_key.public_key() fingerprint = cli_setup.public_key_to_fingerprint(public_key) key = cli_util.to_jwk(public_key) jwk_content = key bytes_jwk_content = jwk_content.encode('UTF-8') b64_jwk_content = base64.urlsafe_b64encode(bytes_jwk_content).decode('UTF-8') public_key_jwk = b64_jwk_content query = { 'action': 'login', 'client_id': 'iaas_console', 'response_type': 'token id_token', 'nonce': uuid.uuid4(), 'scope': 'openid', 'public_key': public_key_jwk, 'redirect_uri': 'http://localhost:{}'.format(BOOTSTRAP_SERVICE_PORT) } if "-gov-" in region: console_url = CONSOLE_AUTH_GOV_URL_FORMAT.format(region=region) else: console_url = CONSOLE_AUTH_URL_FORMAT.format(region=region) query_string = urlencode(query) url = "{console_auth_url}?{query_string}".format( console_auth_url=console_url, query_string=query_string ) # attempt to open browser to console log in page try: if webbrowser.open_new(url): click.echo(' Please switch to newly opened browser window to log in!') else: click.echo(' Open the following URL in a web browser window to continue:') click.echo('%s' % url) except webbrowser.Error as e: click.echo('Could not launch web browser to complete login process, exiting bootstrap command. Error: {exc_info}.'.format( exc_info=str(e) )) sys.exit(1) # start up http server which will handle capturing auth redirect from console token = httpd.serve_forever() click.echo(' Completed browser authentication process!') # get user / tenant info out of token token_data = jwt.decode(token, verify=False) user_ocid = token_data['sub'] tenancy_ocid = token_data['tenant'] return UserSession(user_ocid, tenancy_ocid, region, token, public_key, private_key, fingerprint)
def __init__(self, session_key_supplier, security_token): self.security_token = security_token self.session_key_supplier = session_key_supplier self.jwt = jwt.decode(jwt=security_token, verify=False)