rtype = set(areq["response_type"][:]) if "code" in areq["response_type"]: _code = aresp["code"] = _sinfo["code"] rtype.remove("code") else: self.sdb[scode]["code"] = None _code = None if "token" in areq["response_type"]: _dic = self.sdb.update_to_token(issue_refresh=False, key=scode) _log_debug("_dic: %s" % _dic) for key, val in _dic.items(): if key in aresp.parameters() and val is not None: aresp[key] = val rtype.remove("token") try: _access_token = aresp["access_token"] except KeyError: _access_token = None if "id_token" in areq["response_type"]: try: idtoken_claims = areq["request"]["id_token"]["claims"] user_info = self._collect_user_info(_sinfo) except KeyError: user_info = None
def authz_part2(self, user, areq, sid, **kwargs): """ After the authentication this is where you should end up """ _log_debug = logger.debug _log_debug("- in authenticated() -") # Do the authorization try: info = OpenIDSchema(**self._collect_user_info(self.sdb[sid])) permission = self.authz(user) self.sdb.update(sid, "permission", permission) except Exception: raise _log_debug("response type: %s" % areq["response_type"]) # create the response aresp = AuthorizationResponse() try: aresp["state"] = areq["state"] except KeyError: pass if "response_type" in areq and \ len(areq["response_type"]) == 1 and \ "none" in areq["response_type"]: pass else: if self.sdb.is_revoked(sid): return self._error(error="access_denied", descr="Token is revoked") _sinfo = self.sdb[sid] try: aresp["scope"] = areq["scope"] except KeyError: pass _log_debug("_dic: %s" % _sinfo) rtype = set(areq["response_type"][:]) if "code" in areq["response_type"]: #if issue_new_code: # scode = self.sdb.duplicate(_sinfo) # _sinfo = self.sdb[scode] _code = aresp["code"] = _sinfo["code"] rtype.remove("code") else: self.sdb[sid]["code"] = None _code = None if "token" in rtype: _dic = self.sdb.update_to_token(issue_refresh=False, key=sid) _log_debug("_dic: %s" % _dic) for key, val in _dic.items(): if key in aresp.parameters() and val is not None: aresp[key] = val rtype.remove("token") try: _access_token = aresp["access_token"] except KeyError: _access_token = None if "id_token" in areq["response_type"]: user_info = self.userinfo_in_id_token_claims(_sinfo) client_info = self.cdb[areq["client_id"]] id_token = self.sign_encrypt_id_token( _sinfo, client_info, areq, code=_code, access_token=_access_token, user_info=user_info) aresp["id_token"] = id_token _sinfo["id_token"] = id_token rtype.remove("id_token") if len(rtype): return BadRequest("Unknown response type") try: redirect_uri = self.get_redirect_uri(areq) except (RedirectURIError, ParameterError), err: return BadRequest("%s" % err)