def assertion_jwt(cli, keys, audience, algorithm): _now = utc_now() at = AuthnToken(iss=cli.client_id, sub=cli.client_id, aud=audience, jti=rndstr(8), exp=_now + 600, iat=_now) return at.to_jwt(key=keys, algorithm=algorithm)
def assertion_jwt(cli, keys, audience, algorithm, lifetime=600): _now = utc_time_sans_frac() at = AuthnToken(iss=cli.client_id, sub=cli.client_id, aud=audience, jti=rndstr(32), exp=_now + lifetime, iat=_now) return at.to_jwt(key=keys, algorithm=algorithm)
def assertion_jwt(cli, keys, audience, algorithm, lifetime=600): _now = utc_time_sans_frac() at = AuthnToken(iss=cli.client_id, sub=cli.client_id, aud=audience, jti=rndstr(16), exp=_now + lifetime, iat=_now) return at.to_jwt(key=keys, algorithm=algorithm)
def assertion_jwt(cli, keys, audience, algorithm): _now = time.time() at = AuthnToken(iss=cli.client_id, sub=cli.client_id, aud=audience, jti=rndstr(8), exp=_now + 600, iat=_now) return at.to_jwt(key=keys, algorithm=algorithm)
def verify(self, areq, **kwargs): try: try: argv = {'sender': areq['client_id']} except KeyError: argv = {} bjwt = AuthnToken().from_jwt(areq["client_assertion"], keyjar=self.cli.keyjar, **argv) except (Invalid, MissingKey) as err: logger.info("%s" % sanitize(err)) raise AuthnFailure("Could not verify client_assertion.") logger.debug("authntoken: %s" % sanitize(bjwt.to_dict())) areq['parsed_client_assertion'] = bjwt # logger.debug("known clients: %s" % sanitize(self.cli.cdb.keys())) try: cid = kwargs["client_id"] except KeyError: cid = bjwt["iss"] try: # There might not be a client_id in the request assert str(cid) in self.cli.cdb # It's a client I know except KeyError: pass # aud can be a string or a list _aud = bjwt["aud"] logger.debug("audience: %s, baseurl: %s" % (_aud, self.cli.baseurl)) # figure out authn method if alg2keytype(bjwt.jws_header['alg']) == 'oct': # Symmetric key authn_method = 'client_secret_jwt' else: authn_method = 'private_key_jwt' try: if isinstance(_aud, six.string_types): assert str(_aud).startswith(self.cli.baseurl) else: for target in _aud: if target.startswith(self.cli.baseurl): return cid, authn_method raise NotForMe("Not for me!") except AssertionError: raise NotForMe("Not for me!") return cid, authn_method
def verify(self, areq, **kwargs): try: try: argv = {"sender": areq["client_id"]} except KeyError: argv = {} bjwt = AuthnToken().from_jwt(areq["client_assertion"], keyjar=self.cli.keyjar, **argv) except (Invalid, MissingKey) as err: logger.info("%s" % sanitize(err)) raise AuthnFailure("Could not verify client_assertion.") logger.debug("authntoken: %s" % sanitize(bjwt.to_dict())) areq["parsed_client_assertion"] = bjwt # logger.debug("known clients: %s" % sanitize(self.cli.cdb.keys())) try: cid = kwargs["client_id"] except KeyError: cid = bjwt["iss"] try: # There might not be a client_id in the request assert str(cid) in self.cli.cdb # It's a client I know except KeyError: pass # aud can be a string or a list _aud = bjwt["aud"] logger.debug("audience: %s, baseurl: %s" % (_aud, self.cli.baseurl)) # figure out authn method if alg2keytype(bjwt.jws_header["alg"]) == "oct": # Symmetric key authn_method = "client_secret_jwt" else: authn_method = "private_key_jwt" try: if isinstance(_aud, six.string_types): assert str(_aud).startswith(self.cli.baseurl) else: for target in _aud: if target.startswith(self.cli.baseurl): return cid, authn_method raise NotForMe("Not for me!") except AssertionError: raise NotForMe("Not for me!") return cid, authn_method
def verify(self, areq, **kwargs): try: bjwt = AuthnToken().from_jwt(areq["client_assertion"], keyjar=self.cli.keyjar) except (Invalid, MissingKey), err: logger.info("%s" % err) return False
def verify(self, areq, **kwargs): try: bjwt = AuthnToken().from_jwt(areq["client_assertion"], keyjar=self.cli.keyjar) except (Invalid, MissingKey), err: logger.info("%s" % err) raise AuthnFailure("Could not verify client_assertion.")
def verify(self, areq, **kwargs): try: bjwt = AuthnToken().from_jwt(areq["client_assertion"], keyjar=self.cli.keyjar) except (Invalid, MissingKey) as err: logger.info("%s" % err) raise AuthnFailure("Could not verify client_assertion.") logger.debug("authntoken: %s" % bjwt.to_dict()) # logger.debug("known clients: %s" % self.cli.cdb.keys()) try: cid = kwargs["client_id"] except KeyError: cid = bjwt["iss"] try: # There might not be a client_id in the request assert str(cid) in self.cli.cdb # It's a client I know except KeyError: pass # aud can be a string or a list _aud = bjwt["aud"] logger.debug("audience: %s, baseurl: %s" % (_aud, self.cli.baseurl)) try: if isinstance(_aud, six.string_types): assert str(_aud).startswith(self.cli.baseurl) else: for target in _aud: if target.startswith(self.cli.baseurl): return cid raise NotForMe("Not for me!") except AssertionError: raise NotForMe("Not for me!") return cid