def get_oauth_authorize_url(okta_session_token=None, prompt=None): logger.debug("get_oauth_authorize_url()") okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) auth_options = { "response_mode": "form_post", "scope": "openid profile email" } if prompt is not None: auth_options["prompt"] = prompt if "state" not in session: session["oidc_state"] = str(uuid.uuid4()) else: session["oidc_state"] = session["state"] if okta_session_token: auth_options["sessionToken"] = okta_session_token oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["oidc_state"], auth_options=auth_options) return oauth_authorize_url
def profile_bp(): logger.debug("profile_bp_profile()") if request.args.get('refreshtoken') == 'true': okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) auth_options = { "response_mode": "form_post", "prompt": "none", "scope": "openid profile email" } session["oidc_state"] = str(uuid.uuid4()) session[FROM_URI_KEY] = request.url.replace( "http://", "{0}://".format(session[SESSION_INSTANCE_SETTINGS_KEY] ["app_scheme"])) + "profile" oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["oidc_state"], auth_options=auth_options) return redirect(oauth_authorize_url) else: return render_template( "/profile.html", templatename=get_app_vertical(), id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token(request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def get_oauth_authorize_url(okta_session_token=None): print("get_oauth_authorize_url()") okta_auth = OktaAuth(session) auth_options = { "response_mode": "form_post", "prompt": "none", "scope": "openid profile email" } if "state" not in session: session["state"] = str(uuid.uuid4()) if okta_session_token: auth_options["sessionToken"] = okta_session_token oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["state"], auth_options=auth_options) return oauth_authorize_url
def login(): """ Handle either full form post redirect or a json response with redirect url """ print("login()") auth_response = {"success": False} login_form_data = request.get_json() okta_auth = OktaAuth(okta_config) # print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True))) authn_json_response = okta_auth.authenticate( username=login_form_data["username"], password=login_form_data["password"], headers=request.headers) # print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True))) if "sessionToken" in authn_json_response: session["state"] = str(uuid.uuid4()) oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["state"], auth_options={ "response_mode": "form_post", "prompt": "none", "scope": "openid", "sessionToken": authn_json_response["sessionToken"], }) auth_response["redirectUrl"] = oauth_authorize_url auth_response["success"] = True # return make_response(redirect(oauth_authorize_url)) else: auth_response["errorMessage"] = "Login Unsuccessful: {0}".format( authn_json_response["errorSummary"]) return json.dumps(auth_response)
def create_login_response(user_name, password, session): print("create_login_response()") auth_response = {"success": False} okta_auth = OktaAuth(session) okta_admin = OktaAdmin(session) # print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True))) authn_json_response = okta_auth.authenticate( username=session["login_id_prefix"] + user_name, password=password, headers=request.headers) # print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True))) if "sessionToken" in authn_json_response: # Added to fix issue where users pre exsist but are not assigned to the patient portal app as a patient # Look up if user is in this app/subdomain # TODO: Clean this up to use Terraform setting or Group Rule user_id = authn_json_response["_embedded"]["user"]["id"] #print("user_id: {0}".format(user_id)) # Look up Patient group for this app/subdomain patient_group_name = "{0}_{1}_patient".format(session["udp_subdomain"], session["demo_app_name"]) print("patient_group_name: {0}".format(patient_group_name)) patient_groups = okta_admin.get_groups_by_name(patient_group_name) has_patient_group = False if len(patient_groups) != 0: patient_group = okta_admin.get_groups_by_name( patient_group_name)[0] #print("patient_group: {0}".format(json.dumps(patient_group, indent=4, sort_keys=True))) user_groups = okta_admin.get_user_groups(user_id) #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True))) for group in user_groups: if patient_group["id"] == group["id"]: has_patient_group = True break if not has_patient_group: # Assign User to group group_assignment_response = okta_admin.assign_user_to_group( patient_group["id"], user_id) #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True))) session["state"] = str(uuid.uuid4()) oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["state"], auth_options={ "response_mode": "form_post", "prompt": "none", "scope": "openid profile email", "sessionToken": authn_json_response["sessionToken"], }) auth_response["redirectUrl"] = oauth_authorize_url auth_response["success"] = True auth_response["status"] = "SUCCESS" # print("oauth_authorize_url: {0}".format(oauth_authorize_url)) elif "errorSummary" in authn_json_response: auth_response["errorMessage"] = "Login Unsuccessful: {0}".format( authn_json_response["errorSummary"]) else: # pass the message down for further processing like MFA auth_response = authn_json_response return auth_response