def oidc(): """ handler for the oidc call back of the app """ print("oidc()") # print(request.form) if "error" in request.form: print("ERROR: {0}, MESSAGE: {1}".format( request.form["error"], request.form["error_description"])) if session["state"] == request.form["state"]: oidc_code = request.form["code"] # print("oidc_code: {0}".format(oidc_code)) okta_auth = OktaAuth(okta_config) oauth_token = okta_auth.get_oauth_token( code=oidc_code, grant_type="authorization_code", auth_options={ "client_id": okta_config["client_id"], "client_secret": okta_config["client_secret"], }) # print("oauth_token: {0}".format(json.dumps(oauth_token, indent=4, sort_keys=True))) app_landing_page_url = okta_config["app_base_url"] response = make_response(redirect(app_landing_page_url)) response.set_cookie('token', oauth_token["access_token"]) response.set_cookie('id_token', oauth_token["id_token"]) else: print("FAILED TO MATCH STATE!!!") response = make_response(redirect("/")) session.pop("state", None) # return response print(response) return response
def oidc_callback_handler(): """ handler for the oidc call back of the app """ logger.debug("oidc_callback_handler()") response = None logger.debug(request.form) has_app_level_mfa_policy = False if "code" in request.form: oidc_code = request.form["code"] okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) oauth_token = okta_auth.get_oauth_token( code=oidc_code, grant_type="authorization_code", auth_options={ "client_id": session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"], "client_secret": session[SESSION_INSTANCE_SETTINGS_KEY]["client_secret"], }) logger.debug("oauth_token: {0}".format( json.dumps(oauth_token, indent=4, sort_keys=True))) app_landing_page_url = get_post_login_landing_page_url() response = make_response(redirect(app_landing_page_url)) okta_token_cookie = TokenUtil.create_encoded_okta_token_cookie( oauth_token["access_token"], oauth_token["id_token"]) # logger.debug("okta_token_cookie: {0}".format(okta_token_cookie)) response.set_cookie(TokenUtil.OKTA_TOKEN_COOKIE_KEY, okta_token_cookie) elif "error" in request.form: # This is in the case there is an Okta App level MFA policy logger.error("ERROR: {0}, MESSAGE: {1}".format( request.form["error"], request.form["error_description"])) if ("The client specified not to prompt, but the client app requires re-authentication or MFA." == request.form["error_description"]): has_app_level_mfa_policy = True # Error occured with Accessing the app instance if has_app_level_mfa_policy: error_message = "Failed to Authenticate. Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}".format( request.form["error"], request.form["error_description"]) response = gvalidation_bp_error(error_message) else: error_message = "Failed to Authenticate. Check to make sure the user has access to the application. Error: {0} - {1}".format( request.form["error"], request.form["error_description"]) response = gvalidation_bp_error(error_message) else: # catch all error response = gvalidation_bp_error( "Failed to Authenticate. Check to make sure the user has access to the application." ) return response
def oidc(): """ handler for the oidc call back of the app """ print("oidc()") response = None print(request.form) has_app_level_mfa_policy = False if "error" in request.form: print("ERROR: {0}, MESSAGE: {1}".format( request.form["error"], request.form["error_description"])) if ("The client specified not to prompt, but the client app requires re-authentication or MFA." == request.form["error_description"]): has_app_level_mfa_policy = True # if session["state"] == request.form["state"]: if "code" in request.form: oidc_code = request.form["code"] # print("oidc_code: {0}".format(oidc_code)) okta_auth = OktaAuth(session) oauth_token = okta_auth.get_oauth_token( code=oidc_code, grant_type="authorization_code", auth_options={ "client_id": session["client_id"], "client_secret": session["client_secret"], }) print("oauth_token: {0}".format( json.dumps(oauth_token, indent=4, sort_keys=True))) app_landing_page_url = session["app_base_url"] print("app landing page {0}".format(app_landing_page_url)) response = make_response(redirect(app_landing_page_url)) response.set_cookie('token', oauth_token["access_token"]) response.set_cookie('id_token', oauth_token["id_token"]) elif "error" in request.form: # Error occured with Accessing the patient portal if has_app_level_mfa_policy: response = make_response( render_template( "error.html", site_config=session, error_message= "Failed to Authenticate. Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}" .format(request.form["error"], request.form["error_description"]))) else: response = make_response( render_template( "error.html", site_config=session, error_message= "Failed to Authenticate. Check to make sure the user has patient access to the application. Error: {0} - {1}" .format(request.form["error"], request.form["error_description"]))) else: # catch all error response = make_response( render_template( "error.html", site_config=session, error_message= "Failed to Authenticate. Check to make sure the user has access to the application." )) session.pop("state", None) return response