コード例 #1
0
def oidc():
    """ handler for the oidc call back of the app """
    print("oidc()")
    #  print(request.form)

    if "error" in request.form:
        print("ERROR: {0}, MESSAGE: {1}".format(
            request.form["error"], request.form["error_description"]))

    if session["state"] == request.form["state"]:
        oidc_code = request.form["code"]
        #  print("oidc_code: {0}".format(oidc_code))
        okta_auth = OktaAuth(okta_config)
        oauth_token = okta_auth.get_oauth_token(
            code=oidc_code,
            grant_type="authorization_code",
            auth_options={
                "client_id": okta_config["client_id"],
                "client_secret": okta_config["client_secret"],
            })
        #  print("oauth_token: {0}".format(json.dumps(oauth_token, indent=4, sort_keys=True)))
        app_landing_page_url = okta_config["app_base_url"]
        response = make_response(redirect(app_landing_page_url))
        response.set_cookie('token', oauth_token["access_token"])
        response.set_cookie('id_token', oauth_token["id_token"])
    else:
        print("FAILED TO MATCH STATE!!!")
        response = make_response(redirect("/"))

    session.pop("state", None)

    # return response
    print(response)
    return response
コード例 #2
0
def oidc_callback_handler():
    """ handler for the oidc call back of the app """
    logger.debug("oidc_callback_handler()")
    response = None
    logger.debug(request.form)
    has_app_level_mfa_policy = False

    if "code" in request.form:
        oidc_code = request.form["code"]
        okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
        oauth_token = okta_auth.get_oauth_token(
            code=oidc_code,
            grant_type="authorization_code",
            auth_options={
                "client_id":
                session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"],
                "client_secret":
                session[SESSION_INSTANCE_SETTINGS_KEY]["client_secret"],
            })
        logger.debug("oauth_token: {0}".format(
            json.dumps(oauth_token, indent=4, sort_keys=True)))
        app_landing_page_url = get_post_login_landing_page_url()

        response = make_response(redirect(app_landing_page_url))

        okta_token_cookie = TokenUtil.create_encoded_okta_token_cookie(
            oauth_token["access_token"], oauth_token["id_token"])
        # logger.debug("okta_token_cookie: {0}".format(okta_token_cookie))

        response.set_cookie(TokenUtil.OKTA_TOKEN_COOKIE_KEY, okta_token_cookie)
    elif "error" in request.form:
        # This is in the case there is an Okta App level MFA policy
        logger.error("ERROR: {0}, MESSAGE: {1}".format(
            request.form["error"], request.form["error_description"]))
        if ("The client specified not to prompt, but the client app requires re-authentication or MFA."
                == request.form["error_description"]):
            has_app_level_mfa_policy = True

        # Error occured with Accessing the app instance
        if has_app_level_mfa_policy:
            error_message = "Failed to Authenticate.  Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}".format(
                request.form["error"], request.form["error_description"])
            response = gvalidation_bp_error(error_message)
        else:
            error_message = "Failed to Authenticate.  Check to make sure the user has access to the application. Error: {0} - {1}".format(
                request.form["error"], request.form["error_description"])

            response = gvalidation_bp_error(error_message)
    else:
        # catch all error
        response = gvalidation_bp_error(
            "Failed to Authenticate.  Check to make sure the user has access to the application."
        )

    return response
コード例 #3
0
ファイル: views.py プロジェクト: bhanchand/pp
def oidc():
    """ handler for the oidc call back of the app """
    print("oidc()")
    response = None
    print(request.form)
    has_app_level_mfa_policy = False

    if "error" in request.form:
        print("ERROR: {0}, MESSAGE: {1}".format(
            request.form["error"], request.form["error_description"]))
        if ("The client specified not to prompt, but the client app requires re-authentication or MFA."
                == request.form["error_description"]):
            has_app_level_mfa_policy = True

    # if session["state"] == request.form["state"]:
    if "code" in request.form:
        oidc_code = request.form["code"]
        #  print("oidc_code: {0}".format(oidc_code))
        okta_auth = OktaAuth(session)
        oauth_token = okta_auth.get_oauth_token(
            code=oidc_code,
            grant_type="authorization_code",
            auth_options={
                "client_id": session["client_id"],
                "client_secret": session["client_secret"],
            })
        print("oauth_token: {0}".format(
            json.dumps(oauth_token, indent=4, sort_keys=True)))
        app_landing_page_url = session["app_base_url"]
        print("app landing page {0}".format(app_landing_page_url))

        response = make_response(redirect(app_landing_page_url))
        response.set_cookie('token', oauth_token["access_token"])
        response.set_cookie('id_token', oauth_token["id_token"])
    elif "error" in request.form:
        # Error occured with Accessing the patient portal

        if has_app_level_mfa_policy:
            response = make_response(
                render_template(
                    "error.html",
                    site_config=session,
                    error_message=
                    "Failed to Authenticate.  Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}"
                    .format(request.form["error"],
                            request.form["error_description"])))
        else:
            response = make_response(
                render_template(
                    "error.html",
                    site_config=session,
                    error_message=
                    "Failed to Authenticate.  Check to make sure the user has patient access to the application. Error: {0} - {1}"
                    .format(request.form["error"],
                            request.form["error_description"])))
    else:
        # catch all error
        response = make_response(
            render_template(
                "error.html",
                site_config=session,
                error_message=
                "Failed to Authenticate.  Check to make sure the user has access to the application."
            ))

    session.pop("state", None)

    return response