def help(): # Issues authorization code client_id = request.args.get('client_id', None) redirect_uri = request.args.get('redirect_uri', None) response_type = request.args.get('response_type', None) scope = request.args.get('scope', None) shebang = request.args.get('shebang', 0) _auth = Auth(client_id) if len(_auth._get_client()) == 0: return process_error('invalid_request') # First verify redirect_uri if not _auth.verify_redirect_uri(redirect_uri): return process_error('invalid_request') if scope is None or _auth.verify_scope(scope) is False: return process_error('invalid_scope', redirect_uri=redirect_uri, shebang=shebang) if not _auth.verify_response_type(response_type): return process_error('invalid_request', redirect_uri=redirect_uri, shebang=shebang) return render_template('help.html', client_name=_auth.client.get('name', 'Unknown'), client_scope=scope, client_id=client_id, redirect_uri=redirect_uri, response_type=response_type, shebang=shebang)
def oidc_proxy_chain(): """ The main entry point for OIDC Just check, build a state parameter then redirect; proxy chain :return: """ # Parse input client_id = request.args.get('client_id', None) redirect_uri = request.args.get('redirect_uri', None) response_type = request.args.get('response_type', None) scope = request.args.get('scope', None) shebang = request.args.get('shebang', 0) if None in [client_id, redirect_uri, response_type]: return process_error('invalid_request', redirect_uri=redirect_uri, shebang=shebang) # Instantiate auth _auth = Auth(client_id) if len(_auth._get_client()) == 0: return process_error('invalid_request') # First verify redirect_uri if not _auth.verify_redirect_uri(redirect_uri): return process_error('invalid_request') if scope is None or _auth.verify_scope(scope) is False: return process_error('invalid_scope', redirect_uri=redirect_uri, shebang=shebang) if not _auth.verify_response_type(response_type): return process_error('invalid_request', redirect_uri=redirect_uri, shebang=shebang) _state = generate_state(request.args) # NIF OIDC params params = { 'client_id': CLIENT_ID, 'redirect_uri': '{}/{}'.format(SERVER_BASE_URL, SERVER_PROXY_SIGNING), 'state': _state, 'response_type': 'code', 'scope': 'openid roles web-origins' } nif_bp_url = '{}/protocol/openid-connect/auth'.format(CLIENT_BASE_URL) return redirect(process_redirect_uri(nif_bp_url, params), code=302)