def _parse_id_token(self, request, token, claims_options=None): """Return an instance of UserInfo from token's ``id_token``.""" if 'id_token' not in token: return None def load_key(header, payload): jwk_set = self._fetch_jwk_set() try: return jwk.loads(jwk_set, header.get('kid')) except ValueError: # re-try with new jwk set jwk_set = self._fetch_jwk_set(force=True) return jwk.loads(jwk_set, header.get('kid')) nonce = self._get_session_data(request, 'nonce') claims_params = dict( nonce=nonce, client_id=self.client_id, ) if 'access_token' in token: claims_params['access_token'] = token['access_token'] claims_cls = CodeIDToken else: claims_cls = ImplicitIDToken metadata = self._load_server_metadata() if claims_options is None and 'issuer' in metadata: claims_options = {'iss': {'values': [metadata['issuer']]}} alg_values = metadata.get('id_token_signing_alg_values_supported') if not alg_values: alg_values = ['RS256'] jwt = JsonWebToken(alg_values) claims = jwt.decode( token['id_token'], key=load_key, claims_cls=claims_cls, claims_options=claims_options, claims_params=claims_params, ) claims.validate(leeway=120) return UserInfo(claims)
async def _parse_id_token(self, token, nonce, claims_options=None): """Return an instance of UserInfo from token's ``id_token``.""" claims_params = dict( nonce=nonce, client_id=self.client_id, ) if 'access_token' in token: claims_params['access_token'] = token['access_token'] claims_cls = CodeIDToken else: claims_cls = ImplicitIDToken metadata = await self.load_server_metadata() if claims_options is None and 'issuer' in metadata: claims_options = {'iss': {'values': [metadata['issuer']]}} alg_values = metadata.get('id_token_signing_alg_values_supported') if not alg_values: alg_values = ['RS256'] jwt = JsonWebToken(alg_values) jwk_set = await self._fetch_jwk_set() try: claims = jwt.decode( token['id_token'], key=JsonWebKey.import_key_set(jwk_set), claims_cls=claims_cls, claims_options=claims_options, claims_params=claims_params, ) except ValueError: jwk_set = await self._fetch_jwk_set(force=True) claims = jwt.decode( token['id_token'], key=JsonWebKey.import_key_set(jwk_set), claims_cls=claims_cls, claims_options=claims_options, claims_params=claims_params, ) claims.validate(leeway=120) return UserInfo(claims)
async def _fetch_userinfo(self, token: Token) -> UserInfo: """Fetch user information from the ``userinfo_endpoint``. Args: token: the token given by the ``token_endpoint``. Must include an ``access_token`` field. Returns: UserInfo: an object representing the user. """ metadata = await self.load_metadata() resp = await self._http_client.get_json( metadata["userinfo_endpoint"], headers={ "Authorization": ["Bearer {}".format(token["access_token"])] }, ) return UserInfo(resp)
def test_authorization_callback_success(mocker, client_without_db): client = client_without_db mocker.patch("app.auth.routes.oauth.google.authorize_access_token") mocker.patch("app.auth.routes.oauth.google.parse_id_token") query = mocker.patch("data.models.user.User.query") oauth.google.authorize_access_token.return_value = { "access_token": "TOKEN" } oauth.google.parse_id_token.return_value = UserInfo(regular_user_info()) query.filter_by.one_or_none.return_value = True resp = client.get("/auth/authorized") assert resp.status_code == 302 assert resp.headers.get("Location") == "http://localhost/" oauth.google.authorize_access_token.assert_called_once() oauth.google.parse_id_token.assert_called_once_with( {"access_token": "TOKEN"}) with client.session_transaction() as session: assert "user_info" in session
def generate_user_info(user, scope): return UserInfo(sub=str(user.id), name=user.username)
def userinfo(self, **kwargs): """Fetch user info from ``userinfo_endpoint``.""" resp = self.get(self.metadata["userinfo_endpoint"], **kwargs) resp.raise_for_status() data = resp.json() return UserInfo(data)
def test_getattribute(self): user = UserInfo({'sub': '1'}) self.assertEqual(user.sub, '1') self.assertIsNone(user.email, None) self.assertRaises(AttributeError, lambda: user.invalid)
def userinfo(self, **kwargs): """Fetch user info from ``userinfo_endpoint``.""" metadata = self.load_server_metadata() resp = self.get(metadata['userinfo_endpoint'], **kwargs) data = resp.json() return UserInfo(data)
def generate_user_info(self, user, scope): return UserInfo(sub=str(user.get_user_id()))
def generate_user_info(self, scopes): profile = {'sub': str(self.id), 'name': self.username} return UserInfo(profile)
def generate_user_info(self, scopes): profile = {"sub": str(self.id), "name": self.username} return UserInfo(profile)
def generate_user_info(user, scope): user_info = UserInfo(sub=user.id, email = user.email) return user_info