class StoreAccessTokenProvider(AuthorizationProvider):
"""
On-premise only.
StoreAccessTokenProvider is an :py:class:`borneo.AuthorizationProvider` that
performs the following functions:
Initial (bootstrap) login to store, using credentials provided.\n
Storage of bootstrap login token for re-use.\n
Optionally renews the login token before it expires.\n
Logs out of the store when closed.
If accessing an insecure instance of Oracle NoSQL Database the default
constructor is used, with no arguments.
If accessing a secure instance of Oracle NoSQL Database a user name and
password must be provided. That user must already exist in the NoSQL
Database and have sufficient permission to perform table operations. That
user's identity is used to authorize all database operations.
To access to a store without security enabled, no parameter need to be set
to the constructor.
To access to a secure store, the constructor requires a valid user name and
password to access the target store. The user must exist and have sufficient
permission to perform table operations required by the application. The user
identity is used to authorize all operations performed by the application.
:param user_name: the user name to use for the store. This user must exist
in the NoSQL Database and is the identity that is used for authorizing
all database operations.
:type user_name: str
:param password: the password for the user.
:type password: str
:raises IllegalArgumentException: raises the exception if one or more of the
parameters is malformed or a required parameter is missing.
"""
# Used when we send user:password pair.
_BASIC_PREFIX = 'Basic '
# The general prefix for the login token.
_BEARER_PREFIX = 'Bearer '
# Login service end point name.
_LOGIN_SERVICE = '/login'
# Login token renew service end point name.
_RENEW_SERVICE = '/renew'
# Logout service end point name.
_LOGOUT_SERVICE = '/logout'
# Default timeout when sending http request to server
_HTTP_TIMEOUT_MS = 30000
def __init__(self, user_name=None, password=None):
self._endpoint = None
self._url = None
self._auth_string = None
self._auto_renew = True
self._disable_ssl_hook = False
self._is_closed = False
# The base path for security related services.
self._base_path = HttpConstants.KV_SECURITY_PATH
# The login token expiration time.
self._expiration_time = 0
self._logger = None
self._logutils = LogUtils(self._logger)
self._sess = Session()
self._request_utils = borneo.http.RequestUtils(self._sess,
self._logutils)
self._lock = Lock()
self._timer = None
self.lock = Lock()
if user_name is None and password is None:
# Used to access to a store without security enabled.
self._is_secure = False
else:
if user_name is None or password is None:
raise IllegalArgumentException('Invalid input arguments.')
CheckValue.check_str(user_name, 'user_name')
CheckValue.check_str(password, 'password')
self._is_secure = True
self._user_name = user_name
self._password = password
@synchronized
def bootstrap_login(self):
# Bootstrap login using the provided credentials.
if not self._is_secure or self._is_closed:
return
# Convert the username:password pair in base 64 format.
pair = self._user_name + ':' + self._password
try:
encoded_pair = b64encode(pair)
except TypeError:
encoded_pair = b64encode(pair.encode()).decode()
try:
# Send request to server for login token.
response = self._send_request(
StoreAccessTokenProvider._BASIC_PREFIX + encoded_pair,
StoreAccessTokenProvider._LOGIN_SERVICE)
content = response.get_content()
# Login fail
if response.get_status_code() != codes.ok:
raise InvalidAuthorizationException(
'Fail to login to service: ' + content)
if self._is_closed:
return
# Generate the authentication string using login token.
self._auth_string = (StoreAccessTokenProvider._BEARER_PREFIX +
self._parse_json_result(content))
# Schedule login token renew thread.
self._schedule_refresh()
except (ConnectionError, InvalidAuthorizationException) as e:
self._logutils.log_debug(format_exc())
raise e
except Exception as e:
self._logutils.log_debug(format_exc())
raise NoSQLException('Bootstrap login fail.', e)
@synchronized
def close(self):
"""
Close the provider, releasing resources such as a stored login token.
"""
# Don't do anything for non-secure case.
if not self._is_secure or self._is_closed:
return
# Send request for logout.
try:
response = self._send_request(
self._auth_string, StoreAccessTokenProvider._LOGOUT_SERVICE)
if response.get_status_code() != codes.ok:
self._logutils.log_info('Failed to logout user ' +
self._user_name + ': ' +
response.get_content())
except Exception as e:
self._logutils.log_info('Failed to logout user ' +
self._user_name + ': ' + str(e))
# Clean up.
self._is_closed = True
self._auth_string = None
self._expiration_time = 0
self._password = None
if self._timer is not None:
self._timer.cancel()
self._timer = None
if self._sess is not None:
self._sess.close()
def get_authorization_string(self, request=None):
if request is not None and not isinstance(request, Request):
raise IllegalArgumentException(
'get_authorization_string requires an instance of Request or '
+ 'None as parameter.')
if not self._is_secure or self._is_closed:
return None
# If there is no cached auth string, re-authentication to retrieve the
# login token and generate the auth string.
if self._auth_string is None:
self.bootstrap_login()
return self._auth_string
def is_secure(self):
"""
Returns whether the provider is accessing a secured store.
:returns: True if accessing a secure store, otherwise False.
:rtype: bool
"""
return self._is_secure
def set_auto_renew(self, auto_renew):
"""
Sets the auto-renew state. If True, automatic renewal of the login token
is enabled.
:param auto_renew: set to True to enable auto-renew.
:type auto_renew: bool
:returns: self.
:raises IllegalArgumentException: raises the exception if auto_renew is
not True or False.
"""
CheckValue.check_boolean(auto_renew, 'auto_renew')
self._auto_renew = auto_renew
return self
def is_auto_renew(self):
"""
Returns whether the login token is to be automatically renewed.
:returns: True if auto-renew is set, otherwise False.
:rtype: bool
"""
return self._auto_renew
def set_endpoint(self, endpoint):
"""
Sets the endpoint of the on-prem proxy.
:param endpoint: the endpoint.
:type endpoint: str
:returns: self.
:raises IllegalArgumentException: raises the exception if endpoint is
not a string.
"""
CheckValue.check_str(endpoint, 'endpoint')
self._endpoint = endpoint
self._url = NoSQLHandleConfig.create_url(endpoint, '')
if self._is_secure and self._url.scheme.lower() != 'https':
raise IllegalArgumentException(
'StoreAccessTokenProvider requires use of https.')
return self
def get_endpoint(self):
"""
Returns the endpoint of the on-prem proxy.
:returns: the endpoint.
:rtype: str
"""
return self._endpoint
def set_logger(self, logger):
CheckValue.check_logger(logger, 'logger')
self._logger = logger
self._logutils = LogUtils(logger)
self._request_utils = borneo.http.RequestUtils(self._sess,
self._logutils)
return self
def get_logger(self):
return self._logger
def set_url_for_test(self):
self._url = urlparse(self._url.geturl().replace('https', 'http'))
return self
def validate_auth_string(self, auth_string):
if self._is_secure and auth_string is None:
raise IllegalArgumentException(
'Secured StoreAccessProvider requires a non-none string.')
def _parse_json_result(self, json_result):
# Retrieve login token from JSON string.
result = loads(json_result)
# Extract expiration time from JSON result.
self._expiration_time = result['expireAt']
# Extract login token from JSON result.
return result['token']
def _refresh_task(self):
"""
This task sends a request to the server for login session extension.
Depending on the server policy, a new login token with new expiration
time may or may not be granted.
"""
if not self._is_secure or not self._auto_renew or self._is_closed:
return
try:
old_auth = self._auth_string
response = self._send_request(
old_auth, StoreAccessTokenProvider._RENEW_SERVICE)
token = self._parse_json_result(response.get_content())
if response.get_status_code() != codes.ok:
raise InvalidAuthorizationException(token)
if self._is_closed:
return
with self._lock:
if self._auth_string == old_auth:
self._auth_string = (
StoreAccessTokenProvider._BEARER_PREFIX + token)
self._schedule_refresh()
except Exception as e:
self._logutils.log_info('Failed to renew login token: ' + str(e))
if self._timer is not None:
self._timer.cancel()
self._timer = None
def _schedule_refresh(self):
# Schedule a login token renew when half of the token life time is
# reached.
if not self._is_secure or not self._auto_renew:
return
# Clean up any existing timer
if self._timer is not None:
self._timer.cancel()
self._timer = None
acquire_time = int(round(time() * 1000))
if self._expiration_time <= 0:
return
# If it is 10 seconds before expiration, don't do further renew to avoid
# to many renew request in the last few seconds.
if self._expiration_time > acquire_time + 10000:
renew_time = (acquire_time +
(self._expiration_time - acquire_time) // 2)
self._timer = Timer(
float(renew_time - acquire_time) / 1000, self._refresh_task)
self._timer.start()
def _send_request(self, auth_header, service_name):
# Send HTTPS request to login/renew/logout service location with proper
# authentication information.
headers = {'Authorization': auth_header}
return self._request_utils.do_get_request(
self._url.geturl() + self._base_path + service_name, headers,
StoreAccessTokenProvider._HTTP_TIMEOUT_MS)
class DefaultAccessTokenProvider(AccessTokenProvider):
"""
An instance of :py:class:`AccessTokenProvider` that acquires access tokens
from Oracle Identity Cloud Service (IDCS) using information provided by
:py:class:`CredentialsProvider`. By default the
:py:class:`CredentialsProvider` is used.
This class requires tenant-specific information in order to properly
communicate with IDCS using the credential information:
A tenant-specific URL used to communicate with IDCS.\n
An entitlement id. This is generated by Oracle during account creation.
The tenant-specific IDCS URL is the IDCS host assigned to the tenant. After
logging into the IDCS admin console, copy the host of the IDCS admin console
URL. For example, the format of the admin console URL is
"https\://{tenantId}.identity.oraclecloud.com/ui/v1/adminconsole". The
"https\://{tenantId}.identity.oraclecloud.com" portion is the required
parameter.
The entitlement id can be found using the IDCS admin console. After logging
into the IDCS admin console, choose *Applications* from the button on the
top left. Find the Application named ANDC, enter the Resources tab in the
Configuration. There is a field called primary audience, the entitlement id
parameter is the value of "urn\:opc\:andc\:entitlementid", which is treated
as a string. For example if your primary audience is
"urn\:opc\:andc\:entitlementid=123456789" then the parameter is "123456789"
NOTE: above is simple python doc. This information is on the implementation.
ATs are acquiring using OAuth client ID and secret pair along with user name
and password using `Resource Owner Grant Type <https://docs.oracle.com/en/\
cloud/paas/identity-cloud/rest-api/ROPCGT.html>`_
This provider uses :py:class:`PropertiesCredentialsProvider` by default to
obtain credentials. These credentials are used to build IDCS access token
payloads to acquire the required access tokens. The expiry window is a
constant 120,000 milliseconds.
:param idcs_props_file: the path of an IDCS properties file.
:param idcs_url: an IDCS URL, provided by IDCS.
:param entitlement_id: service entitlement ID, which can be found from the
primary audience of the application named ANDC from IDCS.
:param creds_provider: a credentials provider.
:param timeout_ms: the access token acquisition request timeout in
milliseconds.
:param cache_duration_seconds: the amount of time the access tokens are
cached in the provider, in seconds.
:param refresh_ahead: the refresh time before AT expired from cache.
:raises IllegalArgumentException: raises the exception if parameters are not
expected type.
"""
# Payload used to acquire access token with resource owner grant flow.
_RO_GRANT_FORMAT = 'grant_type=password&username={0}&scope={1}&password='******'grant_type=client_credentials&scope=urn:opc:idm:__myscopes__')
# IDCS fully qualified scope to acquire IDCS AT.
_IDCS_SCOPE = 'urn:opc:idm:__myscopes__'
# Filter using service type URN to get PSMApp metadata from IDCS when
# provider attempts to acquire PSM AT using PSMApp client id and secret. The
# PSMApp metadata contains PSMApp client id, secret and primary audience of
# PSM for this cloud account.
_PSM_APP_FILTER = '?filter=serviceTypeURN+eq+%22PSMResourceTenatApp%22'
# Filter using OAuth client id to find client metadata from IDCS.
_CLIENT_FILTER = '?filter=name+eq+'
# Field name in the IDCS access token response.
_AT_FIELD = 'access_token'
# Properties in the IDCS properties file.
_IDCS_URL_PROP = 'idcs_url'
_CREDS_FILE_PROP = 'creds_file'
_ENTITLEMENT_ID_PROP = 'entitlement_id'
# Default properties file at ~/.andc/idcs.props
_DEFAULT_PROPS_FILE = environ['HOME'] + sep + '.andc' + sep + 'idcs.props'
def __init__(
self,
idcs_props_file=_DEFAULT_PROPS_FILE,
idcs_url=None,
entitlement_id=None,
creds_provider=None,
timeout_ms=Utils.DEFAULT_TIMEOUT_MS,
cache_duration_seconds=AccessTokenProvider.MAX_ENTRY_LIFE_TIME,
refresh_ahead=AccessTokenProvider.DEFAULT_REFRESH_AHEAD):
# Constructs a default access token provider.
if idcs_url is None:
CheckValue.check_str(idcs_props_file, 'idcs_props_file')
super(DefaultAccessTokenProvider, self).__init__(
DefaultAccessTokenProvider.MAX_ENTRY_LIFE_TIME,
DefaultAccessTokenProvider.DEFAULT_REFRESH_AHEAD)
self.__idcs_url = self.__get_idcs_url(idcs_props_file)
entitlement = self.__get_entitlement_id(idcs_props_file)
self.__creds_provider = (
PropertiesCredentialsProvider().set_properties_file(
self.__get_credential_file(idcs_props_file)))
self.__timeout_ms = Utils.DEFAULT_TIMEOUT_MS
else:
CheckValue.check_str(idcs_url, 'idcs_url')
self.__is_credentials_provider(creds_provider)
CheckValue.check_int_gt_zero(timeout_ms, 'timeout_ms')
CheckValue.check_int_gt_zero(cache_duration_seconds,
'cache_duration_seconds')
CheckValue.check_int_gt_zero(refresh_ahead, 'refresh_ahead')
super(DefaultAccessTokenProvider,
self).__init__(cache_duration_seconds, refresh_ahead)
self.__idcs_url = idcs_url
entitlement = entitlement_id
self.__creds_provider = (PropertiesCredentialsProvider()
if creds_provider is None else
creds_provider)
self.__timeout_ms = timeout_ms
url = urlparse(self.__idcs_url)
self.__host = url.hostname
self.__andc_fqs = None
if entitlement is not None:
CheckValue.check_str(entitlement, 'entitlement_id')
self.__andc_fqs = (AccessTokenProvider.ANDC_AUD_PREFIX +
entitlement + AccessTokenProvider.SCOPE)
self.__psm_fqs = None
self.__logger = None
self.__logutils = LogUtils()
self.__sess = Session()
self.__request_utils = RequestUtils(self.__sess, self.__logutils)
def set_credentials_provider(self, provider):
"""
Sets :py:class:`CredentialsProvider`.
:param provider: the credentials provider.
:returns: self.
:raises IllegalArgumentException: raises the exception if provider is
not an instance of CredentialsProvider.
"""
self.__is_credentials_provider(provider)
self.__creds_provider = provider
return self
def set_logger(self, logger):
"""
Sets a logger instance for this provider. If not set, the logger
associated with the driver is used.
:param logger: the logger.
:returns: self.
:raises IllegalArgumentException: raises the exception if logger is not
an instance of Logger.
"""
CheckValue.check_logger(logger, 'logger')
self.__logger = logger
self.__logutils = LogUtils(logger)
self.__request_utils = RequestUtils(self.__sess, self.__logutils)
return self
def get_logger(self):
"""
Returns the logger of this provider if set, None if not.
:returns: the logger.
"""
return self.__logger
def get_account_access_token(self):
self.__ensure_creds_provider()
self.__find_oauth_scopes()
if self.__psm_fqs is not None:
return self.__get_at_by_password(self.__psm_fqs)
return self.__get_at_by_psm_app()
def get_service_access_token(self):
self.__ensure_creds_provider()
if self.__andc_fqs is None:
self.__find_oauth_scopes()
if self.__andc_fqs is None:
raise IllegalStateException(
'Unable to find service scope, OAuth client isn\'t ' +
'configured properly, run OAuthClient utility to verify and ' +
'recreate.')
return self.__get_at_by_password(self.__andc_fqs)
def close(self):
super(DefaultAccessTokenProvider, self).close()
if self.__sess is not None:
self.__sess.close()
def __ensure_creds_provider(self):
if self.__creds_provider is None:
raise IllegalArgumentException('CredentialsProvider unavailable.')
def __find_oauth_scopes(self):
# Find PSM and ANDC FQS from allowed scopes of OAuth client.
if self.__andc_fqs is not None and self.__psm_fqs is not None:
return
creds = self.__get_client_creds()
oauth_id = creds.get_credential_alias()
auth = self.__get_auth_header(oauth_id, creds.get_secret())
try:
auth = 'Bearer ' + self.__get_access_token(
auth, DefaultAccessTokenProvider._CLIENT_GRANT_PAYLOAD,
DefaultAccessTokenProvider._IDCS_SCOPE)
except InvalidAuthorizationException:
self.__logutils.log_debug(
'Cannot get access token with IDCS scope using client grant.')
return
response = self.__request_utils.do_get_request(
self.__idcs_url + Utils.APP_ENDPOINT +
DefaultAccessTokenProvider._CLIENT_FILTER + '%22' + oauth_id +
'%22', Utils.scim_headers(self.__host, auth), self.__timeout_ms)
if response is None:
raise IllegalStateException(
'Error getting client metadata from Identity Cloud Service, ' +
'no response.')
if response.get_status_code() >= codes.multiple_choices:
Utils.handle_idcs_errors(
response, 'Getting client metadata',
'Please verify if the OAuth client is configured properly.')
fqs_list = Utils.get_field(response.get_content(), 'allowedScopes',
'fqs')
if fqs_list is None:
return
for fqs in fqs_list:
if fqs.startswith(AccessTokenProvider.ANDC_AUD_PREFIX):
self.__andc_fqs = fqs
elif fqs.endswith(Utils.PSM_SCOPE):
self.__psm_fqs = fqs
def __get_access_token(self, auth_header, payload, fqs):
response = self.__request_utils.do_post_request(
self.__idcs_url + Utils.TOKEN_ENDPOINT,
Utils.token_headers(self.__host, auth_header), payload,
self.__timeout_ms)
if response is None:
raise IllegalStateException('Error acquiring access token with '
'scope ' + fqs + ', no response')
response_code = response.get_status_code()
content = response.get_content()
if response_code >= codes.multiple_choices:
self.__handle_token_error_response(response_code, content)
return self.__parse_access_token_response(content)
def __get_at_by_password(self, fqs):
user_creds = self.__get_user_creds()
client_creds = self.__get_client_creds()
# URL encode fqs.
encoded_fqs = quote(fqs.encode())
auth_header = self.__get_auth_header(
client_creds.get_credential_alias(), client_creds.get_secret())
replaced = str.format(DefaultAccessTokenProvider._RO_GRANT_FORMAT,
user_creds.get_credential_alias(), encoded_fqs)
# Build the actual payload to acquire access token.
payload = replaced + user_creds.get_secret()
return self.__get_access_token(auth_header, payload, fqs)
def __get_at_by_psm_app(self):
"""
Acquiring account access token using PSMApp provisioned by Oracle for
each tenant. Keeping this path to remain the backward compatibility if
users are using the client id and secret from Application ANDC. This
path shouldn't work after IDCS hides client secret of Oracle-created
Applications. This will be deprecated eventually.
"""
# 1. acquire IDCS AT
result = self.__get_at_by_password(
DefaultAccessTokenProvider._IDCS_SCOPE)
if result is None:
raise IllegalStateException(
'Error acquiring Identity Cloud Service access token, unable '
+ 'to get metadata to proceed acquiring account access token.')
# 2. look up audience, client id and secret of PSMApp
auth_header = 'Bearer ' + result
psm_info = self.__get_psm_app(auth_header)
if psm_info is None:
raise IllegalStateException(
'Error finding required metadata from Identity Cloud Service,'
+ ' unable to proceed acquiring account access token.')
# 3. acquire PSM AT
auth_header = self.__get_auth_header(psm_info.client_id,
psm_info.client_secret)
psm_fqs = psm_info.audience + Utils.PSM_SCOPE
user_creds = self.__get_user_creds()
replaced = str.format(DefaultAccessTokenProvider._RO_GRANT_FORMAT,
user_creds.get_credential_alias(), psm_fqs)
payload = replaced + user_creds.get_secret()
return self.__get_access_token(auth_header, payload, psm_fqs)
def __get_auth_header(self, client_id, secret):
# Return authorization header in form of 'Basic <clientId:secret>'.
pair = client_id + ':' + secret
try:
return 'Basic ' + b64encode(pair)
except TypeError:
return 'Basic ' + b64encode(pair.encode()).decode()
def __get_client_creds(self):
creds = self.__creds_provider.get_oauth_client_credentials()
if creds is None:
raise IllegalArgumentException(
'OAuth client credentials unavailable.')
return creds
def __get_credential_file(self, properties_file):
creds_file = PropertiesCredentialsProvider.get_property_from_file(
properties_file, DefaultAccessTokenProvider._CREDS_FILE_PROP)
if creds_file is None:
return PropertiesCredentialsProvider._DEFAULT_CREDS_FILE
return creds_file
def __get_entitlement_id(self, properties_file):
return PropertiesCredentialsProvider.get_property_from_file(
properties_file, DefaultAccessTokenProvider._ENTITLEMENT_ID_PROP)
def __get_idcs_url(self, properties_file):
# Methods used to fetch IDCS-related properties from given file.
idcs_url = PropertiesCredentialsProvider.get_property_from_file(
properties_file, DefaultAccessTokenProvider._IDCS_URL_PROP)
if idcs_url is None:
raise IllegalArgumentException(
'Must specify IDCS URL in IDCS properties file.')
return idcs_url
def __get_psm_app(self, auth_header):
"""
Get PSMApp metadata from IDCS. The secret of PSMApp will be hidden by
IDCS, if no secret, return an error to ask users create custom client.
This will be deprecated eventually.
"""
# Get PSMApp metadata from IDCS.
response = self.__request_utils.do_get_request(
self.__idcs_url + Utils.APP_ENDPOINT +
DefaultAccessTokenProvider._PSM_APP_FILTER,
Utils.token_headers(self.__host, auth_header), self.__timeout_ms)
if response is None:
raise IllegalStateException(
'Error getting required metadata from Identity Cloud Service,'
+ ' unable to acquire account access token, no response')
response_code = response.get_status_code()
content = response.get_content()
if response_code >= codes.multiple_choices:
Utils.handle_idcs_errors(
response, 'Getting account metadata',
'Please grant user Identity Domain Administrator or ' +
'Application Administrator role')
oauth_id = 'name'
audience = 'audience'
secret = 'clientSecret'
try:
oauth_id_value = Utils.get_field(content, oauth_id)
audience_value = Utils.get_field(content, audience)
secret_value = Utils.get_field(content, secret)
except IllegalStateException as ise:
raise UnauthorizedException(
'Please grant user Identity Domain Administrator or ' +
'Application Administrator role. ' + str(ise))
if oauth_id_value is None or audience_value is None:
raise IllegalStateException(
'Account metadata response contains invalid value: ' + content)
if secret_value is None:
raise IllegalStateException(
'Account metadata doesn\'t have a secret, unable to acquire ' +
'account access token. Must create the custom OAuth Client ' +
'first. Account metadata: ' + content)
return DefaultAccessTokenProvider.PSMAppInfo(oauth_id_value,
secret_value,
audience_value)
def __get_user_creds(self):
user_creds = self.__creds_provider.get_user_credentials()
if user_creds is None:
raise IllegalArgumentException('User credentials unavailable.')
return user_creds
def __handle_token_error_response(self, response_code, content):
if response_code >= codes.server_error:
self.__logutils.log_info(
'Error acquiring access token, expected to retry, error ' +
'response: ' + content + ', status code: ' +
str(response_code))
raise RequestTimeoutException(
'Error acquiring access token, expected to retry, error ' +
'response: ' + content + ', status code: ' +
str(response_code))
elif response_code == codes.bad and content is None:
# IDCS doesn't return error message in case of credentials has
# invalid URL encoded characters.
raise IllegalArgumentException(
'Error acquiring access token, status code: ' +
str(response_code) +
', CredentialsProvider supplies invalid credentials')
else:
raise InvalidAuthorizationException(
'Error acquiring access token from Identity Cloud Service. ' +
'IDCS error response: ' + content + ', status code: ' +
str(response_code))
def __is_credentials_provider(self, provider):
if (provider is not None
and not isinstance(provider, CredentialsProvider)):
raise IllegalArgumentException('provider must be an instance of ' +
'CredentialsProvider.')
def __parse_access_token_response(self, response):
"""
A valid response from IDCS is in JSON format and must contains the field
"access_token" and "expires_in".
"""
response = loads(response)
access_token = response.get(DefaultAccessTokenProvider._AT_FIELD)
if access_token is None:
raise IllegalStateException(
'Access token response contains invalid value, response: ' +
str(response))
self.__logutils.log_debug('Acquired access token ' + access_token)
return access_token
class PSMAppInfo:
def __init__(self, client_id, client_secret, audience):
self.client_id = client_id
self.client_secret = client_secret
self.audience = audience