def create_user_token_from_globus_profile(profile, access_token):
"""
Use this method on your Resource Provider (Like Atmosphere)
to exchange a profile (that was retrieved via a tokeninfo endpoint)
for a UserToken that can then be internally validated in an 'authorize' authBackend step..
"""
logger.info(profile)
expiry = profile['exp'] # This is an 'epoch-int'
expiry = _extract_expiry_date(expiry)
issuer = profile['iss']
issued_at = profile['iat']
raw_username = profile['username'] # username@login_auth.com
raw_name = profile['name']
email = profile['email']
username = _extract_user_from_email(raw_username)
first_name, last_name = _extract_first_last_name(raw_name)
profile_dict = {
'username':username,
'firstName':first_name,
'lastName':last_name,
'email': email,
}
auth_token = create_user_and_token(profile_dict, access_token, expiry, issuer)
return auth_token
def globus_validate_code(request):
"""
This flow is used to create a new Token on behalf of a Service Client
(Like Troposphere)
Validates 'code' returned from the IdP
If valid: Return new AuthToken to be passed to the Resource Provider.
else: Return None
"""
code = request.GET.get('code','')
error = request.GET.get('error','')
error_description = request.GET.get('error_description','')
if error:
error_msg = "%s: %s" % (error, error_description) if error_description else error
raise Unauthorized(error_msg)
if not code:
logger.warn("User returned from Login prompt but there was NO `code` to validate!")
return None
if type(code) == list:
code = code[0]
flow = globus_initFlow()
try:
credentials = flow.step2_exchange(code)
logger.info(credentials.__dict__)
except OAuthError as err:
logger.exception("Error exchanging code w/ globus")
return None
except Exception as err:
logger.exception("Unknown Error occurred while exchanging code w/ globus")
return None
# Parsing
try:
user_access_token = parse_atmosphere_token(credentials.token_response)
token_profile = credentials.id_token
expiry_date = credentials.token_expiry
except Exception as err:
logger.exception("Parse of the credentials response failed. Ask a developer for help!")
return None
raw_username = token_profile['preferred_username']
email = token_profile['email']
username = _extract_user_from_email(raw_username)
if not username:
logger.info("No user provided in token_profile: Check output %s" % token_profile)
return None
full_name = token_profile['name']
issuer = token_profile['iss']
# Creation
first_name, last_name = _extract_first_last_name(full_name)
username = username.lower()
user_profile = {
'username':username,
'firstName':first_name,
'lastName':last_name,
'email': email,
}
auth_token = create_user_and_token(user_profile, user_access_token, expiry_date, issuer)
return auth_token
