def get_id_token(user, client_name):
"""Generates a JWT ID-Token, using or creating user's OAuth access token.
Arguments:
user (User Object): User for which we need to get JWT ID-Token
client_name (unicode): Name of the OAuth2 Client
Returns:
String containing the signed JWT value or raise the exception
'ImproperlyConfigured'
"""
# TODO: there's a circular import problem somewhere which is why we do the oidc import inside of this function.
import oauth2_provider.oidc as oidc
try:
client = Client.objects.get(name=client_name)
except Client.DoesNotExist:
raise ImproperlyConfigured("OAuth2 Client with name '%s' is not present in the DB" % client_name)
access_tokens = AccessToken.objects.filter(
client=client,
user__username=user.username,
expires__gt=now()
).order_by('-expires')
if access_tokens:
access_token = access_tokens[0]
else:
access_token = AccessToken.objects.create(client=client, user=user)
id_token = oidc.id_token(access_token)
secret = id_token.access_token.client.client_secret
return id_token.encode(secret)
def get_id_token(user, client_name):
"""Generates a JWT ID-Token, using or creating user's OAuth access token.
Arguments:
user (User Object): User for which we need to get JWT ID-Token
client_name (unicode): Name of the OAuth2 Client
Returns:
String containing the signed JWT value or raise the exception
'ImproperlyConfigured'
"""
# TODO: there's a circular import problem somewhere which is why we do the oidc import inside of this function.
import oauth2_provider.oidc as oidc
try:
client = Client.objects.get(name=client_name)
except Client.DoesNotExist:
raise ImproperlyConfigured(
"OAuth2 Client with name '%s' is not present in the DB" %
client_name)
access_tokens = AccessToken.objects.filter(
client=client, user__username=user.username,
expires__gt=now()).order_by('-expires')
if access_tokens:
access_token = access_tokens[0]
else:
access_token = AccessToken.objects.create(client=client, user=user)
id_token = oidc.id_token(access_token)
secret = id_token.access_token.client.client_secret
return id_token.encode(secret)
def _get_actual_claims(self, access_token, nonce):
with mock.patch('oauth2_provider.oidc.handlers.datetime') as mock_datetime:
mock_datetime.utcnow.return_value = BASE_DATETIME
id_token = oidc.id_token(access_token, nonce)
# Clear id token since a handler can change it.
id_token.claims['sub'] = None
return id_token.claims
def _get_actual_claims(self, access_token, nonce):
with mock.patch(
'oauth2_provider.oidc.handlers.datetime') as mock_datetime:
mock_datetime.utcnow.return_value = BASE_DATETIME
id_token = oidc.id_token(access_token, nonce)
# Clear id token since a handler can change it.
id_token.claims['sub'] = None
return id_token.claims
def get_id_token(self, access_token):
""" Return an ID token for the given Access Token. """
claims_string = self.request.POST.get('claims')
claims_request = json.loads(claims_string) if claims_string else {}
# Use a nonce to prevent replay attacks.
nonce = self.request.POST.get('nonce')
return oidc.id_token(access_token, nonce, claims_request)
def get_id_token(self, access_token):
""" Return an ID token for the given Access Token. """
claims_string = self.request.POST.get('claims')
claims_request = json.loads(claims_string) if claims_string else {}
# Use a nonce to prevent replay attacks.
nonce = self.request.POST.get('nonce')
return oidc.id_token(access_token, nonce, claims_request)
def get_id_token(user):
"""
Generates JWT ID-Token, using or creating user's OAuth access token.
"""
try:
client = Client.objects.get(name="edx-notes")
except Client.DoesNotExist:
raise ImproperlyConfigured(
"OAuth2 Client with name 'edx-notes' is not present in the DB")
try:
access_token = AccessToken.objects.get(client=client,
user=user,
expires__gt=now())
except AccessToken.DoesNotExist:
access_token = AccessToken(client=client, user=user)
access_token.save()
id_token = oidc.id_token(access_token)
secret = id_token.access_token.client.client_secret
return id_token.encode(secret)
def get_id_token(user):
"""
Generates JWT ID-Token, using or creating user's OAuth access token.
"""
try:
client = Client.objects.get(name="edx-notes")
except Client.DoesNotExist:
raise ImproperlyConfigured("OAuth2 Client with name 'edx-notes' is not present in the DB")
try:
access_token = AccessToken.objects.get(
client=client,
user=user,
expires__gt=now()
)
except AccessToken.DoesNotExist:
access_token = AccessToken(client=client, user=user)
access_token.save()
id_token = oidc.id_token(access_token)
secret = id_token.access_token.client.client_secret
return id_token.encode(secret)