예제 #1
0
def get_id_token(user, client_name):
    """Generates a JWT ID-Token, using or creating user's OAuth access token.

    Arguments:
        user (User Object): User for which we need to get JWT ID-Token
        client_name (unicode): Name of the OAuth2 Client

    Returns:
        String containing the signed JWT value or raise the exception
        'ImproperlyConfigured'
    """
    # TODO: there's a circular import problem somewhere which is why we do the oidc import inside of this function.
    import oauth2_provider.oidc as oidc

    try:
        client = Client.objects.get(name=client_name)
    except Client.DoesNotExist:
        raise ImproperlyConfigured("OAuth2 Client with name '%s' is not present in the DB" % client_name)

    access_tokens = AccessToken.objects.filter(
        client=client,
        user__username=user.username,
        expires__gt=now()
    ).order_by('-expires')

    if access_tokens:
        access_token = access_tokens[0]
    else:
        access_token = AccessToken.objects.create(client=client, user=user)

    id_token = oidc.id_token(access_token)
    secret = id_token.access_token.client.client_secret
    return id_token.encode(secret)
예제 #2
0
def get_id_token(user, client_name):
    """Generates a JWT ID-Token, using or creating user's OAuth access token.

    Arguments:
        user (User Object): User for which we need to get JWT ID-Token
        client_name (unicode): Name of the OAuth2 Client

    Returns:
        String containing the signed JWT value or raise the exception
        'ImproperlyConfigured'
    """
    # TODO: there's a circular import problem somewhere which is why we do the oidc import inside of this function.
    import oauth2_provider.oidc as oidc

    try:
        client = Client.objects.get(name=client_name)
    except Client.DoesNotExist:
        raise ImproperlyConfigured(
            "OAuth2 Client with name '%s' is not present in the DB" %
            client_name)

    access_tokens = AccessToken.objects.filter(
        client=client, user__username=user.username,
        expires__gt=now()).order_by('-expires')

    if access_tokens:
        access_token = access_tokens[0]
    else:
        access_token = AccessToken.objects.create(client=client, user=user)

    id_token = oidc.id_token(access_token)
    secret = id_token.access_token.client.client_secret
    return id_token.encode(secret)
예제 #3
0
    def _get_actual_claims(self, access_token, nonce):
        with mock.patch('oauth2_provider.oidc.handlers.datetime') as mock_datetime:
            mock_datetime.utcnow.return_value = BASE_DATETIME
            id_token = oidc.id_token(access_token, nonce)

            # Clear id token since a handler can change it.
            id_token.claims['sub'] = None

            return id_token.claims
예제 #4
0
    def _get_actual_claims(self, access_token, nonce):
        with mock.patch(
                'oauth2_provider.oidc.handlers.datetime') as mock_datetime:
            mock_datetime.utcnow.return_value = BASE_DATETIME
            id_token = oidc.id_token(access_token, nonce)

            # Clear id token since a handler can change it.
            id_token.claims['sub'] = None

            return id_token.claims
예제 #5
0
    def get_id_token(self, access_token):
        """ Return an ID token for the given Access Token. """

        claims_string = self.request.POST.get('claims')
        claims_request = json.loads(claims_string) if claims_string else {}

        # Use a nonce to prevent replay attacks.
        nonce = self.request.POST.get('nonce')

        return oidc.id_token(access_token, nonce, claims_request)
예제 #6
0
    def get_id_token(self, access_token):
        """ Return an ID token for the given Access Token. """

        claims_string = self.request.POST.get('claims')
        claims_request = json.loads(claims_string) if claims_string else {}

        # Use a nonce to prevent replay attacks.
        nonce = self.request.POST.get('nonce')

        return oidc.id_token(access_token, nonce, claims_request)
예제 #7
0
def get_id_token(user):
    """
    Generates JWT ID-Token, using or creating user's OAuth access token.
    """
    try:
        client = Client.objects.get(name="edx-notes")
    except Client.DoesNotExist:
        raise ImproperlyConfigured(
            "OAuth2 Client with name 'edx-notes' is not present in the DB")
    try:
        access_token = AccessToken.objects.get(client=client,
                                               user=user,
                                               expires__gt=now())
    except AccessToken.DoesNotExist:
        access_token = AccessToken(client=client, user=user)
        access_token.save()

    id_token = oidc.id_token(access_token)
    secret = id_token.access_token.client.client_secret
    return id_token.encode(secret)
예제 #8
0
def get_id_token(user):
    """
    Generates JWT ID-Token, using or creating user's OAuth access token.
    """
    try:
        client = Client.objects.get(name="edx-notes")
    except Client.DoesNotExist:
        raise ImproperlyConfigured("OAuth2 Client with name 'edx-notes' is not present in the DB")
    try:
        access_token = AccessToken.objects.get(
            client=client,
            user=user,
            expires__gt=now()
        )
    except AccessToken.DoesNotExist:
        access_token = AccessToken(client=client, user=user)
        access_token.save()

    id_token = oidc.id_token(access_token)
    secret = id_token.access_token.client.client_secret
    return id_token.encode(secret)