rtype = set(areq["response_type"][:])
if "code" in areq["response_type"]:
_code = aresp["code"] = _sinfo["code"]
rtype.remove("code")
else:
self.sdb[scode]["code"] = None
_code = None
if "token" in areq["response_type"]:
_dic = self.sdb.update_to_token(issue_refresh=False,
key=scode)
_log_debug("_dic: %s" % _dic)
for key, val in _dic.items():
if key in aresp.parameters() and val is not None:
aresp[key] = val
rtype.remove("token")
try:
_access_token = aresp["access_token"]
except KeyError:
_access_token = None
if "id_token" in areq["response_type"]:
try:
idtoken_claims = areq["request"]["id_token"]["claims"]
user_info = self._collect_user_info(_sinfo)
except KeyError:
user_info = None
def authz_part2(self, user, areq, sid, **kwargs):
"""
After the authentication this is where you should end up
"""
_log_debug = logger.debug
_log_debug("- in authenticated() -")
# Do the authorization
try:
info = OpenIDSchema(**self._collect_user_info(self.sdb[sid]))
permission = self.authz(user)
self.sdb.update(sid, "permission", permission)
except Exception:
raise
_log_debug("response type: %s" % areq["response_type"])
# create the response
aresp = AuthorizationResponse()
try:
aresp["state"] = areq["state"]
except KeyError:
pass
if "response_type" in areq and \
len(areq["response_type"]) == 1 and \
"none" in areq["response_type"]:
pass
else:
if self.sdb.is_revoked(sid):
return self._error(error="access_denied",
descr="Token is revoked")
_sinfo = self.sdb[sid]
try:
aresp["scope"] = areq["scope"]
except KeyError:
pass
_log_debug("_dic: %s" % _sinfo)
rtype = set(areq["response_type"][:])
if "code" in areq["response_type"]:
#if issue_new_code:
# scode = self.sdb.duplicate(_sinfo)
# _sinfo = self.sdb[scode]
_code = aresp["code"] = _sinfo["code"]
rtype.remove("code")
else:
self.sdb[sid]["code"] = None
_code = None
if "token" in rtype:
_dic = self.sdb.update_to_token(issue_refresh=False, key=sid)
_log_debug("_dic: %s" % _dic)
for key, val in _dic.items():
if key in aresp.parameters() and val is not None:
aresp[key] = val
rtype.remove("token")
try:
_access_token = aresp["access_token"]
except KeyError:
_access_token = None
if "id_token" in areq["response_type"]:
user_info = self.userinfo_in_id_token_claims(_sinfo)
client_info = self.cdb[areq["client_id"]]
id_token = self.sign_encrypt_id_token(
_sinfo, client_info, areq, code=_code,
access_token=_access_token, user_info=user_info)
aresp["id_token"] = id_token
_sinfo["id_token"] = id_token
rtype.remove("id_token")
if len(rtype):
return BadRequest("Unknown response type")
try:
redirect_uri = self.get_redirect_uri(areq)
except (RedirectURIError, ParameterError), err:
return BadRequest("%s" % err)
