def create_authorization_data_request(self, userid, ticket):
adr = AuthorizationDataRequest(
ticket=ticket, rpt=self.token[userid]["RPT"])
_aat = self.token[userid]["AAT"]["access_token"]
kwargs = {"headers": {"Authorization": "Bearer %s" % _aat},
"data": adr.to_json()}
return kwargs
def create_authorization_data_request(self, userid, ticket):
adr = AuthorizationDataRequest(
ticket=ticket, rpt=self.token[userid]["RPT"])
_aat = self.token[userid]["AAT"]["access_token"]
kwargs = {"headers": {"Authorization": "Bearer %s" % _aat},
"data": adr.to_json()}
return kwargs
def test_rpt_endpoint(self):
"""
A couple of things have to happen before any action can occur on
the rpt endpoint.
1. registration of Resource set
2. Registration of a permission request
3. Registration of an authorization
"""
# (1) register resource set
read_write = [SCOPES[s] for s in ['read', 'write']]
rsd = ResourceSetDescription(name='foo', scopes=read_write)
resp = self.uas.resource_set_registration_endpoint_(
"alice", RSR_PATH, method="POST", body=rsd.to_json(),
client_id="12345678")
rsid = StatusResponse().from_json(resp.message)['_id']
# (2) register a permission request
read_write = [SCOPES[s] for s in ['read', 'write']]
perm_reg = PermissionRegistrationRequest(resource_set_id=rsid,
scopes=read_write)
resp = self.uas.permission_registration_endpoint_(
owner="alice", request=perm_reg.to_json(), client_id="12345678")
assert isinstance(resp, Created)
ticket = json.loads(resp.message)['ticket']
# (3) registration of authorization
permission = {'resource_set_id': rsid, 'scopes': read_write,
'require': {'sub': 'roger'}}
adb = self.uas.get_adb("12345678")
adb.store_permission(permission, 'alice')
# Get an RPT. This should work
req = AuthorizationDataRequest(ticket=ticket)
resp = self.uas.rpt_endpoint_('roger', '12345678',
request=req.to_json())
assert resp
authn_event = AuthnEvent(REQUESTOR,
identity.get('salt', ''),
authn_info="UserPassword",
time_stamp=int(time.time()))
areq = AuthorizationRequest(**request_args)
sid = authzsrv.sdb.create_authz_session(authn_event, areq)
grant = authzsrv.sdb[sid]["code"]
_uma_client.token[REQUESTOR] = {"AAT": authzsrv.sdb.upgrade_to_token(grant)}
# Get a RPT from the AS using the AAT as authentication and the ticket
# received in (3).
authn = "Bearer %s" % _uma_client.token[REQUESTOR]["AAT"]["access_token"]
request = AuthorizationDataRequest(ticket=ticket)
resp = authzsrv.rpt_endpoint(authn, request=request.to_json())
rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
# Introspection of the RPT
pat = ressrv.permreg.get(RESOURCE_OWNER, "pat")["access_token"]
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)
request_args = {"access_token": pat}
ht_args = ressrv.client.client_authn_method["bearer_header"](ressrv).construct(
ir, request_args=request_args)
resp = authzsrv.introspection_endpoint(ir.to_json(),
authn_info="UserPassword",
time_stamp=int(time.time()))
areq = AuthorizationRequest(**request_args)
sid = authzsrv.sdb.create_authz_session(authn_event, areq)
grant = authzsrv.sdb[sid]["code"]
_uma_client.token[REQUESTOR] = {"AAT": authzsrv.sdb.upgrade_to_token(grant)}
# >>> C->AS: UMA3.5.1 POST plain authz data request with
# permission ticket at RPT endpoint
authn = "Bearer %s" % _uma_client.token[REQUESTOR]["AAT"]["access_token"]
request = AuthorizationDataRequest(ticket=ticket)
# >>> AS->C: UMA3.5.3 Return success and RPT
resp = authzsrv.rpt_endpoint(authn, request=request.to_json())
rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
# >>> C->RS: UMA3.1.2 Attempt resource access with RPT
# Introspection of the RPT
# >>> RS->AS: UMA3.4.2 POST to token introspection endpoint
pat = ressrv.rs_handler.token['PAT']
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)
request_args = {"access_token": pat}
ht_args = ressrv.client.client_authn_method[
"bearer_header"](ressrv).construct(ir, request_args=request_args)
