def create_authorization_data_request(self, userid, ticket): adr = AuthorizationDataRequest( ticket=ticket, rpt=self.token[userid]["RPT"]) _aat = self.token[userid]["AAT"]["access_token"] kwargs = {"headers": {"Authorization": "Bearer %s" % _aat}, "data": adr.to_json()} return kwargs
def test_rpt_endpoint(self): """ A couple of things have to happen before any action can occur on the rpt endpoint. 1. registration of Resource set 2. Registration of a permission request 3. Registration of an authorization """ # (1) register resource set read_write = [SCOPES[s] for s in ['read', 'write']] rsd = ResourceSetDescription(name='foo', scopes=read_write) resp = self.uas.resource_set_registration_endpoint_( "alice", RSR_PATH, method="POST", body=rsd.to_json(), client_id="12345678") rsid = StatusResponse().from_json(resp.message)['_id'] # (2) register a permission request read_write = [SCOPES[s] for s in ['read', 'write']] perm_reg = PermissionRegistrationRequest(resource_set_id=rsid, scopes=read_write) resp = self.uas.permission_registration_endpoint_( owner="alice", request=perm_reg.to_json(), client_id="12345678") assert isinstance(resp, Created) ticket = json.loads(resp.message)['ticket'] # (3) registration of authorization permission = {'resource_set_id': rsid, 'scopes': read_write, 'require': {'sub': 'roger'}} adb = self.uas.get_adb("12345678") adb.store_permission(permission, 'alice') # Get an RPT. This should work req = AuthorizationDataRequest(ticket=ticket) resp = self.uas.rpt_endpoint_('roger', '12345678', request=req.to_json()) assert resp
authn_event = AuthnEvent(REQUESTOR, identity.get('salt', ''), authn_info="UserPassword", time_stamp=int(time.time())) areq = AuthorizationRequest(**request_args) sid = authzsrv.sdb.create_authz_session(authn_event, areq) grant = authzsrv.sdb[sid]["code"] _uma_client.token[REQUESTOR] = {"AAT": authzsrv.sdb.upgrade_to_token(grant)} # Get a RPT from the AS using the AAT as authentication and the ticket # received in (3). authn = "Bearer %s" % _uma_client.token[REQUESTOR]["AAT"]["access_token"] request = AuthorizationDataRequest(ticket=ticket) resp = authzsrv.rpt_endpoint(authn, request=request.to_json()) rtr = RPTResponse().from_json(resp.message) _uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"] # Introspection of the RPT pat = ressrv.permreg.get(RESOURCE_OWNER, "pat")["access_token"] _rpt = _uma_client.token[REQUESTOR]["RPT"] ir = IntrospectionRequest(token=_rpt) request_args = {"access_token": pat} ht_args = ressrv.client.client_authn_method["bearer_header"](ressrv).construct( ir, request_args=request_args) resp = authzsrv.introspection_endpoint(ir.to_json(),
authn_info="UserPassword", time_stamp=int(time.time())) areq = AuthorizationRequest(**request_args) sid = authzsrv.sdb.create_authz_session(authn_event, areq) grant = authzsrv.sdb[sid]["code"] _uma_client.token[REQUESTOR] = {"AAT": authzsrv.sdb.upgrade_to_token(grant)} # >>> C->AS: UMA3.5.1 POST plain authz data request with # permission ticket at RPT endpoint authn = "Bearer %s" % _uma_client.token[REQUESTOR]["AAT"]["access_token"] request = AuthorizationDataRequest(ticket=ticket) # >>> AS->C: UMA3.5.3 Return success and RPT resp = authzsrv.rpt_endpoint(authn, request=request.to_json()) rtr = RPTResponse().from_json(resp.message) _uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"] # >>> C->RS: UMA3.1.2 Attempt resource access with RPT # Introspection of the RPT # >>> RS->AS: UMA3.4.2 POST to token introspection endpoint pat = ressrv.rs_handler.token['PAT'] _rpt = _uma_client.token[REQUESTOR]["RPT"] ir = IntrospectionRequest(token=_rpt) request_args = {"access_token": pat} ht_args = ressrv.client.client_authn_method[ "bearer_header"](ressrv).construct(ir, request_args=request_args)