def do_introspection(self, rpt, path=None):
"""
The resource server doing introspection on a RPT at the AuthzServer
:param rpt: Resource access token
:param path: path representing the resource
:returns:
"""
pat = self.client.token
ir = IntrospectionRequest(token=rpt)
# if path:
# fpath = self.rs_handler.dataset.resource_name(path)
# ir["resource_id"] = self.rs_handler.path2rsid[fpath]
request_args = {"access_token": pat}
ht_args = self.client.client_authn_method["bearer_header"](
self).construct(ir, request_args=request_args)
url = list(
self.client.provider_info.values())[0]["introspection_endpoint"]
return self.client.request_and_return(url,
IntrospectionResponse,
body=ir.to_json(),
body_type="json",
http_args=ht_args)
def do_introspection(self, rpt, path=None):
"""
The resource server doing introspection on a RPT at the AuthzServer
:param rpt: Resource access token
:param path: path representing the resource
:returns:
"""
pat = self.client.token
ir = IntrospectionRequest(token=rpt)
# if path:
# fpath = self.rs_handler.dataset.resource_name(path)
# ir["resource_id"] = self.rs_handler.path2rsid[fpath]
request_args = {"access_token": pat}
ht_args = self.client.client_authn_method[
"bearer_header"](self).construct(ir, request_args=request_args)
url = list(self.client.provider_info.values())[0][
"introspection_endpoint"]
return self.client.request_and_return(url, IntrospectionResponse,
body=ir.to_json(),
body_type="json",
http_args=ht_args)
def introspect(_client, rsrv, asrv):
_crpt = _client.token[USER]["RPT"]
_pat = rsrv.permreg.get(RESOURCE_OWNER, "pat")["access_token"]
_client_x = rsrv.client[rsrv.permreg.get(RESOURCE_OWNER, "authzsrv")]
ireq = IntrospectionRequest(token=_crpt)
req_args = {"access_token": _pat}
http_args = _client_x.client_authn_method[
"bearer_header"](rsrv).construct(ireq, request_args=req_args)
_iresp = asrv.introspection_endpoint(ireq.to_json(),
http_args["headers"]["Authorization"])
return IntrospectionResponse().from_json(_iresp.message)
def introspect(_client, rsrv, asrv):
_crpt = _client.token[USER]["RPT"]
_pat = rsrv.permreg.get(RESOURCE_OWNER, "pat")["access_token"]
_client_x = rsrv.client[rsrv.permreg.get(RESOURCE_OWNER, "authzsrv")]
ireq = IntrospectionRequest(token=_crpt)
req_args = {"access_token": _pat}
http_args = _client_x.client_authn_method["bearer_header"](rsrv).construct(
ireq, request_args=req_args)
_iresp = asrv.introspection_endpoint(ireq.to_json(),
http_args["headers"]["Authorization"])
return IntrospectionResponse().from_json(_iresp.message)
ticket=ticket,
claim_tokens=[ClaimToken(format="json", token=rqp_claims)])
resp = authzsrv.rpt_token_endpoint(authn=authn, request=request.to_json())
rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR] = {}
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
# Introspection of the RPT
pat = ressrv.rs_handler.token['PAT']
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)
request_args = {"access_token": pat}
ht_args = ressrv.client.client_authn_method["bearer_header"](ressrv).construct(
ir, request_args=request_args)
resp = authzsrv.introspection_endpoint(ir.to_json(),
ht_args["headers"]["Authorization"])
iresp = IntrospectionResponse().from_json(resp.message)
assert iresp["active"] is True
assert "permissions" in iresp
res = ressrv.collect_info(iresp, ressrv.rs_handler.op2scope['GET'])
print(res)
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
# >>> C->RS: UMA3.1.2 Attempt resource access with RPT
# Introspection of the RPT
# >>> RS->AS: UMA3.4.2 POST to token introspection endpoint
pat = ressrv.rs_handler.token['PAT']
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)
request_args = {"access_token": pat}
ht_args = ressrv.client.client_authn_method[
"bearer_header"](ressrv).construct(ir, request_args=request_args)
# >>> AS->RS: UMA3.4.2 Return extended introspection object
resp = authzsrv.introspection_endpoint(ir.to_json(),
ht_args["headers"]["Authorization"])
iresp = IntrospectionResponse().from_json(resp.message)
# >>> RS-->RS: UMA3.3.3 Assess access attempt against
# permissions; has "read" scope
assert iresp["active"] is True
assert "permissions" in iresp
res = ressrv.collect_info(iresp, ressrv.rs_handler.op2scope['GET'])
# >>> RS->C: UMA3.3.3 Enable info reading
print(res)