def get_userinfo(): logger.debug("get_userinfo()") user_info = None session[SESSION_INSTANCE_SETTINGS_KEY][GET_NEW_TOKEN_URL] = "" if TokenUtil.is_valid_remote(TokenUtil.get_access_token(request.cookies), session[SESSION_INSTANCE_SETTINGS_KEY]): logger.debug("valid") user_info = TokenUtil.get_claims_from_token( TokenUtil.get_id_token(request.cookies)) else: logger.debug("notvalid") session[SESSION_INSTANCE_SETTINGS_KEY][ GET_NEW_TOKEN_URL] = get_oauth_authorize_url() return user_info
def api_proxy(): authorization = request.form.get('Authorization') url = request.form.get('url') secret = request.form.get('secret') key = request.form.get('key') tid = request.form.get('task_id') title = request.form.get('title') description = request.form.get('description') done = request.form.get('done') api_headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded", "Authorization": "Basic {0}".format(OktaUtil.get_encoded_auth(key, secret)) } introspecturl = "{issuer}/v1/introspect?token={token}".format( issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"], token=authorization) body = {} accesstoken = RestUtil.execute_post(introspecturl, body, headers=api_headers) if "error" not in accesstoken: if accesstoken["active"]: authorization_info = TokenUtil.get_claims_from_token(authorization) scopes = authorization_info["scp"] else: return {"Issue": "Unauthorized"} else: return {"Issue": "Unauthorized"} apiresponse = check_task_event(url=url, tid=tid, title=title, description=description, done=done, scopes=scopes) if not apiresponse: apiresponse = { "Issue": "Error when processing request. Please check your values." } return apiresponse
def gbac_id_tokenp(): token = TokenUtil.get_id_token(request.cookies) decodedToken = TokenUtil.get_claims_from_token(token) return json.dumps(decodedToken)
def streamingservice_token_check(): logger.debug("streamingservice_token_check()") access_token = request.form['access_token'] id_token = request.form['id_token'] refresh_token = request.form['refresh_token'] device_id = request.form['device_id'] client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][ "app_deviceflow_clientid"] client_secret = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][ "app_deviceflow_clientsecret"] okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) isactiveID = okta_auth.introspect_with_clientid( id_token, client_id=client_id, client_secret=client_secret, token_type_hint="idtoken") if isactiveID["active"]: id_token_info = TokenUtil.get_claims_from_token(id_token) user_app_profile = okta_admin.get_user_application_by_client_id( user_id=id_token_info["sub"], client_id=client_id) if get_udp_ns_fieldname( "authorized_devices") in user_app_profile["profile"]: devices = user_app_profile["profile"][get_udp_ns_fieldname( "authorized_devices")] if device_id in devices: isactiveAT = okta_auth.introspect_with_clientid( access_token, client_id=client_id, client_secret=client_secret, token_type_hint="access_token") if isactiveAT["active"]: response = "true" else: isactiveRT = okta_auth.introspect_with_clientid( refresh_token, client_id=client_id, client_secret=client_secret, token_type_hint="refresh_token") if isactiveRT['active']: logging.debug("get new AT") responseurl = url_for( "streamingservice_views_bp.streamingservice_devicepage", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY] ["app_scheme"]) tokens = okta_auth.get_oauth_token_from_refresh_token( headers=None, refresh_token=refresh_token, client_id=client_id, client_secret=client_secret, grant_type="refresh_token", redirect_uri=responseurl, scopes="openid profile email offline_access") response = tokens else: response = "false" else: response = "false" else: response = "false" else: response = "false" return response