def revoke_token(self, refresh_token: str):
"""
Revoke a refresh token
@returns dictionary containing status of the operation
@raises Exception in case of error
"""
if OAuth2Session is None or refresh_token is None:
raise ImportError(
"No module named OAuth2Session or revoke_token not provided")
provider = CONFIG_OBJ.get_oauth_provider()
providers = CONFIG_OBJ.get_providers()
auth = providers[provider][self.CLIENT_ID] + ":" + providers[provider][
self.CLIENT_SECRET]
encoded_auth = base64.b64encode(bytes(auth, self.UTF_8))
headers = {
'Accept': 'application/json',
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': 'Basic ' + str(encoded_auth, self.UTF_8)
}
data = f"token={refresh_token}&token_type_hint=refresh_token"
response = requests.post(providers[provider][self.REVOKE_URI],
headers=headers,
data=data)
self.log.debug("Response Status=%d", response.status_code)
self.log.debug("Response Reason=%s", response.reason)
self.log.debug("Response content=%s", response.content)
self.log.debug(str(response.content, self.UTF_8))
if response.status_code != 200:
raise OAuthCredMgrError("Refresh token could not be revoked!")
def refresh_token(self,
refresh_token: str,
project: str,
scope: str,
cookie: str = None) -> dict:
"""
Refreshes a token from CILogon and generates Fabric token using project and scope saved in Database
@param project: Project for which token is requested, by default it is set to 'all'
@param scope: Scope of the requested token, by default it is set to 'all'
@param refresh_token: Refresh Token
@param cookie: Vouch Proxy Cookie
@returns dict containing id_token and refresh_token
@raises Exception in case of error
"""
self.validate_scope(scope=scope)
if OAuth2Session is None or refresh_token is None:
raise ImportError(
"No module named OAuth2Session or refresh_token not provided")
provider = CONFIG_OBJ.get_oauth_provider()
providers = CONFIG_OBJ.get_providers()
refresh_token_dict = {self.REFRESH_TOKEN: refresh_token}
self.log.debug(f"Incoming refresh_token: {refresh_token}")
# refresh the token (provides both new refresh and access tokens)
oauth_client = OAuth2Session(providers[provider][self.CLIENT_ID],
token=refresh_token_dict)
new_token = oauth_client.refresh_token(
providers[provider][self.TOKEN_URI],
client_id=providers[provider][self.CLIENT_ID],
client_secret=providers[provider][self.CLIENT_SECRET])
new_refresh_token = None
try:
new_refresh_token = new_token.pop(self.REFRESH_TOKEN)
id_token = new_token.pop(self.ID_TOKEN)
except KeyError:
self.log.error("No refresh or id token returned")
raise OAuthCredMgrError("No refresh or id token returned")
self.log.debug(f"new_refresh_token: {new_refresh_token}")
try:
id_token = self._generate_fabric_token(ci_logon_id_token=id_token,
project=project,
scope=scope,
cookie=cookie)
result = {
self.ID_TOKEN: id_token,
self.REFRESH_TOKEN: new_refresh_token
}
return result
except Exception as e:
self.log.error(
f"Exception error while generating Fabric Token: {e}")
self.log.error(
f"Failed generating the token but still returning refresh token"
)
exception_string = str(e)
if exception_string.__contains__(
"could not be associated with a pending flow"):
exception_string = "Specified refresh token is expired and can not be found in the database."
error_string = f"error: {exception_string}, {self.REFRESH_TOKEN}: {new_refresh_token}"
raise OAuthCredMgrError(error_string)