def __init__(self,
*,
azure_tenancy_id: str,
azure_application_id: str,
azure_client_application_ids: List[str],
azure_jwks: Optional[dict] = None):
"""
:type azure_tenancy_id: str
:param azure_tenancy_id: Azure Active Directory tenancy ID
:type azure_application_id: str
:param azure_application_id: ID of the Azure Active Directory application registration representing this app
:type azure_client_application_ids: List[str]
:param azure_client_application_ids: IDs of Azure Active Directory application registrations representing
clients of this app
:type azure_jwks: Optional[dict]
:param azure_jwks: trusted JWKs formatted as a JSON Web Key Set
"""
super().__init__()
self.azure_tenancy_id = azure_tenancy_id
self.azure_application_id = azure_application_id
self.azure_client_application_ids = azure_client_application_ids
self.jwks = azure_jwks
self.validator = AzureTokenValidator(
azure_tenancy_id=self.azure_tenancy_id,
azure_application_id=self.azure_application_id,
azure_client_application_ids=self.azure_client_application_ids,
azure_jwks=self.jwks)
self.register_token_validator(self.validator)
def init_app(self, app: App):
"""
Initialises extension using settings from the Flask application
:type app: App
:param app: Flask application
"""
self.azure_tenancy_id = app.config["AZURE_OAUTH_TENANCY"]
self.azure_application_id = app.config["AZURE_OAUTH_APPLICATION_ID"]
self.azure_client_application_ids = None
self.jwks = self._get_jwks()
try:
self.azure_client_application_ids = app.config[
"AZURE_OAUTH_CLIENT_APPLICATION_IDS"]
if isinstance(self.azure_client_application_ids, list):
if len(self.azure_client_application_ids) == 0:
self.azure_client_application_ids = None
except KeyError:
pass
self.validator = AzureTokenValidator(
azure_tenancy_id=self.azure_tenancy_id,
azure_application_id=self.azure_application_id,
azure_client_application_ids=self.azure_client_application_ids,
azure_jwks=self.jwks,
)
self.register_token_validator(self.validator)
def use_restored_jwks(self) -> None:
"""
Replaces the token validator with a version where the JSON Web Key Set is unaltered and working
"""
self.deregister_token_validator(self.validator)
token_validator = AzureTokenValidator(
azure_tenancy_id=self.azure_tenancy_id,
azure_application_id=self.azure_application_id,
azure_client_application_ids=self.azure_client_application_ids,
azure_jwks=self.jwks)
self.register_token_validator(token_validator)
def use_null_jwks(self) -> None:
"""
Replaces the token validator with a version where the JSON Web Key Set is empty
"""
self.deregister_token_validator(self.validator)
token_validator = AzureTokenValidator(
azure_tenancy_id=self.azure_tenancy_id,
azure_application_id=self.azure_application_id,
azure_client_application_ids=self.azure_client_application_ids,
azure_jwks=TestJwk(null_jwks=True).jwks())
self.register_token_validator(token_validator)
def use_replaced_jwks(self) -> None:
"""
Replaces the token validator with a version where the JSON Web Key Set has been replaced but uses the same KID
"""
self.deregister_token_validator(self.validator)
previous_kid = self.jwks['keys'][0]['kid']
token_validator = AzureTokenValidator(
azure_tenancy_id=self.azure_tenancy_id,
azure_application_id=self.azure_application_id,
azure_client_application_ids=self.azure_client_application_ids,
azure_jwks=TestJwk(kid=previous_kid).jwks())
self.register_token_validator(token_validator)
def use_broken_jwks(self) -> None:
"""
Replaces the token validator with a version where the JSON Web Key Set contains a broken JWK (missing key type)
"""
self.deregister_token_validator(self.validator)
broken_jwks = self.jwks
del broken_jwks['keys'][0]['kty']
token_validator = AzureTokenValidator(
azure_tenancy_id=self.azure_tenancy_id,
azure_application_id=self.azure_application_id,
azure_client_application_ids=self.azure_client_application_ids,
azure_jwks=broken_jwks)
self.register_token_validator(token_validator)
def init_app(self, app: App):
"""
Initialises extension using settings from the Flask application
:type app: App
:param app: Flask application
"""
self.azure_tenancy_id = app.config["AZURE_OAUTH_TENANCY"]
self.azure_application_id = app.config["AZURE_OAUTH_APPLICATION_ID"]
self.azure_client_application_ids = app.config[
"AZURE_OAUTH_CLIENT_APPLICATION_IDS"]
self.jwks = self._get_jwks(app=app)
self.validator = AzureTokenValidator(
azure_tenancy_id=self.azure_tenancy_id,
azure_application_id=self.azure_application_id,
azure_client_application_ids=self.azure_client_application_ids,
azure_jwks=self.jwks,
)
self.register_token_validator(self.validator)
