def _load_oid_token(self, provider):
if 'config' not in provider:
return
parts = provider['config']['id-token'].split('.')
if len(parts) != 3: # Not a valid JWT
return None
padding = (4 - len(parts[1]) % 4) * '='
if PY3:
jwt_attributes = json.loads(
base64.b64decode(parts[1] + padding).decode('utf-8'))
else:
jwt_attributes = json.loads(base64.b64decode(parts[1] + padding))
expire = jwt_attributes.get('exp')
if ((expire is not None) and
(_is_expired(datetime.datetime.fromtimestamp(expire, tz=UTC)))):
self._refresh_oidc(provider)
if self._config_persister:
self._config_persister(self._config.value)
self.token = "Bearer %s" % provider['config']['id-token']
return self.token
def _load_gcp_token(self):
if 'auth-provider' not in self._user:
return
provider = self._user['auth-provider']
if 'name' not in provider:
return
if provider['name'] != 'gcp':
return
if (('config' not in provider)
or ('access-token' not in provider['config'])
or ('expiry' in provider['config']
and _is_expired(provider['config']['expiry']))):
# token is not available or expired, refresh it
self._refresh_gcp_token()
self.token = "Bearer %s" % provider['config']['access-token']
return self.token
def load_oid_token_patched(self, provider):
if 'auth-provider' not in self._user:
return
provider = self._user['auth-provider']
if 'name' not in provider or 'config' not in provider or provider[
'name'] != 'oidc':
return
parts = provider['config']['id-token'].split('.')
if len(parts) != 3: # Not a valid JWT
return None
padding = (4 - len(parts[1]) % 4) * '='
jwt_attributes = json.loads(
base64.b64decode(parts[1] + padding).decode('utf-8'))
expire = jwt_attributes.get('exp')
if (expire is not None) and _is_expired(
datetime.fromtimestamp(expire, tz=timezone.utc)):
self._refresh_oidc(provider)
if self._config_persister:
self._config_persister(self._config.value)
self.token = "Bearer %s" % provider['config']['id-token']
return self.token
def _load_oid_token(self):
if 'auth-provider' not in self._user:
return
provider = self._user['auth-provider']
if 'name' not in provider or 'config' not in provider:
return
if provider['name'] != 'oidc':
return
parts = provider['config']['id-token'].split('.')
if len(parts) != 3: # Not a valid JWT
return None
missing_padding = len(parts[1]) % 4
if missing_padding != 0:
parts[1] += '=' * (4 - missing_padding)
if PY3:
jwt_attributes = json.loads(
base64.b64decode(parts[1]).decode('utf-8'))
else:
jwt_attributes = json.loads(base64.b64decode(parts[1] + "=="))
expire = jwt_attributes.get('exp')
if ((expire is not None) and
(_is_expired(datetime.datetime.fromtimestamp(expire, tz=UTC)))):
self._refresh_oidc(provider)
if self._config_persister:
self._config_persister(self._config.value)
self.token = "Bearer %s" % provider['config']['id-token']
return self.token