def get_authorization_response(self, authorization_request_id):
"""
NOTE: This method is being deprecated. Use
`get_advanced_authorization_response` instead!
Request the response for a previous authorization call.
:param authorization_request_id: Unique identifier returned by
authorization_request()
:raise: launchkey.exceptions.InvalidParameters - Input parameters were
not correct
:raise: launchkey.exceptions.RequestTimedOut - The authorization
request has not been responded to before the
timeout period (5 minutes)
:raise: launchkey.exceptions.AuthorizationRequestCanceled - The
authorization request has been canceled so a response cannot be
retrieved.
:return: None if the user has not responded otherwise a
launchkey.entities.service.AuthorizationResponse object
with the user's response
in it
"""
advanced_authorization_response = \
self.get_advanced_authorization_response(authorization_request_id)
if not advanced_authorization_response:
return None
return AuthorizationResponse(advanced_authorization_response.data,
advanced_authorization_response.transport)
def get_authorization_response(self, authorization_request_id):
"""
Request the response for a previous authorization call.
:param authorization_request_id: Unique identifier returned by
authorization_request()
:raise: launchkey.exceptions.InvalidParameters - Input parameters were
not correct
:raise: launchkey.exceptions.RequestTimedOut - The authorization
request has not been responded to before the
timeout period (5 minutes)
:raise: launchkey.exceptions.AuthorizationRequestCanceled - The
authorization request has been canceled so a response cannot be
retrieved.
:return: None if the user has not responded otherwise a
launchkey.entities.service.AuthorizationResponse object
with the user's response
in it
"""
response = self._transport.get(
"/service/v3/auths/%s" % authorization_request_id, self._subject)
if response.status_code == 204:
authorization_response = None
else:
data = self._validate_response(response,
AuthorizationResponseValidator)
authorization_response = AuthorizationResponse(
data, self._transport)
return authorization_response
def handle_webhook(self, body, headers, method=None, path=None):
"""
NOTE: This method is being deprecated. Use `handle_advanced_webhook`
instead!
Handle a webhook callback
In the event of a Logout webhook, be sure to call session_end() when
you complete the process of ending the user's session in your
implementation. This will remove the corresponding Application from
the authorization list on all of the the user's mobile devices.
:param body: The raw body that was send in the POST content
:param headers: A generic map of response headers. These will be used
to access and validate authorization
:param path: The path of the request
:param method: The HTTP method of the request
:return: launchkey.entities.service.SessionEndRequest or
launchkey.entities.service.AuthorizationResponse
:raises launchkey.exceptions.UnexpectedWebhookRequest: when the
request or its cannot be parsed or fails
validation.
:raises launchkey.exceptions.UnableToDecryptWebhookRequest: when the
request is an authorization response webhook and the request body
cannot be decrypted
:raises launchkey.exceptions.UnexpectedAuthorizationResponse: when the
decrypted auth package is missing required data. This error is
indicative of a non webhook request being sent to the method.
:raises launchkey.exceptions.UnexpectedKeyID: when the auth package in
an authorization response webhook request body is decrypted using a
public key whose private key is not known by the client. This can be
a configuration issue.
:raises launchkey.exceptions.UnexpectedDeviceResponse: when the auth
package received from the device is invalid. This error is
indicative of a man in the middle (MITM) attack.
:raises launchkey.exceptions.WebhookAuthorizationError: when the
"Authorization" header in the headers.
"""
advanced_authorization_response = self.handle_advanced_webhook(
body, headers, method, path)
if isinstance(advanced_authorization_response, SessionEndRequest):
return advanced_authorization_response
return AuthorizationResponse(advanced_authorization_response.data,
advanced_authorization_response.transport)
def handle_webhook(self, body, headers):
"""
Handle a webhook callback
In the event of a Logout webhook, be sure to call session_end() when you complete the process of ending the
user's session in your implementation. This will remove the corresponding Application from the authorization
list on all of the the user's mobile devices.
:param body: The raw body that was send in the POST content
:param headers: A generic map of response headers. These will be used to access and validate the JWT
:return: launchkey.entities.service.SessionEndRequest or launchkey.entities.service.AuthorizationResponse
"""
self._transport.verify_jwt_response(headers, None, body, self._subject)
if "service_user_hash" in body:
body = self._validate_response(loads(body), AuthorizeSSEValidator)
return SessionEndRequest(
body['service_user_hash'],
self._transport.parse_api_time(body['api_time']))
else:
body = loads(self._transport.decrypt_response(body))
return AuthorizationResponse(
body, self._transport.loaded_issuer_private_keys)
def handle_webhook(self, body, headers, method=None, path=None):
"""
Handle a webhook callback
In the event of a Logout webhook, be sure to call session_end() when
you complete the process of ending the user's session in your
implementation. This will remove the corresponding Application from
the authorization list on all of the the user's mobile devices.
:param body: The raw body that was send in the POST content
:param headers: A generic map of response headers. These will be used
to access and validate authorization
:param path: The path of the request
:param method: The HTTP method of the request
:return: launchkey.entities.service.SessionEndRequest or
launchkey.entities.service.AuthorizationResponse
:raises launchkey.exceptions.UnexpectedWebhookRequest: when the
request or its cannot be parsed or fails
validation.
:raises launchkey.exceptions.UnableToDecryptWebhookRequest: when the
request is an authorization response webhook and the request body
cannot be decrypted
:raises launchkey.exceptions.UnexpectedAuthorizationResponse: when the
decrypted auth package is missing required data. This error is
indicative of a non webhook request being sent to the method.
:raises launchkey.exceptions.UnexpectedKeyID: when the auth package in
an authorization response webhook request body is decrypted using a
public key whose private key is not known by the client. This can be
a configuration issue.
:raises launchkey.exceptions.UnexpectedDeviceResponse: when the auth
package received from the device is invalid. This error is
indicative of a man in the middle (MITM) attack.
:raises launchkey.exceptions.WebhookAuthorizationError: when the
"Authorization" header in the headers.
"""
if method is None:
warnings.warn(
"Not passing a valid request method string is "
"deprecated and will be required in the next "
"major version", PendingDeprecationWarning)
if path is None:
warnings.warn(
"Not passing a valid request path string is "
"deprecated and will be required in the next "
"major version", PendingDeprecationWarning)
try:
if "service_user_hash" in "%s" % body:
body = self.x_iov_jwt_service.verify_jwt_request(
body, headers, method, path)
try:
body = self._validate_response(loads(body),
AuthorizeSSEValidator)
except UnexpectedAPIResponse as reason:
raise UnexpectedWebhookRequest(reason=reason)
result = SessionEndRequest(
body['service_user_hash'],
self._transport.parse_api_time(body['api_time']))
else:
try:
decrypted_body = self.x_iov_jwt_service.decrypt_jwe(
body, headers, method, path)
auth_response = loads(decrypted_body)
result = AuthorizationResponse(auth_response,
self._transport)
except XiovJWTDecryptionFailure as reason:
raise UnableToDecryptWebhookRequest(reason=reason)
except KeyError as reason:
raise UnexpectedAuthorizationResponse(reason=reason)
except XiovJWTValidationFailure as reason:
raise UnexpectedWebhookRequest(reason)
return result