def refresh_token(self, token, new_refresh=False):
"""
Issue a new access token using a valid refresh token
:param token: Refresh token
:param new_refresh: Whether a new refresh token should be minted or not
:return: Dictionary with session info
:raises: ExpiredToken for invalid refresh token
WrongTokenType for wrong token type
"""
try:
_tinfo = self.handler["refresh_token"].info(token)
except KeyError:
return False
_sid = _tinfo["sid"]
session_info = self[_sid]
if token != session_info.get("refresh_token"):
raise UnknownToken()
if is_expired(int(_tinfo["exp"])):
raise ExpiredToken()
session_info["access_token"] = self._make_at(_sid, session_info)
session_info["token_type"] = self.handler["access_token"].token_type
if new_refresh:
session_info = self.replace_refresh_token(_sid, session_info)
self[_sid] = session_info
return session_info
def get_authentication_event(self, sid):
try:
session_info = self[sid]
except Exception:
raise UnknownToken(sid)
else:
sesinf = session_info.get("authn_event")
return sesinf or ValueError("No Authn event info")
def is_session_revoked(self, key):
try:
session_info = self[key]
except Exception:
raise UnknownToken(key)
try:
return session_info['revoked']
except KeyError:
return False
def get_authentication_event(self, sid):
try:
session_info = self[sid]
except Exception:
raise UnknownToken(sid)
else:
try:
return session_info["authn_event"]
except KeyError:
raise ValueError("No Authn event info")
def info(self, token):
"""
Return type of Token (A=Access code, T=Token, R=Refresh token) and
the session id.
:param token: A token
:return: tuple of token type and session id
"""
verifier = JWT(key_jar=self.key_jar, allowed_sign_algs=[self.alg])
try:
_payload = verifier.unpack(token)
except JWSException:
raise UnknownToken()
if is_expired(_payload["exp"]):
raise ToOld("Token has expired")
# All the token metadata
_res = {
"sid": _payload["sid"],
"type": _payload["ttype"],
"exp": _payload["exp"],
"handler": self,
}
return _res