def create_authn_response(endpoint, request, sid): """ :param endpoint: :param request: :param sid: :return: """ # create the response aresp = AuthorizationResponse() if request.get("state"): aresp["state"] = request["state"] if "response_type" in request and request["response_type"] == ["none"]: fragment_enc = False else: _context = endpoint.endpoint_context _sinfo = _context.sdb[sid] if request.get("scope"): aresp["scope"] = request["scope"] rtype = set(request["response_type"][:]) handled_response_type = [] fragment_enc = True if len(rtype) == 1 and "code" in rtype: fragment_enc = False if "code" in request["response_type"]: _code = aresp["code"] = _context.sdb[sid]["code"] handled_response_type.append("code") else: _context.sdb.update(sid, code=None) _code = None if "token" in rtype: _dic = _context.sdb.upgrade_to_token(issue_refresh=False, key=sid) logger.debug("_dic: %s" % sanitize(_dic)) for key, val in _dic.items(): if key in aresp.parameters() and val is not None: aresp[key] = val handled_response_type.append("token") _access_token = aresp.get("access_token", None) not_handled = rtype.difference(handled_response_type) if not_handled: resp = AuthorizationErrorResponse( error="invalid_request", error_description="unsupported_response_type") return {"response_args": resp, "fragment_enc": fragment_enc} return {"response_args": aresp, "fragment_enc": fragment_enc}
def create_authn_response(endpoint, request, sid): """ :param endpoint: :param request: :param sid: :return: """ # create the response aresp = AuthorizationResponse() if request.get("state"): aresp["state"] = request["state"] if "response_type" in request and request["response_type"] == ["none"]: fragment_enc = False else: _context = endpoint.endpoint_context _sinfo = _context.sdb[sid] if request.get("scope"): aresp["scope"] = request["scope"] rtype = set(request["response_type"][:]) handled_response_type = [] fragment_enc = True if len(rtype) == 1 and "code" in rtype: fragment_enc = False if "code" in request["response_type"]: _code = aresp["code"] = _context.sdb[sid]["code"] handled_response_type.append("code") else: _context.sdb.update(sid, code=None) _code = None if "token" in rtype: _dic = _context.sdb.upgrade_to_token(issue_refresh=False, key=sid) logger.debug("_dic: %s" % sanitize(_dic)) for key, val in _dic.items(): if key in aresp.parameters() and val is not None: aresp[key] = val handled_response_type.append("token") _access_token = aresp.get("access_token", None) if "id_token" in request["response_type"]: kwargs = {} if {"code", "id_token", "token"}.issubset(rtype): kwargs = {"code": _code, "access_token": _access_token} elif {"code", "id_token"}.issubset(rtype): kwargs = {"code": _code} elif {"id_token", "token"}.issubset(rtype): kwargs = {"access_token": _access_token} if request["response_type"] == ["id_token"]: kwargs["user_claims"] = True try: id_token = _context.idtoken.make(request, _sinfo, **kwargs) except (JWEException, NoSuitableSigningKeys) as err: logger.warning(str(err)) resp = AuthorizationErrorResponse( error="invalid_request", error_description="Could not sign/encrypt id_token", ) return {"response_args": resp, "fragment_enc": fragment_enc} aresp["id_token"] = id_token _sinfo["id_token"] = id_token handled_response_type.append("id_token") not_handled = rtype.difference(handled_response_type) if not_handled: resp = AuthorizationErrorResponse( error="invalid_request", error_description="unsupported_response_type") return {"response_args": resp, "fragment_enc": fragment_enc} return {"response_args": aresp, "fragment_enc": fragment_enc}
def create_authn_response(endpoint_context, request, sid): # create the response aresp = AuthorizationResponse() try: aresp["state"] = request["state"] except KeyError: pass if "response_type" in request and request["response_type"] == ["none"]: fragment_enc = False else: _sinfo = endpoint_context.sdb[sid] try: aresp["scope"] = request["scope"] except KeyError: pass rtype = set(request["response_type"][:]) handled_response_type = [] if len(rtype) == 1 and "code" in rtype: fragment_enc = False else: fragment_enc = True if "code" in request["response_type"]: _code = aresp["code"] = endpoint_context.sdb[sid]["code"] handled_response_type.append("code") else: endpoint_context.sdb.update(sid, code=None) _code = None if "token" in rtype: _dic = endpoint_context.sdb.upgrade_to_token(issue_refresh=False, key=sid) logger.debug("_dic: %s" % sanitize(_dic)) for key, val in _dic.items(): if key in aresp.parameters() and val is not None: aresp[key] = val handled_response_type.append("token") try: _access_token = aresp["access_token"] except KeyError: _access_token = None if "id_token" in request["response_type"]: user_info = userinfo_in_id_token_claims(endpoint_context, _sinfo) if request["response_type"] == ["id_token"]: # scopes should be returned here info = collect_user_info(endpoint_context, _sinfo) if user_info is None: user_info = info else: user_info.update(info) # client_info = endpoint_context.cdb[str(request["client_id"])] hargs = {} if {'code', 'id_token', 'token'}.issubset(rtype): hargs = {"code": _code, "access_token": _access_token} elif {'code', 'id_token'}.issubset(rtype): hargs = {"code": _code} elif {'id_token', 'token'}.issubset(rtype): hargs = {"access_token": _access_token} # or 'code id_token' try: id_token = sign_encrypt_id_token(endpoint_context, _sinfo, str(request["client_id"]), user_info=user_info, sign=True, **hargs) except (JWEException, NoSuitableSigningKeys) as err: logger.warning(str(err)) return AuthorizationErrorResponse( error="invalid_request", error_description="Could not sign/encrypt id_token") aresp["id_token"] = id_token _sinfo["id_token"] = id_token handled_response_type.append("id_token") not_handled = rtype.difference(handled_response_type) if not_handled: raise UnSupported("unsupported_response_type", list(not_handled)) return {'response_args': aresp, 'fragment_enc': fragment_enc}