def request_client_credential_sshagent(self, client_id=None, agent_keyname = None):
"""
This is designed to support section 4.4 of the OAuth 2.0 spec:
"The client can request an access token using only its client
credentials (or other supported means of authentication) when the
client is requesting access to the protected resources under its
control"
"""
body = 'grant_type=client_credentials'
path = '/goauth/token'
method = 'POST'
url_parts = ('https', self.server, path, None, None)
url = urlparse.urlunsplit(url_parts)
# Handle options based on explicitly parameters - ignore implicit options based
# on instance attributes
if client_id is None:
client_id = self.client
if agent_keyname is None:
agent_keyname = self.agent_keyname
if agent_keyname and client_id:
headers = sign_with_sshagent(self.agent_keys[agent_keyname],
path,
method,
client_id,
body=body)
response = requests.post(url, data={'grant_type': 'client_credentials'}, headers=headers, verify=self.verify_ssl)
else:
raise Exception('Requires client_id and ssh agent_keyname as parameters or as part of initial config to authenticate credential request')
return response.json()
def sshagent_get_request_token(self, username, client_id, keyname):
query_params = {"response_type": "code", "client_id": client_id}
query_params = urllib.urlencode(query_params)
path = '/goauth/authorize'
method = 'GET'
headers = sign_with_sshagent(self.agent_keys[keyname],
path,
method,
username,
query=query_params)
url_parts = ('https', self.server, '/goauth/authorize', query_params,
None)
url = urlparse.urlunsplit(url_parts)
response = requests.get(url, headers=headers, verify=self.verify_ssl)
return response.json()
def sshagent_get_request_token(self, username, client_id, keyname):
query_params = {
"response_type": "code",
"client_id": client_id
}
query_params = urllib.urlencode(query_params)
path = '/goauth/authorize'
method = 'GET'
headers = sign_with_sshagent(self.agent_keys[keyname],
path,
method,
username,
query=query_params)
url_parts = ('https', self.server, '/goauth/authorize', query_params, None)
url = urlparse.urlunsplit(url_parts)
response = requests.get(url, headers=headers, verify=self.verify_ssl)
return response.json()
def request_client_credential_sshagent(self,
client_id=None,
agent_keyname=None):
"""
This is designed to support section 4.4 of the OAuth 2.0 spec:
"The client can request an access token using only its client
credentials (or other supported means of authentication) when the
client is requesting access to the protected resources under its
control"
"""
body = 'grant_type=client_credentials'
path = '/goauth/token'
method = 'POST'
url_parts = ('https', self.server, path, None, None)
url = urlparse.urlunsplit(url_parts)
# Handle options based on explicitly parameters - ignore implicit options based
# on instance attributes
if client_id is None:
client_id = self.client
if agent_keyname is None:
agent_keyname = self.agent_keyname
if agent_keyname and client_id:
headers = sign_with_sshagent(self.agent_keys[agent_keyname],
path,
method,
client_id,
body=body)
response = requests.post(url,
data={'grant_type': 'client_credentials'},
headers=headers,
verify=self.verify_ssl)
else:
raise Exception(
'Requires client_id and ssh agent_keyname as parameters or as part of initial config to authenticate credential request'
)
return response.json()
