def __init__(self, name, sdb, cdb, authn_broker, authz, client_authn, symkey=None, urlmap=None, iv=0, default_scope="", ca_bundle=None, seed=b"", client_authn_methods=None, authn_at_registration="", client_info_url="", secret_lifetime=86400, jwks_uri='', keyjar=None, capabilities=None, verify_ssl=True, baseurl='', hostname='', config=None, behavior=None, lifetime_policy=None, **kwargs): if not name.endswith("/"): name += "/" try: args = {'server_cls': kwargs['server_cls']} except KeyError: args = {} provider.Provider.__init__(self, name, sdb, cdb, authn_broker, authz, client_authn, symkey, urlmap, iv, default_scope, ca_bundle, **args) self.endp.extend([ RegistrationEndpoint, ClientInfoEndpoint, RevocationEndpoint, IntrospectionEndpoint ]) # dictionary of client authentication methods self.client_authn_methods = client_authn_methods if authn_at_registration: if authn_at_registration not in client_authn_methods: raise UnknownAuthnMethod(authn_at_registration) self.authn_at_registration = authn_at_registration self.seed = seed self.client_info_url = client_info_url self.secret_lifetime = secret_lifetime self.jwks_uri = jwks_uri self.verify_ssl = verify_ssl try: self.scopes = kwargs['scopes'] except KeyError: self.scopes = ['offline_access'] self.keyjar = keyjar if self.keyjar is None: self.keyjar = KeyJar(verify_ssl=self.verify_ssl) if capabilities: self.capabilities = self.provider_features( provider_config=capabilities) else: self.capabilities = self.provider_features() self.baseurl = baseurl or name self.hostname = hostname or socket.gethostname() self.kid = {"sig": {}, "enc": {}} self.config = config or {} self.behavior = behavior or {} self.token_policy = {'access_token': {}, 'refresh_token': {}} if lifetime_policy is None: self.lifetime_policy = { 'access_token': { 'code': 600, 'token': 120, 'implicit': 120, 'authorization_code': 600, 'client_credentials': 600, 'password': 600 }, 'refresh_token': { 'code': 3600, 'token': 3600, 'implicit': 3600, 'authorization_code': 3600, 'client_credentials': 3600, 'password': 3600 } } else: self.lifetime_policy = lifetime_policy self.token_handler = TokenHandler(self.baseurl, self.token_policy, keyjar=self.keyjar)
def __init__( self, name, sdb, cdb, authn_broker, authz, client_authn, symkey=None, urlmap=None, iv=0, default_scope="", ca_bundle=None, seed=b"", client_authn_methods=None, authn_at_registration="", client_info_url="", secret_lifetime=86400, jwks_uri="", keyjar=None, capabilities=None, verify_ssl=True, baseurl="", hostname="", config=None, behavior=None, lifetime_policy=None, message_factory=ExtensionMessageFactory, **kwargs ): if not name.endswith("/"): name += "/" try: args = {"server_cls": kwargs["server_cls"]} except KeyError: args = {} super().__init__( name, sdb, cdb, authn_broker, authz, client_authn, symkey, urlmap, iv, default_scope, ca_bundle, message_factory=message_factory, **args ) self.endp.extend( [ RegistrationEndpoint, ClientInfoEndpoint, RevocationEndpoint, IntrospectionEndpoint, ] ) # dictionary of client authentication methods self.client_authn_methods = client_authn_methods if authn_at_registration: if authn_at_registration not in client_authn_methods: raise UnknownAuthnMethod(authn_at_registration) self.authn_at_registration = authn_at_registration self.seed = seed self.client_info_url = client_info_url self.secret_lifetime = secret_lifetime self.jwks_uri = jwks_uri self.verify_ssl = verify_ssl self.scopes.extend(kwargs.get("scopes", [])) self.keyjar = keyjar if self.keyjar is None: self.keyjar = KeyJar(verify_ssl=self.verify_ssl) if capabilities: self.capabilities = self.provider_features(provider_config=capabilities) else: self.capabilities = self.provider_features() self.baseurl = baseurl or name self.hostname = hostname or socket.gethostname() self.kid = {"sig": {}, "enc": {}} # type: Dict[str, Dict[str, str]] self.config = config or {} self.behavior = behavior or {} self.token_policy = { "access_token": {}, "refresh_token": {}, } # type: Dict[str, Dict[str, str]] if lifetime_policy is None: self.lifetime_policy = { "access_token": { "code": 600, "token": 120, "implicit": 120, "authorization_code": 600, "client_credentials": 600, "password": 600, }, "refresh_token": { "code": 3600, "token": 3600, "implicit": 3600, "authorization_code": 3600, "client_credentials": 3600, "password": 3600, }, } else: self.lifetime_policy = lifetime_policy self.token_handler = TokenHandler( self.baseurl, self.token_policy, keyjar=self.keyjar )