def create_authn_response(endpoint, request, sid):
"""
:param endpoint:
:param request:
:param sid:
:return:
"""
# create the response
aresp = AuthorizationResponse()
if request.get("state"):
aresp["state"] = request["state"]
if "response_type" in request and request["response_type"] == ["none"]:
fragment_enc = False
else:
_context = endpoint.endpoint_context
_sinfo = _context.sdb[sid]
if request.get("scope"):
aresp["scope"] = request["scope"]
rtype = set(request["response_type"][:])
handled_response_type = []
fragment_enc = True
if len(rtype) == 1 and "code" in rtype:
fragment_enc = False
if "code" in request["response_type"]:
_code = aresp["code"] = _context.sdb[sid]["code"]
handled_response_type.append("code")
else:
_context.sdb.update(sid, code=None)
_code = None
if "token" in rtype:
_dic = _context.sdb.upgrade_to_token(issue_refresh=False, key=sid)
logger.debug("_dic: %s" % sanitize(_dic))
for key, val in _dic.items():
if key in aresp.parameters() and val is not None:
aresp[key] = val
handled_response_type.append("token")
_access_token = aresp.get("access_token", None)
not_handled = rtype.difference(handled_response_type)
if not_handled:
resp = AuthorizationErrorResponse(
error="invalid_request",
error_description="unsupported_response_type")
return {"response_args": resp, "fragment_enc": fragment_enc}
return {"response_args": aresp, "fragment_enc": fragment_enc}
def create_authn_response(endpoint, request, sid):
"""
:param endpoint:
:param request:
:param sid:
:return:
"""
# create the response
aresp = AuthorizationResponse()
if request.get("state"):
aresp["state"] = request["state"]
if "response_type" in request and request["response_type"] == ["none"]:
fragment_enc = False
else:
_context = endpoint.endpoint_context
_sinfo = _context.sdb[sid]
if request.get("scope"):
aresp["scope"] = request["scope"]
rtype = set(request["response_type"][:])
handled_response_type = []
fragment_enc = True
if len(rtype) == 1 and "code" in rtype:
fragment_enc = False
if "code" in request["response_type"]:
_code = aresp["code"] = _context.sdb[sid]["code"]
handled_response_type.append("code")
else:
_context.sdb.update(sid, code=None)
_code = None
if "token" in rtype:
_dic = _context.sdb.upgrade_to_token(issue_refresh=False, key=sid)
logger.debug("_dic: %s" % sanitize(_dic))
for key, val in _dic.items():
if key in aresp.parameters() and val is not None:
aresp[key] = val
handled_response_type.append("token")
_access_token = aresp.get("access_token", None)
if "id_token" in request["response_type"]:
kwargs = {}
if {"code", "id_token", "token"}.issubset(rtype):
kwargs = {"code": _code, "access_token": _access_token}
elif {"code", "id_token"}.issubset(rtype):
kwargs = {"code": _code}
elif {"id_token", "token"}.issubset(rtype):
kwargs = {"access_token": _access_token}
if request["response_type"] == ["id_token"]:
kwargs["user_claims"] = True
try:
id_token = _context.idtoken.make(request, _sinfo, **kwargs)
except (JWEException, NoSuitableSigningKeys) as err:
logger.warning(str(err))
resp = AuthorizationErrorResponse(
error="invalid_request",
error_description="Could not sign/encrypt id_token",
)
return {"response_args": resp, "fragment_enc": fragment_enc}
aresp["id_token"] = id_token
_sinfo["id_token"] = id_token
handled_response_type.append("id_token")
not_handled = rtype.difference(handled_response_type)
if not_handled:
resp = AuthorizationErrorResponse(
error="invalid_request",
error_description="unsupported_response_type")
return {"response_args": resp, "fragment_enc": fragment_enc}
return {"response_args": aresp, "fragment_enc": fragment_enc}