def create_authn_response(endpoint, request, sid):
"""
:param endpoint:
:param request:
:param sid:
:return:
"""
# create the response
aresp = AuthorizationResponse()
if request.get("state"):
aresp["state"] = request["state"]
if "response_type" in request and request["response_type"] == ["none"]:
fragment_enc = False
else:
_context = endpoint.endpoint_context
_sinfo = _context.sdb[sid]
if request.get("scope"):
aresp["scope"] = request["scope"]
rtype = set(request["response_type"][:])
handled_response_type = []
fragment_enc = True
if len(rtype) == 1 and "code" in rtype:
fragment_enc = False
if "code" in request["response_type"]:
_code = aresp["code"] = _context.sdb[sid]["code"]
handled_response_type.append("code")
else:
_context.sdb.update(sid, code=None)
_code = None
if "token" in rtype:
_dic = _context.sdb.upgrade_to_token(issue_refresh=False, key=sid)
logger.debug("_dic: %s" % sanitize(_dic))
for key, val in _dic.items():
if key in aresp.parameters() and val is not None:
aresp[key] = val
handled_response_type.append("token")
_access_token = aresp.get("access_token", None)
not_handled = rtype.difference(handled_response_type)
if not_handled:
resp = AuthorizationErrorResponse(
error="invalid_request",
error_description="unsupported_response_type")
return {"response_args": resp, "fragment_enc": fragment_enc}
return {"response_args": aresp, "fragment_enc": fragment_enc}
def create_authn_response(endpoint, request, sid):
"""
:param endpoint:
:param request:
:param sid:
:return:
"""
# create the response
aresp = AuthorizationResponse()
if request.get("state"):
aresp["state"] = request["state"]
if "response_type" in request and request["response_type"] == ["none"]:
fragment_enc = False
else:
_context = endpoint.endpoint_context
_sinfo = _context.sdb[sid]
if request.get("scope"):
aresp["scope"] = request["scope"]
rtype = set(request["response_type"][:])
handled_response_type = []
fragment_enc = True
if len(rtype) == 1 and "code" in rtype:
fragment_enc = False
if "code" in request["response_type"]:
_code = aresp["code"] = _context.sdb[sid]["code"]
handled_response_type.append("code")
else:
_context.sdb.update(sid, code=None)
_code = None
if "token" in rtype:
_dic = _context.sdb.upgrade_to_token(issue_refresh=False, key=sid)
logger.debug("_dic: %s" % sanitize(_dic))
for key, val in _dic.items():
if key in aresp.parameters() and val is not None:
aresp[key] = val
handled_response_type.append("token")
_access_token = aresp.get("access_token", None)
if "id_token" in request["response_type"]:
kwargs = {}
if {"code", "id_token", "token"}.issubset(rtype):
kwargs = {"code": _code, "access_token": _access_token}
elif {"code", "id_token"}.issubset(rtype):
kwargs = {"code": _code}
elif {"id_token", "token"}.issubset(rtype):
kwargs = {"access_token": _access_token}
if request["response_type"] == ["id_token"]:
kwargs["user_claims"] = True
try:
id_token = _context.idtoken.make(request, _sinfo, **kwargs)
except (JWEException, NoSuitableSigningKeys) as err:
logger.warning(str(err))
resp = AuthorizationErrorResponse(
error="invalid_request",
error_description="Could not sign/encrypt id_token",
)
return {"response_args": resp, "fragment_enc": fragment_enc}
aresp["id_token"] = id_token
_sinfo["id_token"] = id_token
handled_response_type.append("id_token")
not_handled = rtype.difference(handled_response_type)
if not_handled:
resp = AuthorizationErrorResponse(
error="invalid_request",
error_description="unsupported_response_type")
return {"response_args": resp, "fragment_enc": fragment_enc}
return {"response_args": aresp, "fragment_enc": fragment_enc}
def create_authn_response(endpoint_context, request, sid):
# create the response
aresp = AuthorizationResponse()
try:
aresp["state"] = request["state"]
except KeyError:
pass
if "response_type" in request and request["response_type"] == ["none"]:
fragment_enc = False
else:
_sinfo = endpoint_context.sdb[sid]
try:
aresp["scope"] = request["scope"]
except KeyError:
pass
rtype = set(request["response_type"][:])
handled_response_type = []
if len(rtype) == 1 and "code" in rtype:
fragment_enc = False
else:
fragment_enc = True
if "code" in request["response_type"]:
_code = aresp["code"] = endpoint_context.sdb[sid]["code"]
handled_response_type.append("code")
else:
endpoint_context.sdb.update(sid, code=None)
_code = None
if "token" in rtype:
_dic = endpoint_context.sdb.upgrade_to_token(issue_refresh=False,
key=sid)
logger.debug("_dic: %s" % sanitize(_dic))
for key, val in _dic.items():
if key in aresp.parameters() and val is not None:
aresp[key] = val
handled_response_type.append("token")
try:
_access_token = aresp["access_token"]
except KeyError:
_access_token = None
if "id_token" in request["response_type"]:
user_info = userinfo_in_id_token_claims(endpoint_context, _sinfo)
if request["response_type"] == ["id_token"]:
# scopes should be returned here
info = collect_user_info(endpoint_context, _sinfo)
if user_info is None:
user_info = info
else:
user_info.update(info)
# client_info = endpoint_context.cdb[str(request["client_id"])]
hargs = {}
if {'code', 'id_token', 'token'}.issubset(rtype):
hargs = {"code": _code, "access_token": _access_token}
elif {'code', 'id_token'}.issubset(rtype):
hargs = {"code": _code}
elif {'id_token', 'token'}.issubset(rtype):
hargs = {"access_token": _access_token}
# or 'code id_token'
try:
id_token = sign_encrypt_id_token(endpoint_context, _sinfo,
str(request["client_id"]),
user_info=user_info,
sign=True, **hargs)
except (JWEException, NoSuitableSigningKeys) as err:
logger.warning(str(err))
return AuthorizationErrorResponse(
error="invalid_request",
error_description="Could not sign/encrypt id_token")
aresp["id_token"] = id_token
_sinfo["id_token"] = id_token
handled_response_type.append("id_token")
not_handled = rtype.difference(handled_response_type)
if not_handled:
raise UnSupported("unsupported_response_type", list(not_handled))
return {'response_args': aresp, 'fragment_enc': fragment_enc}