def help():
# Issues authorization code
client_id = request.args.get('client_id', None)
redirect_uri = request.args.get('redirect_uri', None)
response_type = request.args.get('response_type', None)
scope = request.args.get('scope', None)
shebang = request.args.get('shebang', 0)
_auth = Auth(client_id)
if len(_auth._get_client()) == 0:
return process_error('invalid_request')
# First verify redirect_uri
if not _auth.verify_redirect_uri(redirect_uri):
return process_error('invalid_request')
if scope is None or _auth.verify_scope(scope) is False:
return process_error('invalid_scope',
redirect_uri=redirect_uri,
shebang=shebang)
if not _auth.verify_response_type(response_type):
return process_error('invalid_request',
redirect_uri=redirect_uri,
shebang=shebang)
return render_template('help.html',
client_name=_auth.client.get('name', 'Unknown'),
client_scope=scope,
client_id=client_id,
redirect_uri=redirect_uri,
response_type=response_type,
shebang=shebang)
def oidc_proxy_chain():
"""
The main entry point for OIDC
Just check, build a state parameter then redirect; proxy chain
:return:
"""
# Parse input
client_id = request.args.get('client_id', None)
redirect_uri = request.args.get('redirect_uri', None)
response_type = request.args.get('response_type', None)
scope = request.args.get('scope', None)
shebang = request.args.get('shebang', 0)
if None in [client_id, redirect_uri, response_type]:
return process_error('invalid_request',
redirect_uri=redirect_uri,
shebang=shebang)
# Instantiate auth
_auth = Auth(client_id)
if len(_auth._get_client()) == 0:
return process_error('invalid_request')
# First verify redirect_uri
if not _auth.verify_redirect_uri(redirect_uri):
return process_error('invalid_request')
if scope is None or _auth.verify_scope(scope) is False:
return process_error('invalid_scope',
redirect_uri=redirect_uri,
shebang=shebang)
if not _auth.verify_response_type(response_type):
return process_error('invalid_request',
redirect_uri=redirect_uri,
shebang=shebang)
_state = generate_state(request.args)
# NIF OIDC params
params = {
'client_id': CLIENT_ID,
'redirect_uri': '{}/{}'.format(SERVER_BASE_URL, SERVER_PROXY_SIGNING),
'state': _state,
'response_type': 'code',
'scope': 'openid roles web-origins'
}
nif_bp_url = '{}/protocol/openid-connect/auth'.format(CLIENT_BASE_URL)
return redirect(process_redirect_uri(nif_bp_url, params), code=302)
