示例#1
0
def authorize():
    token = app.current_request.json_body["token"]
    app_client_id = app.current_request.json_body.get("app_client_id", "")
    if app_client_id:
        claims = get_claims(token, verify_audience=True, app_client_id=app_client_id)
    else:
        claims = get_claims(token, verify_audience=True)
    if claims:
        return claims
    else:
        raise BadRequestError(f"Bad request, token not valid. {claims}")
示例#2
0
def iamAuthorizer(auth_request):
    """
    {'sub': 'f31c1cb8-681c-4d3e-9749-d7c074ffd7f6', 'email_verified': True, 'iss': 'https://cognito-idp.us-east-1.amazonaws.com/us-east-1_kcpcLxLzn', 'cognito:username': '******', 'aud': '77mcm1k9ll2ge68806h5kncfus', 'event_id': '1dc969c8-861e-11e8-b29e-336c6c2ce302', 'token_use': 'id', 'custom:center': 'CCMT', 'auth_time': 1531432454, 'name': 'Ashwin Ramaswami', 'exp': 1532273519, 'iat': 1532269919, 'email': '*****@*****.**'}
    """
    claims = get_claims(auth_request.token)
    if not claims and not app.test_user_id:
        claims = {
            "sub": "cm:cognitoUserPool:anonymousUser",
            "name": "Anonymous",
            "email": "*****@*****.**",
        }
    else:
        if claims:
            claims["sub"] = "cm:cognitoUserPool:" + claims["sub"]
            id = claims["sub"]
        elif app.test_user_id:
            claims = {"sub": app.test_user_id}
            id = app.test_user_id
        # try:
        #     user = User.objects.get({"_id": id})
        # except DoesNotExist:
        #     print(f"User does not exist. Creating user {id}")
        #     user = User(id=id)
        #     user.save()

    return AuthResponse(routes=["*"],
                        principal_id="user",
                        context={"id": claims["sub"]})