def fetch_derived_token(self, ezSecurityToken, targetApp, excludedAuths=None, skipCache=False): """ Used when an application receives an EzSecurityToken as part of it's API but needs to call another service that itself takes an EzSecurityToken. :param ezSecurityToken: :param targetApp: :param excludedAuths: :return: """ # get the security id for target app (depending on if its a common # service or an application) dc = ServiceDiscoveryClient(self.zk_con_str) targetSecurityId = dc.get_security_id(targetApp) token_request = TokenRequest( self.appConfig.getSecurityID(), util.current_time_millis() ) token_request.tokenPrincipal = ezSecurityToken token_request.targetSecurityId = targetSecurityId token_request.excludeAuthorizations = excludedAuths # look in the cache (and return immediately if in cache) dn = ezSecurityToken.tokenPrincipal.principal request_chain = ezSecurityToken.tokenPrincipal.requestChain cache_key = self._get_cache_key(ezSecurityToken.type, dn, excludedAuths, request_chain, targetSecurityId) if not skipCache: token = self.__get_from_cache(cache_key) if token: return token # get token (since it wasn't found in the cache) headers = { HTTP_HEADER_USER_INFO: dn, HTTP_HEADER_SIGNATURE: self._sign(dn) } request, signature = self.build_request(headers, targetApp, exclude_authorizations=excludedAuths) return self._request_token_and_store(request, signature, "derived", dn, cache_key)