def fetch_derived_token(self, ezSecurityToken, targetApp,
excludedAuths=None, skipCache=False):
"""
Used when an application receives an EzSecurityToken as part of it's
API but needs to call another service that itself takes an
EzSecurityToken.
:param ezSecurityToken:
:param targetApp:
:param excludedAuths:
:return:
"""
# get the security id for target app (depending on if its a common
# service or an application)
dc = ServiceDiscoveryClient(self.zk_con_str)
targetSecurityId = dc.get_security_id(targetApp)
token_request = TokenRequest(
self.appConfig.getSecurityID(),
util.current_time_millis()
)
token_request.tokenPrincipal = ezSecurityToken
token_request.targetSecurityId = targetSecurityId
token_request.excludeAuthorizations = excludedAuths
# look in the cache (and return immediately if in cache)
dn = ezSecurityToken.tokenPrincipal.principal
request_chain = ezSecurityToken.tokenPrincipal.requestChain
cache_key = self._get_cache_key(ezSecurityToken.type, dn, excludedAuths, request_chain, targetSecurityId)
if not skipCache:
token = self.__get_from_cache(cache_key)
if token:
return token
# get token (since it wasn't found in the cache)
headers = {
HTTP_HEADER_USER_INFO: dn,
HTTP_HEADER_SIGNATURE: self._sign(dn)
}
request, signature = self.build_request(headers, targetApp, exclude_authorizations=excludedAuths)
return self._request_token_and_store(request, signature, "derived", dn, cache_key)
