def index(self, op, **kwargs):
if cherrypy.request.method == "OPTIONS":
cherrypy_cors.preflight(allowed_methods=["GET"],
origins='*',
allowed_headers='Authorization')
else:
try:
authz = cherrypy.request.headers['Authorization']
except KeyError:
authz = None
try:
assert authz.startswith("Bearer")
except AssertionError:
op.events.store(EV_FAULT, "Bad authorization token")
cherrypy.HTTPError(400, "Bad authorization token")
tok = authz[7:]
try:
_claims = op.claim_access_token[tok]
except KeyError:
op.events.store(EV_FAULT, "Bad authorization token")
cherrypy.HTTPError(400, "Bad authorization token")
else:
# one time token
del op.claim_access_token[tok]
_info = Message(**_claims)
jwt_key = op.keyjar.get_signing_key()
op.events.store(EV_RESPONSE, _info.to_dict())
cherrypy.response.headers["content-type"] = 'application/jwt'
return as_bytes(_info.to_jwt(key=jwt_key, algorithm="RS256"))
def index(self, op, **kwargs):
if cherrypy.request.method == "OPTIONS":
cherrypy_cors.preflight(
allowed_methods=["GET"], origins='*',
allowed_headers='Authorization')
else:
try:
authz = cherrypy.request.headers['Authorization']
except KeyError:
authz = None
try:
assert authz.startswith("Bearer")
except AssertionError:
op.events.store(EV_FAULT, "Bad authorization token")
cherrypy.HTTPError(400, "Bad authorization token")
tok = authz[7:]
try:
_claims = op.claim_access_token[tok]
except KeyError:
op.events.store(EV_FAULT, "Bad authorization token")
cherrypy.HTTPError(400, "Bad authorization token")
else:
# one time token
del op.claim_access_token[tok]
_info = Message(**_claims)
jwt_key = op.keyjar.get_signing_key()
op.events.store(EV_RESPONSE, _info.to_dict())
cherrypy.response.headers["content-type"] = 'application/jwt'
return as_bytes(_info.to_jwt(key=jwt_key, algorithm="RS256"))
def _collect_user_info(self, session, userinfo_claims=None):
ava = provider.Provider._collect_user_info(self, session,
userinfo_claims)
_src = "src1"
if "aggregated" in self.claims_type: # add some aggregated claims
extra = Message(eye_color="blue", shoe_size=8)
_jwt = extra.to_jwt(algorithm="none")
ava["_claim_names"] = Message(eye_color=_src,
shoe_size=_src)
a_claims = {_src: {"JWT": _jwt}}
ava["_claim_sources"] = Message(**a_claims)
elif "distributed" in self.claims_type:
urlbase = self.name
if urlbase[-1] != '/':
urlbase += '/'
_tok = rndstr()
self.claim_access_token[_tok] = {"age": 30}
ava["_claim_names"] = Message(age=_src)
d_claims = {
_src: {"endpoint": urlbase + "claim", "access_token": _tok}}
ava["_claim_sources"] = Message(**d_claims)
if "uisub" in self.behavior_type:
ava["sub"] = "foobar"
return ava
def _collect_user_info(self, session, userinfo_claims=None):
ava = provider.Provider._collect_user_info(self, session,
userinfo_claims)
_src = "src1"
if "aggregated" in self.claims_type: # add some aggregated claims
extra = Message(eye_color="blue", shoe_size=8)
_jwt = extra.to_jwt(algorithm="none")
ava["_claim_names"] = Message(eye_color=_src,
shoe_size=_src)
a_claims = {_src: {"JWT": _jwt}}
ava["_claim_sources"] = Message(**a_claims)
elif "distributed" in self.claims_type:
urlbase = self.name
if urlbase[-1] != '/':
urlbase += '/'
_tok = rndstr()
self.claim_access_token[_tok] = {"age": 30}
ava["_claim_names"] = Message(age=_src)
d_claims = {
_src: {"endpoint": urlbase + "claim", "access_token": _tok}}
ava["_claim_sources"] = Message(**d_claims)
if "uisub" in self.behavior_type:
ava["sub"] = "foobar"
return ava