def read_registration(self, authn, request, **kwargs):
"""
Read all information this server has on a client.
Authorization is done by using the access token that was return as
part of the client registration result.
:param authn: The Authorization HTTP header
:param request: The query part of the URL
:param kwargs: Any other arguments
:return:
"""
logger.debug("authn: %s, request: %s" % (authn, request))
# verify the access token, has to be key into the client information
# database.
assert authn.startswith("Bearer ")
token = authn[len("Bearer "):]
client_id = self.cdb[token]
# extra check
_info = urlparse.parse_qs(request)
assert _info["client_id"][0] == client_id
logger.debug("Client '%s' reads client info" % client_id)
args = dict([(k, v) for k, v in self.cdb[client_id].items()
if k in RegistrationResponse.c_param])
self.comb_redirect_uris(args)
response = RegistrationResponse(**args)
return Response(response.to_json(), content="application/json",
headers=[("Cache-Control", "no-store")])
def _fixup_registration_response(self, http_resp):
# remove client_secret since no token endpoint is published
response = RegistrationResponse().deserialize(http_resp.message, "json")
del response["client_secret"]
# specify supported id token signing alg
response["id_token_signed_response_alg"] = self.sign_alg
http_resp.message = response.to_json()
return http_resp
def refresh_session_endpoint(self, query):
self.parse_refresh_session_request(query=query)
resp = RegistrationResponse(client_id="anonymous",
client_secret="hemligt")
response = Response()
response.headers = {"content-type": "application/json"}
response.text = resp.to_json()
return response
def refresh_session_endpoint(self, query):
self.parse_refresh_session_request(query=query)
resp = RegistrationResponse(client_id="anonymous",
client_secret="hemligt")
response = Response()
response.headers = {"content-type": "application/json"}
response.text = resp.to_json()
return response
def _fixup_registration_response(self, http_resp):
# remove client_secret since no token endpoint is published
response = RegistrationResponse().deserialize(http_resp.message,
"json")
del response["client_secret"]
# specify supported id token signing alg
response["id_token_signed_response_alg"] = self.sign_alg
http_resp.message = response.to_json()
return http_resp
def setup_client_registration_endpoint(self):
client_info = TestConfiguration.get_instance().rp_config.CLIENTS[PROVIDER]["client_info"]
request = RegistrationRequest().deserialize(json.dumps(client_info), "json")
_cinfo = self.provider.do_client_registration(request, CLIENT_ID)
args = dict([(k, v) for k, v in _cinfo.items()
if k in RegistrationResponse.c_param])
args['client_id'] = CLIENT_ID
self.provider.comb_uri(args)
registration_response = RegistrationResponse(**args)
responses.add(
responses.POST,
self.op_base + "registration",
body=registration_response.to_json(),
status=200,
content_type='application/json')
def setup_client_registration_endpoint(self):
client_info = TestConfiguration.get_instance(
).rp_config.CLIENTS[PROVIDER]["client_info"]
request = RegistrationRequest().deserialize(json.dumps(client_info),
"json")
_cinfo = self.provider.do_client_registration(request, CLIENT_ID)
args = dict([(k, v) for k, v in _cinfo.items()
if k in RegistrationResponse.c_param])
args['client_id'] = CLIENT_ID
self.provider.comb_uri(args)
registration_response = RegistrationResponse(**args)
responses.add(responses.POST,
self.op_base + "registration",
body=registration_response.to_json(),
status=200,
content_type='application/json')
def registration_endpoint(self, data):
try:
req = self.parse_registration_request(data, "json")
except ValueError:
req = self.parse_registration_request(data)
client_secret = rndstr()
expires = utc_time_sans_frac() + self.registration_expires_in
kwargs = {}
if "client_id" not in req:
client_id = rndstr(10)
registration_access_token = rndstr(20)
_client_info = req.to_dict()
kwargs.update(_client_info)
_client_info.update({
"client_secret": client_secret,
"info": req.to_dict(),
"expires": expires,
"registration_access_token": registration_access_token,
"registration_client_uri": "register_endpoint"
})
self.client[client_id] = _client_info
kwargs["registration_access_token"] = registration_access_token
kwargs["registration_client_uri"] = "register_endpoint"
try:
del kwargs["operation"]
except KeyError:
pass
else:
client_id = req.client_id
_cinfo = self.client[req.client_id]
_cinfo["info"].update(req.to_dict())
_cinfo["client_secret"] = client_secret
_cinfo["expires"] = expires
resp = RegistrationResponse(client_id=client_id,
client_secret=client_secret,
client_secret_expires_at=expires,
**kwargs)
response = Response()
response.headers = {"content-type": "application/json"}
response.text = resp.to_json()
return response
def registration_endpoint(self, data):
try:
req = self.parse_registration_request(data, "json")
except ValueError:
req = self.parse_registration_request(data)
client_secret = rndstr()
expires = utc_time_sans_frac() + self.registration_expires_in
kwargs = {}
if "client_id" not in req:
client_id = rndstr(10)
registration_access_token = rndstr(20)
_client_info = req.to_dict()
kwargs.update(_client_info)
_client_info.update({
"client_secret": client_secret,
"info": req.to_dict(),
"expires": expires,
"registration_access_token": registration_access_token,
"registration_client_uri": "register_endpoint"
})
self.client[client_id] = _client_info
kwargs["registration_access_token"] = registration_access_token
kwargs["registration_client_uri"] = "register_endpoint"
try:
del kwargs["operation"]
except KeyError:
pass
else:
client_id = req.client_id
_cinfo = self.client[req.client_id]
_cinfo["info"].update(req.to_dict())
_cinfo["client_secret"] = client_secret
_cinfo["expires"] = expires
resp = RegistrationResponse(client_id=client_id,
client_secret=client_secret,
client_secret_expires_at=expires,
**kwargs)
response = Response()
response.headers = {"content-type": "application/json"}
response.text = resp.to_json()
return response
if client_secret:
_kc = KeyBundle([{"kty": "oct", "key": client_secret,
"use": "ver"},
{"kty": "oct", "key": client_secret,
"use": "sig"}])
try:
_keyjar[client_id].append(_kc)
except KeyError:
_keyjar[client_id] = [_kc]
self.cdb[client_id] = _cinfo
_log_info("Client info: %s" % _cinfo)
logger.debug("registration_response: %s" % response.to_dict())
return Response(response.to_json(), content="application/json",
headers=[("Cache-Control", "no-store")])
def registration_endpoint(self, request, authn=None, **kwargs):
return self.l_registration_endpoint(request, authn, **kwargs)
def read_registration(self, authn, request, **kwargs):
"""
Read all information this server has on a client.
Authorization is done by using the access token that was return as
part of the client registration result.
:param authn: The Authorization HTTP header
:param request: The query part of the URL
:param kwargs: Any other arguments
:return: