def create_authn_response(endpoint, request, sid): """ :param endpoint: :param request: :param sid: :return: """ # create the response aresp = AuthorizationResponse() if request.get("state"): aresp["state"] = request["state"] if "response_type" in request and request["response_type"] == ["none"]: fragment_enc = False else: _context = endpoint.endpoint_context _sinfo = _context.sdb[sid] if request.get("scope"): aresp["scope"] = request["scope"] rtype = set(request["response_type"][:]) handled_response_type = [] fragment_enc = True if len(rtype) == 1 and "code" in rtype: fragment_enc = False if "code" in request["response_type"]: _code = aresp["code"] = _context.sdb[sid]["code"] handled_response_type.append("code") else: _context.sdb.update(sid, code=None) _code = None if "token" in rtype: _dic = _context.sdb.upgrade_to_token(issue_refresh=False, key=sid) logger.debug("_dic: %s" % sanitize(_dic)) for key, val in _dic.items(): if key in aresp.parameters() and val is not None: aresp[key] = val handled_response_type.append("token") _access_token = aresp.get("access_token", None) not_handled = rtype.difference(handled_response_type) if not_handled: resp = AuthorizationErrorResponse( error="invalid_request", error_description="unsupported_response_type") return {"response_args": resp, "fragment_enc": fragment_enc} return {"response_args": aresp, "fragment_enc": fragment_enc}
def create_authn_response(endpoint, request, sid): """ :param endpoint: :param request: :param sid: :return: """ # create the response aresp = AuthorizationResponse() if request.get("state"): aresp["state"] = request["state"] if "response_type" in request and request["response_type"] == ["none"]: fragment_enc = False else: _context = endpoint.endpoint_context _sinfo = _context.sdb[sid] if request.get("scope"): aresp["scope"] = request["scope"] rtype = set(request["response_type"][:]) handled_response_type = [] fragment_enc = True if len(rtype) == 1 and "code" in rtype: fragment_enc = False if "code" in request["response_type"]: _code = aresp["code"] = _context.sdb[sid]["code"] handled_response_type.append("code") else: _context.sdb.update(sid, code=None) _code = None if "token" in rtype: _dic = _context.sdb.upgrade_to_token(issue_refresh=False, key=sid) logger.debug("_dic: %s" % sanitize(_dic)) for key, val in _dic.items(): if key in aresp.parameters() and val is not None: aresp[key] = val handled_response_type.append("token") _access_token = aresp.get("access_token", None) if "id_token" in request["response_type"]: kwargs = {} if {"code", "id_token", "token"}.issubset(rtype): kwargs = {"code": _code, "access_token": _access_token} elif {"code", "id_token"}.issubset(rtype): kwargs = {"code": _code} elif {"id_token", "token"}.issubset(rtype): kwargs = {"access_token": _access_token} if request["response_type"] == ["id_token"]: kwargs["user_claims"] = True try: id_token = _context.idtoken.make(request, _sinfo, **kwargs) except (JWEException, NoSuitableSigningKeys) as err: logger.warning(str(err)) resp = AuthorizationErrorResponse( error="invalid_request", error_description="Could not sign/encrypt id_token", ) return {"response_args": resp, "fragment_enc": fragment_enc} aresp["id_token"] = id_token _sinfo["id_token"] = id_token handled_response_type.append("id_token") not_handled = rtype.difference(handled_response_type) if not_handled: resp = AuthorizationErrorResponse( error="invalid_request", error_description="unsupported_response_type") return {"response_args": resp, "fragment_enc": fragment_enc} return {"response_args": aresp, "fragment_enc": fragment_enc}