def _run(self):
if self.skip:
return
self.conv.events.store(
EV_REQUEST,
"op_args: {}, req_args: {}".format(self.op_args, self.req_args),
direction=OUTGOING)
if 'authn_method' not in self.op_args:
_ent = self.conv.entity
try:
#use the registered authn method
self.op_args['authn_method'] = _ent.registration_response['token_endpoint_auth_method']
except KeyError:
#use the first mutually supported authn method
for am in _ent.client_authn_method.keys():
if am in _ent.provider_info['token_endpoint_auth_methods_supported']:
self.op_args['authn_method'] = am
break
try:
atr = self.catch_exception_and_error(
self.conv.entity.do_access_token_request,
request_args=self.req_args, **self.op_args)
except HttpError:
return None
if atr is None or isinstance(atr, ErrorResponse):
return atr
try:
msg = atr['id_token']
except KeyError:
pass
else:
display_jwx_headers(msg, self.conv)
try:
_jws_alg = atr["id_token"].jws_header['alg']
except (KeyError, AttributeError):
pass
else:
if _jws_alg == "none":
pass
elif "kid" not in atr[
"id_token"].jws_header and _jws_alg != "HS256":
keys = self.conv.entity.keyjar.keys_by_alg_and_usage(
self.conv.info["issuer"], _jws_alg, "ver")
if len(keys) > 1:
raise ParameterError("No 'kid' in id_token header!")
if not same_issuer(self.conv.info["issuer"], atr["id_token"]["iss"]):
raise IssuerMismatch(" {} != {}".format(self.conv.info["issuer"],
atr["id_token"]["iss"]))
# assert isinstance(atr, AccessTokenResponse)
return atr
def _run(self):
if self.skip:
return
if 'authn_method' not in self.op_args:
_ent = self.conv.entity
try:
self.op_args['authn_method'] = _ent.registration_response[
'token_endpoint_auth_method']
except KeyError:
for am in _ent.client_authn_method.keys():
if am in _ent.provider_info[
'token_endpoint_auth_methods_supported']:
self.op_args['authn_method'] = am
break
self.conv.events.store(EV_REQUEST,
"op_args: {}, req_args: {}".format(
self.op_args, self.req_args),
direction=OUTGOING)
atr = self.catch_exception_and_error(
self.conv.entity.do_access_token_refresh,
request_args=self.req_args,
**self.op_args)
try:
msg = atr['id_token']
except KeyError:
pass
else:
display_jwx_headers(msg, self.conv)
try:
_jws_alg = atr["id_token"].jws_header["alg"]
except (KeyError, AttributeError):
pass
else:
if _jws_alg == "none":
pass
elif "kid" not in atr[
"id_token"].jws_header and not _jws_alg == "HS256":
keys = self.conv.entity.keyjar.keys_by_alg_and_usage(
self.conv.info["issuer"], _jws_alg, "ver")
if len(keys) > 1:
raise ParameterError("No 'kid' in id_token header!")
return atr
def run(self):
args = self.op_args.copy()
args.update(self.req_args)
response = self.catch_exception_and_error(self.do_user_info_request,
**args)
if response is None:
pass
elif "_claim_sources" in response:
user_info = self.conv.entity.unpack_aggregated_claims(response)
user_info = self.conv.entity.fetch_distributed_claims(user_info)
self.conv.entity.userinfo = user_info
self.conv.events.store(EV_PROTOCOL_RESPONSE, user_info)
else:
self.conv.entity.userinfo = response
self.conv.events.store(EV_PROTOCOL_RESPONSE, response)
display_jwx_headers(response, self.conv)