def init(config_path):
config = init_config(config_path)
global logger
logger = init_logging(__name__)
keypair = read_keys("./provider/private.pem", "./provider/public.pem")
# app.config['EXPLAIN_TEMPLATE_LOADING'] = True
app.config['TESTING'] = os.environ.get('TESTING') == 'True'
app.register_blueprint(
create_authorize_blueprint(client_store, keypair.public,
keypair.private))
app.register_blueprint(
create_token_blueprint(client_store, keypair.private, config))
app.register_blueprint(create_register_blueprint(client_store))
app.register_blueprint(create_jwk_blueprint())
app.register_blueprint(create_metadata_blueprint(config))
app.register_blueprint(create_consent_blueprint(config))
app.register_blueprint(create_scim_blueprint(config))
app.register_blueprint(create_userinfo_blueprint(config))
app.register_blueprint(create_logout_blueprint(config, keypair.public))
from provider.util import init_logging
from provider.model.store.user_store import user_store
from oidcpy.authorize import authorize
from flask import Blueprint, request, jsonify, make_response
logger = init_logging(__name__)
AUDIENCE = 'https://*****:*****@userinfo_bp.route('/userinfo', methods=["GET"])
@authorize(audience=AUDIENCE, scopes='openid')
def userinfo():
subject = get_subject_from_token()
user = user_store.get_by_id(subject)
payload = {'sub': subject, 'name': user['name']}
if 'email' in user['consented_scopes'] and 'email' in user:
payload['email'] = user['email']
if 'roles' in user['consented_scopes'] and 'roles' in user:
payload['roles'] = user['roles']
resp = make_response(jsonify(payload))
resp.headers['Content-Type'] = 'application/json'
resp.headers['Access-Control-Allow-Origin'] = '*'
resp.headers['Access-Control-Allow-Methods'] = 'GET'
resp.headers['Access-Control-Allow-Headers'] = 'Authorization'
return resp, 200