def do_introspection(self, rpt, path=None):
"""
The resource server doing introspection on a RPT at the AuthzServer
:param rpt: Resource access token
:param path: path representing the resource
:returns:
"""
pat = self.client.token
ir = IntrospectionRequest(token=rpt)
# if path:
# fpath = self.rs_handler.dataset.resource_name(path)
# ir["resource_id"] = self.rs_handler.path2rsid[fpath]
request_args = {"access_token": pat}
ht_args = self.client.client_authn_method["bearer_header"](
self).construct(ir, request_args=request_args)
url = list(
self.client.provider_info.values())[0]["introspection_endpoint"]
return self.client.request_and_return(url,
IntrospectionResponse,
body=ir.to_json(),
body_type="json",
http_args=ht_args)
def do_introspection(self, rpt, path=None):
"""
The resource server doing introspection on a RPT at the AuthzServer
:param rpt: Resource access token
:param path: path representing the resource
:returns:
"""
pat = self.client.token
ir = IntrospectionRequest(token=rpt)
# if path:
# fpath = self.rs_handler.dataset.resource_name(path)
# ir["resource_id"] = self.rs_handler.path2rsid[fpath]
request_args = {"access_token": pat}
ht_args = self.client.client_authn_method[
"bearer_header"](self).construct(ir, request_args=request_args)
url = list(self.client.provider_info.values())[0][
"introspection_endpoint"]
return self.client.request_and_return(url, IntrospectionResponse,
body=ir.to_json(),
body_type="json",
http_args=ht_args)
def introspect(_client, rsrv, asrv):
_crpt = _client.token[USER]["RPT"]
_pat = rsrv.permreg.get(RESOURCE_OWNER, "pat")["access_token"]
_client_x = rsrv.client[rsrv.permreg.get(RESOURCE_OWNER, "authzsrv")]
ireq = IntrospectionRequest(token=_crpt)
req_args = {"access_token": _pat}
http_args = _client_x.client_authn_method[
"bearer_header"](rsrv).construct(ireq, request_args=req_args)
_iresp = asrv.introspection_endpoint(ireq.to_json(),
http_args["headers"]["Authorization"])
return IntrospectionResponse().from_json(_iresp.message)
def introspect(_client, rsrv, asrv):
_crpt = _client.token[USER]["RPT"]
_pat = rsrv.permreg.get(RESOURCE_OWNER, "pat")["access_token"]
_client_x = rsrv.client[rsrv.permreg.get(RESOURCE_OWNER, "authzsrv")]
ireq = IntrospectionRequest(token=_crpt)
req_args = {"access_token": _pat}
http_args = _client_x.client_authn_method["bearer_header"](rsrv).construct(
ireq, request_args=req_args)
_iresp = asrv.introspection_endpoint(ireq.to_json(),
http_args["headers"]["Authorization"])
return IntrospectionResponse().from_json(_iresp.message)
def introspection_endpoint_(self, user, **kwargs):
"""
The endpoint URI at which the resource server introspects an RPT
presented to it by a client.
"""
request = kwargs["request"]
logger.debug("requestor: %s, request: %s" % (user, request))
ir = IntrospectionRequest().from_json(request)
adb = self.get_adb(kwargs["client_id"])
try:
try:
# requestor = self.rpt[ir["token"]]["requestor"]
perms = adb.permit.get_accepted_by_rpt(user, ir["token"])
except KeyError:
response = BadRequest()
else:
if perms:
irep = IntrospectionResponse(active=True,
exp=perms[0]["exp"],
permissions=perms)
logger.debug("response: %s" % irep.to_json())
response = Response(irep.to_json(),
content="application/json")
else:
logger.info("No permissions bound to this RPT")
response = BadRequest()
except ToOld:
logger.info("RPT expired")
irep = IntrospectionResponse(valid=False)
response = Response(irep.to_json(), content="application/json")
except KeyError:
response = BadRequest()
return response
request = RPTRequest(
grant_type=RQP_CLAIMS_GRANT_TYPE,
ticket=ticket,
claim_tokens=[ClaimToken(format="json", token=rqp_claims)])
resp = authzsrv.rpt_token_endpoint(authn=authn, request=request.to_json())
rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR] = {}
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
# Introspection of the RPT
pat = ressrv.rs_handler.token['PAT']
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)
request_args = {"access_token": pat}
ht_args = ressrv.client.client_authn_method["bearer_header"](ressrv).construct(
ir, request_args=request_args)
resp = authzsrv.introspection_endpoint(ir.to_json(),
ht_args["headers"]["Authorization"])
iresp = IntrospectionResponse().from_json(resp.message)
assert iresp["active"] is True
assert "permissions" in iresp
res = ressrv.collect_info(iresp, ressrv.rs_handler.op2scope['GET'])
authn = "Bearer %s" % _uma_client.token[REQUESTOR]["AAT"]["access_token"]
request = AuthorizationDataRequest(ticket=ticket)
# >>> AS->C: UMA3.5.3 Return success and RPT
resp = authzsrv.rpt_endpoint(authn, request=request.to_json())
rtr = RPTResponse().from_json(resp.message)
_uma_client.token[REQUESTOR]["RPT"] = rtr["rpt"]
# >>> C->RS: UMA3.1.2 Attempt resource access with RPT
# Introspection of the RPT
# >>> RS->AS: UMA3.4.2 POST to token introspection endpoint
pat = ressrv.rs_handler.token['PAT']
_rpt = _uma_client.token[REQUESTOR]["RPT"]
ir = IntrospectionRequest(token=_rpt)
request_args = {"access_token": pat}
ht_args = ressrv.client.client_authn_method[
"bearer_header"](ressrv).construct(ir, request_args=request_args)
# >>> AS->RS: UMA3.4.2 Return extended introspection object
resp = authzsrv.introspection_endpoint(ir.to_json(),
ht_args["headers"]["Authorization"])
iresp = IntrospectionResponse().from_json(resp.message)
# >>> RS-->RS: UMA3.3.3 Assess access attempt against
# permissions; has "read" scope
assert iresp["active"] is True
