def decorated_function(*args, **kws): """ Decorator fucntion to make endpoint authorization checks easier for read only scopes defined in Okta """ print("authorize_read_access()") authorization_header = None has_access = False # If if "Authorization" in request.headers: authorization_header = request.headers["Authorization"] authorization_token = authorization_header.replace( "Bearer ", "") # Just get the access toke for introspection okta_util = OktaUtil(request.headers, config.okta) introspection_response = okta_util.introspect_oauth_token( authorization_token) # print "introspection_response: {0}".format(json.dumps(introspection_response, indent=4, sort_keys=True)) if "active" in introspection_response: if introspection_response["scope"] == "read_only": has_access = True # print "authorization_header: {0}".format(authorization_header) if has_access: return f(*args, **kws) else: print("Unauthorized") json_response = {"status": "failed"} return json.dumps(json_response, default=default_date_to_string_converter)
def is_logged_in(): print "is_logged_in()" result = False okta_util = OktaUtil(request.headers, config.okta) # first check there is a token if("token" in request.cookies): token = request.cookies["token"] if token != "" and token != "NO_TOKEN": # introspect token introspection_results_json = okta_util.introspect_oauth_token(token) if("active" in introspection_results_json): result = True return result
def get_current_user_token(): print "get_current_user_token()" user_results_json = None okta_util = OktaUtil(request.headers, config.okta) if ("token" in request.cookies): introspection_results_json = okta_util.introspect_oauth_token( request.cookies.get("token")) if ("active" in introspection_results_json): if (introspection_results_json["active"]): print "Has active token" user_results_json = { "active": introspection_results_json["active"], "username": introspection_results_json["username"], "uid": introspection_results_json["uid"] } else: print "Has inactive token" else: print "has inactive token error" check_okta_session_url = okta_util.create_oidc_auth_code_url( None, config.okta["oidc_client_id"], config.okta["redirect_uri"]) user_results_json = { "active": False, "redirect_url": check_okta_session_url } else: print "has no token" check_okta_session_url = okta_util.create_oidc_auth_code_url( None, config.okta["oidc_client_id"], config.okta["redirect_uri"]) user_results_json = { "active": False, "redirect_url": check_okta_session_url } if (not user_results_json): print "has no token default" user_results_json = {"active": False} return user_results_json