diff options
author | Frederick Muriuki Muriithi | 2024-04-20 21:17:30 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-04-23 11:49:09 +0300 |
commit | 70880f8ab3418a147d0577b2af1f813492a0c68b (patch) | |
tree | 608aa04aad87e9b6e45b6e2740e2737da3c43f74 /gn2/wqflask/oauth2 | |
parent | efea75b09d6c3d23989fe9ae72fc45bc935e26e8 (diff) | |
download | genenetwork2-70880f8ab3418a147d0577b2af1f813492a0c68b.tar.gz |
Generate assertions to be used to get the token from the auth server
Diffstat (limited to 'gn2/wqflask/oauth2')
-rw-r--r-- | gn2/wqflask/oauth2/toplevel.py | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/gn2/wqflask/oauth2/toplevel.py b/gn2/wqflask/oauth2/toplevel.py index a120fe9b..bc32e80e 100644 --- a/gn2/wqflask/oauth2/toplevel.py +++ b/gn2/wqflask/oauth2/toplevel.py @@ -1,14 +1,18 @@ """Authentication endpoints.""" -from uuid import UUID +import uuid +import datetime from urllib.parse import urljoin, urlparse, urlunparse + +from authlib.jose import jwt from flask import ( flash, request, Blueprint, url_for, redirect, render_template, current_app as app) from . import session -from .client import SCOPE, no_token_post, user_logged_in from .checks import require_oauth2 from .request_utils import user_details, process_error +from .client import ( + SCOPE, no_token_post, user_logged_in, authserver_uri, oauth2_clientid) toplevel = Blueprint("toplevel", __name__) @@ -31,7 +35,7 @@ def authorisation_code(): session.set_user_token(token) udets = user_details() session.set_user_details({ - "user_id": UUID(udets["user_id"]), + "user_id": uuid.UUID(udets["user_id"]), "name": udets["name"], "email": udets["email"], "token": session.user_token(), @@ -42,6 +46,8 @@ def authorisation_code(): code = request.args.get("code", "") if bool(code): base_url = urlparse(request.base_url, scheme=request.scheme) + jwtkey = app.config["JWT_PRIVATE_KEY"] + issued = datetime.datetime.now() request_data = { "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer", "code": code, @@ -49,7 +55,17 @@ def authorisation_code(): "redirect_uri": urljoin( urlunparse(base_url), url_for("oauth2.toplevel.authorisation_code")), - "assertion": request.args["jwt"], + "assertion": jwt.encode( + header={"alg": "RS256", "typ": "jwt", "kid": jwtkey.kid}, + payload={ + "iss": str(oauth2_clientid()), + "sub": request.args["user_id"], + "aud": urljoin(authserver_uri(), "auth/token"), + "exp": (issued + datetime.timedelta(minutes=5)), + "nbf": int(issued.timestamp()), + "iat": int(issued.timestamp()), + "jti": str(uuid.uuid4())}, + key=jwtkey), "client_id": app.config["OAUTH2_CLIENT_ID"] } return no_token_post( |