aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authentication/oauth2/endpoints/introspection.py
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2022-12-19 16:02:19 +0300
committerFrederick Muriuki Muriithi2022-12-22 09:05:53 +0300
commitb0641272491eb51d321b1b8a7d062e395e70800f (patch)
treec9b2065ea60399579c4c4d84c648b61ed67402ba /gn3/auth/authentication/oauth2/endpoints/introspection.py
parente9031e28594fcd21371adb2b9b26e17a1df95599 (diff)
downloadgenenetwork3-b0641272491eb51d321b1b8a7d062e395e70800f.tar.gz
auth: implement OAuth2 flow.oauth2_auth_flow
Add code to implement the OAuth2 flow. * Add test fixtures for setting up users and OAuth2 clients * Add tests for token generation with the "Password Grant" flow * Fix some issues with test due to changes in the database connection's row_factory
Diffstat (limited to 'gn3/auth/authentication/oauth2/endpoints/introspection.py')
-rw-r--r--gn3/auth/authentication/oauth2/endpoints/introspection.py48
1 files changed, 48 insertions, 0 deletions
diff --git a/gn3/auth/authentication/oauth2/endpoints/introspection.py b/gn3/auth/authentication/oauth2/endpoints/introspection.py
new file mode 100644
index 0000000..a567363
--- /dev/null
+++ b/gn3/auth/authentication/oauth2/endpoints/introspection.py
@@ -0,0 +1,48 @@
+"""Handle introspection of tokens."""
+import datetime
+from urllib.parse import urlparse
+
+from flask import request as flask_request
+from authlib.oauth2.rfc7662 import (
+ IntrospectionEndpoint as _IntrospectionEndpoint)
+
+from gn3.auth.authentication.oauth2.models.oauth2token import OAuth2Token
+
+from .utilities import query_token as _query_token
+
+def get_token_user_sub(token: OAuth2Token) -> str:# pylint: disable=[unused-argument]
+ """
+ Return the token's subject as defined in
+ https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
+ """
+ ## For now a dummy return to prevent issues.
+ return "sub"
+
+class IntrospectionEndpoint(_IntrospectionEndpoint):
+ """Introspect token."""
+ def query_token(self, token_string: str, token_type_hint: str):
+ """Query the token."""
+ return _query_token(self, token_string, token_type_hint)
+
+ def introspect_token(self, token: OAuth2Token) -> dict:# pylint: disable=[no-self-use]
+ """Return the introspection information."""
+ url = urlparse(flask_request.url)
+ return {
+ "active": True,
+ "scope": token.get_scope(),
+ "client_id": token.client.client_id,
+ "username": token.user.name,
+ "token_type": token.token_type,
+ "exp": int(token.expires_at.timestamp()),
+ "iat": int(token.issued_at.timestamp()),
+ "nbf": int(
+ (token.issued_at - datetime.timedelta(seconds=120)).timestamp()),
+ # "sub": get_token_user_sub(token),
+ "aud": token.client.client_id,
+ "iss": f"{url.scheme}://{url.netloc}",
+ "jti": token.token_id
+ }
+
+ def check_permission(self, token, client, request):# pylint: disable=[unused-argument, no-self-use]
+ """Check that the client has permission to introspect token."""
+ return client.client_type == "internal"