diff options
Diffstat (limited to 'gn3/auth/authentication/oauth2/endpoints/introspection.py')
| -rw-r--r-- | gn3/auth/authentication/oauth2/endpoints/introspection.py | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/gn3/auth/authentication/oauth2/endpoints/introspection.py b/gn3/auth/authentication/oauth2/endpoints/introspection.py deleted file mode 100644 index cfe2998..0000000 --- a/gn3/auth/authentication/oauth2/endpoints/introspection.py +++ /dev/null @@ -1,48 +0,0 @@ -"""Handle introspection of tokens.""" -import datetime -from urllib.parse import urlparse - -from flask import request as flask_request -from authlib.oauth2.rfc7662 import ( - IntrospectionEndpoint as _IntrospectionEndpoint) - -from gn3.auth.authentication.oauth2.models.oauth2token import OAuth2Token - -from .utilities import query_token as _query_token - -def get_token_user_sub(token: OAuth2Token) -> str:# pylint: disable=[unused-argument] - """ - Return the token's subject as defined in - https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2 - """ - ## For now a dummy return to prevent issues. - return "sub" - -class IntrospectionEndpoint(_IntrospectionEndpoint): - """Introspect token.""" - def query_token(self, token_string: str, token_type_hint: str): - """Query the token.""" - return _query_token(self, token_string, token_type_hint) - - def introspect_token(self, token: OAuth2Token) -> dict: - """Return the introspection information.""" - url = urlparse(flask_request.url) - return { - "active": True, - "scope": token.get_scope(), - "client_id": token.client.client_id, - "username": token.user.name, - "token_type": token.token_type, - "exp": int(token.expires_at.timestamp()), - "iat": int(token.issued_at.timestamp()), - "nbf": int( - (token.issued_at - datetime.timedelta(seconds=120)).timestamp()), - # "sub": get_token_user_sub(token), - "aud": token.client.client_id, - "iss": f"{url.scheme}://{url.netloc}", - "jti": token.token_id - } - - def check_permission(self, token, client, request): - """Check that the client has permission to introspect token.""" - return client.client_type == "internal" |