diff options
-rw-r--r-- | gn_auth/auth/authorisation/users/masquerade/models.py | 13 | ||||
-rw-r--r-- | gn_auth/auth/authorisation/users/masquerade/views.py | 2 |
2 files changed, 12 insertions, 3 deletions
diff --git a/gn_auth/auth/authorisation/users/masquerade/models.py b/gn_auth/auth/authorisation/users/masquerade/models.py index ae2abad..a55e462 100644 --- a/gn_auth/auth/authorisation/users/masquerade/models.py +++ b/gn_auth/auth/authorisation/users/masquerade/models.py @@ -1,13 +1,16 @@ """Functions for handling masquerade.""" -from uuid import uuid4 +import uuid from functools import wraps from datetime import datetime +from authlib.jose import jwt from flask import current_app as app from gn_auth.auth.errors import ForbiddenAccess +from gn_auth.auth.jwks import newest_jwk_with_rotation, jwks_directory + from ...roles.models import user_roles from ....db import sqlite3 as db from ....authentication.users import User @@ -55,8 +58,14 @@ def masquerade_as( user=masqueradee, expires_in=__FIVE_HOURS__, include_refresh_token=True) + + _jwt = jwt.decode( + original_token.access_token, + newest_jwk_with_rotation( + jwks_directory(app), + int(app.config["JWKS_ROTATION_AGE_DAYS"]))) new_token = OAuth2Token( - token_id=uuid4(), + token_id=uuid.UUID(_jwt["jti"]), client=original_token.client, token_type=token_details["token_type"], access_token=token_details["access_token"], diff --git a/gn_auth/auth/authorisation/users/masquerade/views.py b/gn_auth/auth/authorisation/users/masquerade/views.py index 71cf98d..68f19ee 100644 --- a/gn_auth/auth/authorisation/users/masquerade/views.py +++ b/gn_auth/auth/authorisation/users/masquerade/views.py @@ -33,7 +33,7 @@ def masquerade() -> Response: return new_token def __dump_token__(tok): return { - key: value for key, value in tok.items() + key: value for key, value in asdict(tok).items() if key in ("access_token", "refresh_token", "expires_in", "token_type") } |