feat: add oauth2 consent

indykite · Feb 7, 2023 · a83d83c · a83d83c
1 parent 2eefbd8
commit a83d83c
Show file tree

Hide file tree

Showing 8 changed files with 399 additions and 0 deletions.
diff --git a/.coveragerc b/.coveragerc
@@ -24,6 +24,7 @@ omit =
   indykite_sdk/model/auth_flow_config.py
   indykite_sdk/model/config_node.py
   indykite_sdk/model/import_digital_twin.py
+  indykite_sdk/utils/hash_methods.py
 
   tests/*
 

diff --git a/README.md b/README.md
@@ -1394,3 +1394,45 @@ def import_digital_twins(self, local, entities, hash_algorithm):
   response = client.import_digital_twins(entities, hash_algorithm)
   print(response)
 ```
+
+### Authorization
+To call the is_authorized endpoint which gives authorization decisions based on implemented policies
+#### Authorization with token
+```python
+from indykite_sdk.authorization import AuthorizationClient
+
+def is_authorized_token(self, local, access_token, resources, actions):
+  client_authorization = AuthorizationClient(local)
+  response = client_authorization.is_authorized_token(access_token, resources, actions)
+  print(response)
+```
+
+### Create oauth2 consent
+```python
+from indykite_sdk.identity import IdentityClient
+
+def create_consent(self, local, oauth2_application_id, digital_twin_id, properties):
+  client = IdentityClient(local)
+  response = client.create_consent(oauth2_application_id, digital_twin_id, properties)
+  print(response)
+```
+
+### List oauth2 consents
+```python
+from indykite_sdk.identity import IdentityClient
+
+def list_consents(self, local, digital_twin_id):
+  client = IdentityClient(local)
+  response = client.list_consents(digital_twin_id)
+  print(response)
+```
+
+### Evoke oauth2 consent
+```python
+from indykite_sdk.identity import IdentityClient
+
+def revoke_consent(self, local, digital_twin_id, consent_ids):
+  client = IdentityClient(local)
+  response = client.revoke_consent(digital_twin_id, consent_ids)
+  print(response)
+```
diff --git a/codecov.yaml b/codecov.yaml
@@ -30,4 +30,5 @@ ignore:
   - "indykite_sdk/model/auth_flow_config.py"
   - "indykite_sdk/model/config_node.py"
   - "indykite_sdk/model/import_digital_twin.py"
+  - "indykite_sdk/utils/hash_methods.py"
   - "tests"
diff --git a/indykite_sdk/api.py b/indykite_sdk/api.py
@@ -471,6 +471,20 @@ def main():
     is_authorized_property_parser.add_argument("property_type", help="Digital Twin Identity Property")
     is_authorized_property_parser.add_argument("property_value", help="Digital Twin Identity Property value")
 
+    # create_consent
+    create_consent_parser = subparsers.add_parser("create_consent")
+    create_consent_parser.add_argument("pii_processor_id", help="ID of OAuth2 Application")
+    create_consent_parser.add_argument("pii_principal_id", help="DigitalTwin Id (gid)")
+
+    # list_consents
+    list_consents_parser = subparsers.add_parser("list_consents")
+    list_consents_parser.add_argument("pii_principal_id", help="DigitalTwin Id (gid)")
+
+    # revoke_consent
+    revoke_consent_parser = subparsers.add_parser("revoke_consent")
+    revoke_consent_parser.add_argument("pii_principal_id", help="DigitalTwin Id (gid)")
+    revoke_consent_parser.add_argument("consent_ids", nargs='*', help="List of consent ids separated by space")
+
     args = parser.parse_args()
     local = args.local
     client = IdentityClient(local)
@@ -1678,6 +1692,37 @@ def main():
             print("Invalid is_authorized")
         return is_authorized
 
+    elif command == "create_consent":
+        pii_processor_id = args.pii_processor_id
+        pii_principal_id = args.pii_principal_id
+        properties = ["icecream"]
+        consent_response = client.create_consent(pii_processor_id, pii_principal_id, properties)
+        if consent_response:
+            print_response(consent_response)
+        else:
+            print("Invalid consent response")
+        return consent_response
+
+    elif command == "list_consents":
+        pii_principal_id = args.pii_principal_id
+        consent_response = client.list_consents(pii_principal_id)
+        if consent_response:
+            for c in consent_response:
+                print_response(c)
+        else:
+            print("Invalid consent response")
+        return consent_response
+
+    elif command == "revoke_consent":
+        pii_principal_id = args.pii_principal_id
+        consent_ids = args.consent_ids
+        consent_response = client.revoke_consent(pii_principal_id, consent_ids)
+        if consent_response:
+            print_response(consent_response)
+        else:
+            print("Invalid consent response")
+        return consent_response
+
 
 def print_verify_info(digital_twin_info):  # pragma: no cover
     print("Digital twin info")

diff --git a/indykite_sdk/identity/__init__.py b/indykite_sdk/identity/__init__.py
@@ -56,3 +56,4 @@ def __init__(self, local=False):
     from .delete import del_digital_twin, del_digital_twin_by_token
     from .enrich_token import enrich_token
     from .import_digital_twins import import_digital_twins
+    from .consent import create_consent, list_consents, revoke_consent
diff --git a/indykite_sdk/identity/consent.py b/indykite_sdk/identity/consent.py
@@ -0,0 +1,66 @@
+from indykite_sdk.indykite.identity.v1beta2 import identity_management_api_pb2 as pb2
+
+
+def create_consent(self, pii_processor_id, pii_principal_id, properties=[]):
+
+    try:
+        response = self.stub.CreateConsent(
+            pb2.CreateConsentRequest(
+                pii_processor_id=pii_processor_id,
+                pii_principal_id=pii_principal_id,
+                properties=properties
+            )
+        )
+    except Exception as exception:
+        print(exception)
+        return None
+
+    if not response:
+        return None
+
+    return response
+
+
+def list_consents(self, pii_principal_id):
+
+    try:
+        streams = self.stub.ListConsents(
+            pb2.ListConsentsRequest(
+                pii_principal_id=pii_principal_id
+            )
+        )
+    except Exception as exception:
+        print(exception)
+        return None
+
+    if not streams:
+        return None
+
+    responses = []
+    try:
+        for response in streams:
+            responses.append(response)
+    except Exception as exception:
+        print(exception)
+        return None
+
+    return responses
+
+
+def revoke_consent(self, pii_principal_id, consent_ids=[]):
+
+    try:
+        response = self.stub.RevokeConsent(
+            pb2.RevokeConsentRequest(
+                pii_principal_id=pii_principal_id, consent_ids=consent_ids
+            )
+        )
+    except Exception as exception:
+        print(exception)
+        return None
+
+    if not response:
+        return None
+
+    return response
+
diff --git a/indykite_sdk/model/consent.py b/indykite_sdk/model/consent.py
@@ -0,0 +1,76 @@
+from indykite_sdk.utils import timestamp_to_date
+from google.protobuf.json_format import MessageToDict
+
+
+class PiiProcessor:
+    def __init__(self, pii_processor_id, display_name):
+        self.pii_processor_id = pii_processor_id
+        self.display_name = display_name
+        self.description = None
+        self.owner = None
+        self.policy_uri = None
+        self.terms_of_service_uri = None
+        self.client_uri = None
+        self.logo_uri = None
+        self.user_support_email_address = None
+        self.additional_contacts = None
+
+
+class PiiController:
+    def __init__(self, pii_controller_id, display_name):
+        self.pii_controller_id = pii_controller_id
+        self.display_name = display_name
+
+
+class ConsentReceipt:
+    def __init__(self, pii_principal_id, pii_processor):
+        self.pii_principal_id = pii_principal_id
+        self.pii_processor = pii_processor
+        self.items = None
+
+
+class Item:
+    def __init__(self, consent_id, pii_controller, consented_at_time, properties):
+        self.consent_id = consent_id
+        self.pii_controller = pii_controller
+        self.consented_at_time = consented_at_time
+        self.properties = properties
+
+
+class CreateConsentRequest:
+    def __init__(self, pii_processor_id, pii_principal_id, properties):
+        self.pii_processor_id = pii_processor_id
+        self.pii_principal_id = pii_principal_id
+        self.properties = properties
+
+
+class CreateConsentResponse:
+    def deserialize(cls, message):
+        if message is None:
+            return None
+
+        create_consent = CreateConsentResponse(
+            str(message.consentId),
+        )
+
+        return create_consent
+
+    def __init__(self, consent_id):
+        self.consent_id = consent_id
+
+
+class ConsentApproval:
+    def __init__(self, grant_scopes, granted_audiences, session, remember, remember_for):
+        self.grant_scopes = grant_scopes
+        self.granted_audiences = granted_audiences
+        self.session = session
+        self.remember = remember
+        self.remember_for = remember_for
+
+
+class ConsentRequestSessionData:
+    def __init__(self, access_token, id_token, userinfo):
+        self.access_token = access_token
+        self.id_token = id_token
+        self.userinfo = userinfo
+