-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
196 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -106,4 +106,5 @@ keys | |
tests/resources/keys/*.pem | ||
|
||
.DS_Store | ||
.vscode | ||
build.sh | ||
.vscode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
import flask | ||
|
||
from fence.models import IdentityProvider | ||
from fence.resources.openid.generic_oauth2 import GENERIC_IDP_NAME | ||
from fence.blueprints.login.base import DefaultOAuth2Login, DefaultOAuth2Callback | ||
|
||
|
||
class GenericLogin(DefaultOAuth2Login): | ||
def __init__(self): | ||
super(GenericLogin, self).__init__( | ||
idp_name=GENERIC_IDP_NAME, | ||
client=flask.current_app.generic_client, | ||
) | ||
|
||
|
||
class GenericCallback(DefaultOAuth2Callback): | ||
def __init__(self): | ||
super(GenericCallback, self).__init__( | ||
idp_name=GENERIC_IDP_NAME, | ||
client=flask.current_app.generic_client, | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
import flask | ||
|
||
from fence.models import IdentityProvider | ||
from fence.resources.openid.okta_oauth2 import OKTA_IDP_NAME | ||
from fence.blueprints.login.base import DefaultOAuth2Login, DefaultOAuth2Callback | ||
|
||
|
||
class OktaLogin(DefaultOAuth2Login): | ||
def __init__(self): | ||
super(OktaLogin, self).__init__( | ||
idp_name=OKTA_IDP_NAME, | ||
client=flask.current_app.okta_client, | ||
) | ||
|
||
|
||
class OktaCallback(DefaultOAuth2Callback): | ||
def __init__(self): | ||
super(OktaCallback, self).__init__( | ||
idp_name=OKTA_IDP_NAME, | ||
client=flask.current_app.okta_client, | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
import json | ||
from .idp_oauth2 import Oauth2ClientBase | ||
|
||
GENERIC_IDP_NAME = "generic" | ||
|
||
class GenericOauth2Client(Oauth2ClientBase): | ||
|
||
def __init__(self, settings, logger, HTTP_PROXY=None): | ||
super(GenericOauth2Client, self).__init__( | ||
settings, | ||
logger, | ||
scope="openid email", | ||
discovery_url=settings["discovery_url"], | ||
idp="Generic", | ||
HTTP_PROXY=HTTP_PROXY, | ||
) | ||
|
||
def get_auth_url(self): | ||
""" | ||
Get authorization uri from discovery doc | ||
""" | ||
authorization_endpoint = self.get_value_from_discovery_doc( | ||
"authorization_endpoint", | ||
"", | ||
) | ||
uri, _ = self.session.create_authorization_url( | ||
authorization_endpoint, prompt="login" | ||
) | ||
|
||
return uri | ||
|
||
def get_user_id(self, code): | ||
try: | ||
token_endpoint = self.get_value_from_discovery_doc( | ||
"token_endpoint", | ||
"", | ||
) | ||
jwks_endpoint = self.get_value_from_discovery_doc( | ||
"jwks_uri", | ||
"", | ||
) | ||
claims = self.get_jwt_claims_identity(token_endpoint, jwks_endpoint, code) | ||
|
||
if claims["email"]: | ||
return {"email": claims["email"]} | ||
else: | ||
return {"error": "Can't get user's email!"} | ||
except Exception as e: | ||
self.logger.exception("Can't get user info") | ||
return {"error": "Can't get your email: {}".format(e)} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
import json | ||
from .idp_oauth2 import Oauth2ClientBase | ||
|
||
OKTA_IDP_NAME = "okta" | ||
|
||
class OktaOauth2Client(Oauth2ClientBase): | ||
|
||
def __init__(self, settings, logger, HTTP_PROXY=None): | ||
super(OktaOauth2Client, self).__init__( | ||
settings, | ||
logger, | ||
scope="openid email", | ||
discovery_url=settings["discovery_url"], | ||
idp="Okta", | ||
HTTP_PROXY=HTTP_PROXY, | ||
) | ||
|
||
def get_auth_url(self): | ||
""" | ||
Get authorization uri from discovery doc | ||
""" | ||
authorization_endpoint = self.get_value_from_discovery_doc( | ||
"authorization_endpoint", | ||
"", | ||
) | ||
uri, _ = self.session.create_authorization_url( | ||
authorization_endpoint, prompt="login" | ||
) | ||
|
||
return uri | ||
|
||
def get_user_id(self, code): | ||
try: | ||
token_endpoint = self.get_value_from_discovery_doc( | ||
"token_endpoint", | ||
"", | ||
) | ||
jwks_endpoint = self.get_value_from_discovery_doc( | ||
"jwks_uri", | ||
"", | ||
) | ||
claims = self.get_jwt_claims_identity(token_endpoint, jwks_endpoint, code) | ||
|
||
if claims["email"]: | ||
return {"email": claims["email"]} | ||
else: | ||
return {"error": "Can't get user's email!"} | ||
except Exception as e: | ||
self.logger.exception("Can't get user info") | ||
return {"error": "Can't get your email: {}".format(e)} |