Switch from OIDC UserInfo to OAuth 2.0 Token Introspection #1
@ -69,7 +69,7 @@ def setup() -> None:
|
|||||||
|
|
||||||
token = request.cookies.get(token_cookie)
|
token = request.cookies.get(token_cookie)
|
||||||
user_info = oauth.authorize(token)
|
user_info = oauth.authorize(token)
|
||||||
if not user_info:
|
if not user_info or not user_info['active']:
|
||||||
return Response(status=403)
|
return Response(status=403)
|
||||||
|
|
||||||
if not check_access(user_info['entitlements']):
|
if not check_access(user_info['entitlements']):
|
||||||
|
|||||||
@ -22,8 +22,9 @@ class Oauth:
|
|||||||
return response.json()['access_token']
|
return response.json()['access_token']
|
||||||
|
|
||||||
def authorize(self, token: str) -> dict:
|
def authorize(self, token: str) -> dict:
|
||||||
|
body = {'token': token}
|
||||||
response = self.session.post(self.introspection_url,
|
response = self.session.post(self.introspection_url,
|
||||||
data=token)
|
data=body)
|
||||||
try:
|
try:
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
except requests.HTTPError:
|
except requests.HTTPError:
|
||||||
|
|||||||
@ -57,6 +57,6 @@ required_entitlement = urn:mace:some:entitlement
|
|||||||
[oauth]
|
[oauth]
|
||||||
authorization_url = https://oauth.example/authorize
|
authorization_url = https://oauth.example/authorize
|
||||||
token_url = https://oauth.example/exchange
|
token_url = https://oauth.example/exchange
|
||||||
introspection_url = https://oauth.example/verify
|
introspection_url = https://oauth.example/introspect
|
||||||
client_id = some_id_string
|
client_id = some_id_string
|
||||||
client_secret = some_secret_string
|
client_secret = some_secret_string
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user