Andreas Svanberg
dce824b5dd
The UserInfo endpoint is for fetching the users profile (name, email, phone number, picture, and so on). Token introspection is for inspecting the access token and determining the authorities the user has (subject (principal), entitlements, and scopes granted).
33 lines
1.1 KiB
Python
33 lines
1.1 KiB
Python
import requests
|
|
|
|
|
|
class Oauth:
|
|
def __init__(self, config: dict):
|
|
self.token_url = config['token_url']
|
|
self.introspection_url = config['introspection_url']
|
|
self.client_id = config['client_id']
|
|
self.client_secret = config['client_secret']
|
|
|
|
auth_url = config['authorization_url']
|
|
auth_args=f'response_type=code&client_id={self.client_id}'
|
|
self.auth_url = f'{auth_url}?{auth_args}'
|
|
|
|
self.session = requests.Session()
|
|
self.session.auth = (self.client_id, self.client_secret)
|
|
|
|
def request_access_token(self, one_time_code: str) -> dict:
|
|
body = {'grant_type': 'authorization_code',
|
|
'code': one_time_code}
|
|
response = self.session.post(self.token_url, data=body)
|
|
return response.json()['access_token']
|
|
|
|
def authorize(self, token: str) -> dict:
|
|
body = {'token': token}
|
|
response = self.session.post(self.introspection_url,
|
|
data=body)
|
|
try:
|
|
response.raise_for_status()
|
|
except requests.HTTPError:
|
|
return None
|
|
return response.json()
|