use hydra userinfo and id_token info

This commit is contained in:
TuxCoder 2020-05-30 23:33:59 +02:00
parent 2a349d132a
commit 7a796825d0
2 changed files with 12 additions and 33 deletions

View file

@ -16,32 +16,6 @@ from ..auth_providers import LdapAuthProvider
api_views = Blueprint('api', __name__, url_prefix='/api')
@api_views.route('/userinfo', methods=['GET', 'POST'])
def userinfo():
if 'authorization' not in request.headers:
return 'not token found', 400
token = request.headers['authorization'].replace('Bearer ', '')
token_info = current_app.hydra_api.introspect_o_auth2_token(token=token)
if not token_info.active:
return 'token not valid', 403
user_db = User.query.get(token_info.sub)
user = User.query_().by_username(user_db.username)
public_url = current_app.config.get('HYDRA_PUBLIC_URL')
r = requests.get(
f"{public_url}/userinfo",
headers={
'authorization': request.headers['authorization']})
userinfo = r.json()
scopes = token_info.scope.split(' ')
if 'email' in scopes:
userinfo['email'] = str(user.email)
if 'profile' in scopes:
userinfo['username'] = str(user.username)
print(userinfo)
return jsonify(userinfo)
@api_views.route('/users', methods=['GET'])
def user_list():

View file

@ -8,7 +8,7 @@ from flask.templating import render_template
from flask_babel import gettext
from flask import request, url_for
from flask_login import login_required, login_user, logout_user
from flask_login import login_required, login_user, logout_user, current_user
import logging
from urllib.parse import urlparse
from base64 import b64decode, b64encode
@ -36,9 +36,16 @@ def consent():
requested_scope = consent_request.requested_scope
requested_audiences = consent_request.requested_access_token_audience
user = User.query.get(consent_request.subject)
if form.validate_on_submit() or consent_request.skip:
token_data = {
'preferred_username': str(current_user.username),
'email': str(current_user.email),
'email_verified': True,
}
id_token_data = {}
if 'openid' in requested_scope:
id_token_data = token_data
resp = current_app.hydra_api.accept_consent_request(
consent_request.challenge, body={
'grant_scope': requested_scope,
@ -46,11 +53,9 @@ def consent():
'remember': form.data['remember'],
'remember_for': remember_for,
'session': {
'access_token': {},
'id_token': {
'preferred_username': user.username
}
}
'access_token': token_data,
'id_token': id_token_data
}
})
return redirect(resp.redirect_to)
return render_template(