use hydra userinfo and id_token info
This commit is contained in:
parent
2a349d132a
commit
7a796825d0
|
@ -16,32 +16,6 @@ from ..auth_providers import LdapAuthProvider
|
|||
|
||||
api_views = Blueprint('api', __name__, url_prefix='/api')
|
||||
|
||||
@api_views.route('/userinfo', methods=['GET', 'POST'])
|
||||
def userinfo():
|
||||
if 'authorization' not in request.headers:
|
||||
return 'not token found', 400
|
||||
token = request.headers['authorization'].replace('Bearer ', '')
|
||||
token_info = current_app.hydra_api.introspect_o_auth2_token(token=token)
|
||||
if not token_info.active:
|
||||
return 'token not valid', 403
|
||||
|
||||
user_db = User.query.get(token_info.sub)
|
||||
user = User.query_().by_username(user_db.username)
|
||||
|
||||
public_url = current_app.config.get('HYDRA_PUBLIC_URL')
|
||||
r = requests.get(
|
||||
f"{public_url}/userinfo",
|
||||
headers={
|
||||
'authorization': request.headers['authorization']})
|
||||
userinfo = r.json()
|
||||
scopes = token_info.scope.split(' ')
|
||||
if 'email' in scopes:
|
||||
userinfo['email'] = str(user.email)
|
||||
if 'profile' in scopes:
|
||||
userinfo['username'] = str(user.username)
|
||||
print(userinfo)
|
||||
return jsonify(userinfo)
|
||||
|
||||
|
||||
@api_views.route('/users', methods=['GET'])
|
||||
def user_list():
|
||||
|
|
|
@ -8,7 +8,7 @@ from flask.templating import render_template
|
|||
from flask_babel import gettext
|
||||
|
||||
from flask import request, url_for
|
||||
from flask_login import login_required, login_user, logout_user
|
||||
from flask_login import login_required, login_user, logout_user, current_user
|
||||
import logging
|
||||
from urllib.parse import urlparse
|
||||
from base64 import b64decode, b64encode
|
||||
|
@ -36,9 +36,16 @@ def consent():
|
|||
|
||||
requested_scope = consent_request.requested_scope
|
||||
requested_audiences = consent_request.requested_access_token_audience
|
||||
user = User.query.get(consent_request.subject)
|
||||
|
||||
if form.validate_on_submit() or consent_request.skip:
|
||||
token_data = {
|
||||
'preferred_username': str(current_user.username),
|
||||
'email': str(current_user.email),
|
||||
'email_verified': True,
|
||||
}
|
||||
id_token_data = {}
|
||||
if 'openid' in requested_scope:
|
||||
id_token_data = token_data
|
||||
resp = current_app.hydra_api.accept_consent_request(
|
||||
consent_request.challenge, body={
|
||||
'grant_scope': requested_scope,
|
||||
|
@ -46,10 +53,8 @@ def consent():
|
|||
'remember': form.data['remember'],
|
||||
'remember_for': remember_for,
|
||||
'session': {
|
||||
'access_token': {},
|
||||
'id_token': {
|
||||
'preferred_username': user.username
|
||||
}
|
||||
'access_token': token_data,
|
||||
'id_token': id_token_data
|
||||
}
|
||||
})
|
||||
return redirect(resp.redirect_to)
|
||||
|
|
Loading…
Reference in a new issue