Ozwillo » Modules CKAN Ozwillo

BEHAVIOUR = {

    "response_type": "code",

    "scope": ["openid", "profile", "email", "address", "phone"],

}

# The keys in this dictionary are the OPs short userfriendly name

# not the issuer (iss) name.

CLIENTS = {

    # The ones that support webfinger, OP discovery and client registration

    # This is the default, any client that is not listed here is expected to

    # support dynamic discovery and registration.

    # Supports OP information lookup but not client registration

    "ozwillo": {

        "srv_discovery_url": "https://accounts.ozwillo-preprod.eu/",

        "client_registration": {

            "client_id": None,

            "client_secret": None,

            "redirect_uris": [],

        },

        "behaviour": {

            "response_type": "code",

            "scope": ["openid", "profile", "email"]

        },

        "allow": {

            "issuer_mismatch": True

        }

from oic.utils.http_util import Redirect

__author__ = 'roland'

class OIDCClients(object):

    def __init__(self, config):

        """

        :param config: Imported configuration module

        :return:

        """

        self.client = {}

        self.client_cls = Client

        self.config = config

        for key, val in config.CLIENTS.items():

            if key == "":

                continue

            else:

                self.client[key] = self.create_client(**val)

    def create_client(self, userid="", **kwargs):

        """

        Do an instantiation of a client instance

        :param userid: An identifier of the user

        :param: Keyword arguments

            Keys are ["srv_discovery_url", "client_info", "client_registration",

            "provider_info"]

        :return: client instance

        """

        _key_set = set(kwargs.keys())

        args = {}

        for param in ["verify_ssl"]:

            try:

                args[param] = kwargs[param]

            except KeyError:

                pass

            else:

                _key_set.discard(param)

        client = self.client_cls(client_authn_method=CLIENT_AUTHN_METHOD,

                                 behaviour=kwargs["behaviour"], verify_ssl=self.config.VERIFY_SSL, **args)

        # The behaviour parameter is not significant for the election process

        _key_set.discard("behaviour")

        for param in ["allow"]:

            try:

                setattr(client, param, kwargs[param])

            except KeyError:

                pass

            else:

                _key_set.discard(param)

        if _key_set == set(["client_info"]):  # Everything dynamic

            # There has to be a userid

            if not userid:

                raise MissingAttribute("Missing userid specification")

            # Find the service that provides information about the OP

            issuer = client.wf.discovery_query(userid)

            # Gather OP information

            _ = client.provider_config(issuer)

            # register the client

            _ = client.register(client.provider_info["registration_endpoint"],

                                **kwargs["client_info"])

        elif _key_set == set(["client_info", "srv_discovery_url"]):

            # Ship the webfinger part

            # Gather OP information

            _ = client.provider_config(kwargs["srv_discovery_url"])

            # register the client

            _ = client.register(client.provider_info["registration_endpoint"],

                                **kwargs["client_info"])

        elif _key_set == set(["provider_info", "client_info"]):

            client.handle_provider_config(

                ProviderConfigurationResponse(**kwargs["provider_info"]),

                kwargs["provider_info"]["issuer"])

            _ = client.register(client.provider_info["registration_endpoint"],

                                **kwargs["client_info"])

        elif _key_set == set(["provider_info", "client_registration"]):

            client.handle_provider_config(

                ProviderConfigurationResponse(**kwargs["provider_info"]),

                kwargs["provider_info"]["issuer"])

            client.store_registration_info(RegistrationResponse(

                **kwargs["client_registration"]))

        elif _key_set == set(["srv_discovery_url", "client_registration"]):

            _ = client.provider_config(kwargs["srv_discovery_url"])

            client.store_registration_info(RegistrationResponse(

                **kwargs["client_registration"]))

        else:

            raise Exception("Configuration error ?")

        return client

    def dynamic_client(self, userid):

        client = self.client_cls(client_authn_method=CLIENT_AUTHN_METHOD,

                                 verify_ssl=self.config.VERIFY_SSL)

        issuer = client.wf.discovery_query(userid)

        if issuer in self.client:

            return self.client[issuer]

            # Gather OP information

            _pcr = client.provider_config(issuer)

            # register the client

            _ = client.register(_pcr["registration_endpoint"],

                                **self.config.CLIENTS[""]["client_info"])

            try:

                client.behaviour.update(**self.config.CLIENTS[""]["behaviour"])

            except KeyError:

                pass

            self.client[issuer] = client

            return client

    def __getitem__(self, item):

        """

        Given a service or user identifier return a suitable client

        :param item:

        :return:

        """

            return self.client[item]

            return self.dynamic_client(item)

    def keys(self):

        return self.client.keys()

from oidc import OIDCClients

            conf.CLIENTS['ozwillo']['client_registration'].update({

            CLIENT = OIDCClients(conf)['ozwillo']