studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
78818ba541cb390385f34992a66d23a9fd1d6f56
people/src/backend/core/resource_server/authentication.py

55 lines
1.8 KiB
Python
Raw Normal View History

✨(backend) authenticate requests using an access token issued by AC Overload mozilla-django-oidc class to support an authentication method with the resource server backend. This enables any route of the API to be called with an access token issued by Agent Connect.
2024-07-29 15:52:19 +02:00
"""Resource Server Authentication"""
import base64
import binascii
import logging
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured
from mozilla_django_oidc.contrib.drf import OIDCAuthentication
🩹(backend) enable resource server authentication if properly configured Tests are missing, let's ship it, I'll open an issue. Without such protection, the whole app would crash if the resource server is not configured. The fallback backend would return an appropriate error to the client if the resource server is improperly configured.
2024-07-29 19:26:50 +02:00
from .backend import ResourceServerBackend, ResourceServerImproperlyConfiguredBackend
✨(backend) authenticate requests using an access token issued by AC Overload mozilla-django-oidc class to support an authentication method with the resource server backend. This enables any route of the API to be called with an access token issued by Agent Connect.
2024-07-29 15:52:19 +02:00
from .clients import AuthorizationServerClient
logger = logging.getLogger(__name__)
class ResourceServerAuthentication(OIDCAuthentication):
"""Authenticate clients using the token received from the authorization server."""
def __init__(self):
super().__init__()
🩹(backend) enable resource server authentication if properly configured Tests are missing, let's ship it, I'll open an issue. Without such protection, the whole app would crash if the resource server is not configured. The fallback backend would return an appropriate error to the client if the resource server is improperly configured.
2024-07-29 19:26:50 +02:00
try:
authorization_server_client = AuthorizationServerClient(
url=settings.OIDC_OP_URL,
verify_ssl=settings.OIDC_VERIFY_SSL,
timeout=settings.OIDC_TIMEOUT,
proxy=settings.OIDC_PROXY,
url_jwks=settings.OIDC_OP_JWKS_ENDPOINT,
url_introspection=settings.OIDC_OP_INTROSPECTION_ENDPOINT,
)
self.backend = ResourceServerBackend(authorization_server_client)
except ImproperlyConfigured as err:
message = "Resource Server authentication is disabled"
logger.debug("%s. Exception: %s", message, err)
self.backend = ResourceServerImproperlyConfiguredBackend()
✨(backend) authenticate requests using an access token issued by AC Overload mozilla-django-oidc class to support an authentication method with the resource server backend. This enables any route of the API to be called with an access token issued by Agent Connect.
2024-07-29 15:52:19 +02:00
def get_access_token(self, request):
"""Retrieve and decode the access token from the request.
This method overcharges the 'get_access_token' method from the parent class,
to support service providers that would base64 encode the bearer token.
"""
access_token = super().get_access_token(request)
try:
access_token = base64.b64decode(access_token).decode("utf-8")
except (binascii.Error, TypeError):
pass
return access_token
Reference in New Issue Copy Permalink