You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airavata.apache.org by ma...@apache.org on 2018/10/11 21:11:19 UTC

[airavata-django-portal] 02/05: AIRAVATA-2888 Get service account token

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git

commit d1e77811c2aacae9c3ffdf0cf8595d37c41052ca
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Thu Oct 11 12:04:26 2018 -0400

    AIRAVATA-2888 Get service account token
---
 django_airavata/apps/auth/utils.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/django_airavata/apps/auth/utils.py b/django_airavata/apps/auth/utils.py
index a4691d7..e5d39ea 100644
--- a/django_airavata/apps/auth/utils.py
+++ b/django_airavata/apps/auth/utils.py
@@ -4,6 +4,8 @@ import time
 
 from django.conf import settings
 from django.contrib.auth import authenticate
+from oauthlib.oauth2 import BackendApplicationClient
+from requests_oauthlib import OAuth2Session
 
 from airavata.model.security.ttypes import AuthzToken
 
@@ -20,6 +22,31 @@ def get_authz_token(request):
     return None
 
 
+def get_service_account_authz_token():
+    client_id = settings.KEYCLOAK_CLIENT_ID
+    client_secret = settings.KEYCLOAK_CLIENT_SECRET
+    token_url = settings.KEYCLOAK_TOKEN_URL
+    verify_ssl = settings.KEYCLOAK_VERIFY_SSL
+
+    client = BackendApplicationClient(client_id=client_id)
+    oauth = OAuth2Session(client=client)
+    if hasattr(settings, 'KEYCLOAK_CA_CERTFILE'):
+        oauth.verify = settings.KEYCLOAK_CA_CERTFILE
+    token = oauth.fetch_token(
+        token_url=token_url,
+        client_id=client_id,
+        client_secret=client_secret,
+        verify=verify_ssl)
+
+    access_token = token.get('access_token')
+    return AuthzToken(
+        accessToken=access_token,
+        claimsMap={
+            'gatewayID': settings.GATEWAY_ID,
+            # This is a service account, so leaving userName blank for now
+            'userName': None})
+
+
 def _create_authz_token(request):
     access_token = request.session['ACCESS_TOKEN']
     username = request.user.username