You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/10/11 21:11:19 UTC
[airavata-django-portal] 02/05: AIRAVATA-2888 Get service account
token
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit d1e77811c2aacae9c3ffdf0cf8595d37c41052ca
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Thu Oct 11 12:04:26 2018 -0400
AIRAVATA-2888 Get service account token
---
django_airavata/apps/auth/utils.py | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/django_airavata/apps/auth/utils.py b/django_airavata/apps/auth/utils.py
index a4691d7..e5d39ea 100644
--- a/django_airavata/apps/auth/utils.py
+++ b/django_airavata/apps/auth/utils.py
@@ -4,6 +4,8 @@ import time
from django.conf import settings
from django.contrib.auth import authenticate
+from oauthlib.oauth2 import BackendApplicationClient
+from requests_oauthlib import OAuth2Session
from airavata.model.security.ttypes import AuthzToken
@@ -20,6 +22,31 @@ def get_authz_token(request):
return None
+def get_service_account_authz_token():
+ client_id = settings.KEYCLOAK_CLIENT_ID
+ client_secret = settings.KEYCLOAK_CLIENT_SECRET
+ token_url = settings.KEYCLOAK_TOKEN_URL
+ verify_ssl = settings.KEYCLOAK_VERIFY_SSL
+
+ client = BackendApplicationClient(client_id=client_id)
+ oauth = OAuth2Session(client=client)
+ if hasattr(settings, 'KEYCLOAK_CA_CERTFILE'):
+ oauth.verify = settings.KEYCLOAK_CA_CERTFILE
+ token = oauth.fetch_token(
+ token_url=token_url,
+ client_id=client_id,
+ client_secret=client_secret,
+ verify=verify_ssl)
+
+ access_token = token.get('access_token')
+ return AuthzToken(
+ accessToken=access_token,
+ claimsMap={
+ 'gatewayID': settings.GATEWAY_ID,
+ # This is a service account, so leaving userName blank for now
+ 'userName': None})
+
+
def _create_authz_token(request):
access_token = request.session['ACCESS_TOKEN']
username = request.user.username