You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2021/06/25 18:26:08 UTC
[airavata-django-portal] 03/03: AIRAVATA-3468 configuration of URLs
for retrieving external IDP userinfo
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch AIRAVATA-3319-handle-missing-name-and-email-attributes-from-cilo
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit 77a34135def6c43215687bb8e0a37830ba70b9a0
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Jun 25 13:50:16 2021 -0400
AIRAVATA-3468 configuration of URLs for retrieving external IDP userinfo
---
django_airavata/apps/auth/backends.py | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/django_airavata/apps/auth/backends.py b/django_airavata/apps/auth/backends.py
index cc0df6b..1c534ce 100644
--- a/django_airavata/apps/auth/backends.py
+++ b/django_airavata/apps/auth/backends.py
@@ -267,6 +267,17 @@ class KeycloakBackend(object):
def _store_idp_userinfo(self, user, token, idp_alias):
try:
+ idp_token_url = None
+ userinfo_url = None
+ for auth_option in settings.AUTHENTICATION_OPTIONS['external']:
+ if auth_option['idp_alias'] == idp_alias:
+ idp_token_url = auth_option.get('idp_token_url')
+ userinfo_url = auth_option.get('userinfo_url')
+ break
+ if idp_token_url is None or userinfo_url is None:
+ logger.debug(f"idp_token_url and/or userinfo_url not set for {idp_alias} "
+ "in AUTHENTICATION_OPTIONS, skipping retrieval of external IDP userinfo")
+ return
access_token = token['access_token']
logger.debug(f"access_token={access_token} for idp_alias={idp_alias}")
# fetch the idp's token
@@ -274,10 +285,10 @@ class KeycloakBackend(object):
# For the following to work, in Keycloak the IDP should have 'Store
# Tokens' and 'Stored Tokens Readable' enabled and the user needs
# the broker/read-token role
- r = requests.get(f"https://iamdev.scigap.org/auth/realms/seagrid/broker/{idp_alias}/token", headers=headers)
+ r = requests.get(idp_token_url, headers=headers)
idp_token = r.json()
idp_headers = {'Authorization': f"Bearer {idp_token['access_token']}"}
- r = requests.get("https://cilogon.org/oauth2/userinfo", headers=idp_headers)
+ r = requests.get(userinfo_url, headers=idp_headers)
userinfo = r.json()
logger.debug(f"userinfo={userinfo}")