ADX-1017

fjelltopp · Jul 14, 2023 · 92da373 · 92da373
1 parent 9038825
commit 92da373
Showing 1 changed file with 22 additions and 22 deletions.
diff --git a/ckanext/unaids/blueprints/ape_data_receiver.py b/ckanext/unaids/blueprints/ape_data_receiver.py
@@ -8,45 +8,45 @@
 
 from urllib.parse import urlparse, urlencode
 
-
+import jwt
 
 ape_data_receiver = Blueprint("ape_data_receiver", __name__)
 
+parsed_url = urlparse(toolkit.config.get('ckanext.saml2auth.idp_metadata.remote_url'))
+auth0_domain = parsed_url.scheme + "://" + parsed_url.netloc
+client_id = toolkit.config.get('ape_client_id')
+client_secret = toolkit.config.get('ape_client_secret')
+redirect_url = toolkit.config.get('ape_callback_url')
+state = toolkit.config.get('ape_state')
+
 @ape_data_receiver.route('/ape_data_receiver', methods=['GET'])
 def receive():
-    # import pydevd_pycharm
-    # pydevd_pycharm.settrace('172.17.0.1', port=9999, stdoutToServer=True, stderrToServer=True)
     if not g.user:
         return toolkit.abort(403, _('You must be logged in to access this page'))
     else:
-        parsed_url = urlparse(toolkit.config.get('ckanext.saml2auth.idp_metadata.remote_url'))
-        base_url = parsed_url.scheme + "://" + parsed_url.netloc + "/authorize"
-        client_id = toolkit.config.get('ape_client_id')
-        client_secret = toolkit.config.get('ape_client_secret')
-        redirect_url = toolkit.config.get('ape_callback_url')
-        state = toolkit.config.get('ape_state')
-        audience = url_for('ape_data_receiver.accept', _external=True)
+        base_url = auth0_domain + "/authorize"
         query_params = {
-            "scope": "openid profile email",
-            # "audience": audience,
+            "scope": "openid profile email user_metadata jobtitle affiliation",
             "response_type": "code",
             "client_id": client_id,
             "client_secret": client_secret,
             "redirect_uri": redirect_url,
             "state": state,
-            # "prompt": "none"
         }
         auth_url = base_url + "?" + urlencode(query_params)
-        silent_response = requests.get(auth_url)
-
-        # return redirect('http://adr.local/user/edit/admin')
-        # return jsonify({"message": "Silent authentication initiated.", "args": request.args, "silent_response": silent_response.text})
         return redirect(auth_url)
 @ape_data_receiver.route('/ape_callback', methods=['GET'])
 def refresh():
-    return request.args
-
+    token_endpoint = f'{auth0_domain}/oauth/token'
+    response = requests.post(token_endpoint, json={
+        'grant_type': 'authorization_code',
+        'client_id': client_id,
+        'client_secret': client_secret,
+        'redirect_uri': redirect_url,
+        'code': request.args.get('code')
+    })
+
+    id_token = response.json()["id_token"]
+    decoded_id_token = jwt.decode(id_token, options={"verify_signature": False})
+    return decoded_id_token
 
-@ape_data_receiver.route('/ape_audience', methods=['GET'])
-def accept():
-    return "ok"