API authentication on zitadel server working
This commit is contained in:
parent
1b58c7fb22
commit
b425462f12
2 changed files with 50 additions and 1 deletions
|
|
@ -44,5 +44,5 @@ oidc_params = dict(
|
||||||
|
|
||||||
# access zitadel API
|
# access zitadel API
|
||||||
zitadel_params = dict(
|
zitadel_params = dict(
|
||||||
private_key_file=('ZITADEL_SERVICE_USER_PRIVATE_KEY_FILE', '.private-key.json')
|
private_key_file=getenv('ZITADEL_SERVICE_USER_PRIVATE_KEY_FILE', '.private-key.json')
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -2,4 +2,53 @@
|
||||||
|
|
||||||
"""Web client functionality: access to web sites, APIs - including authentication."""
|
"""Web client functionality: access to web sites, APIs - including authentication."""
|
||||||
|
|
||||||
|
from datetime import datetime, timedelta, timezone
|
||||||
|
import json
|
||||||
|
import jwt
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
|
import config
|
||||||
|
|
||||||
|
|
||||||
|
def postApi(url, token=None):
|
||||||
|
if token is None:
|
||||||
|
token = authenticateJwt()
|
||||||
|
headers = dict(Authorization=f'Bearer {token}')
|
||||||
|
resp = requests.post(url, headers=headers)
|
||||||
|
data = resp.json()
|
||||||
|
data['_auth_token'] = token
|
||||||
|
return data
|
||||||
|
|
||||||
|
def authenticateJwt(paramsName='zitadel_params'):
|
||||||
|
params = getattr(config, paramsName)
|
||||||
|
keyData = loadPrivateKeyData(params['private_key_file'])
|
||||||
|
userId = keyData['userId']
|
||||||
|
keyId = keyData['keyId']
|
||||||
|
key = keyData['key']
|
||||||
|
now = datetime.now(timezone.utc)
|
||||||
|
token_lifetime=params.get('token_lifetime', 60)
|
||||||
|
payload = dict(
|
||||||
|
iss=userId, sub=userId, aud=config.oidc_provider,
|
||||||
|
iat=now, exp=now + timedelta(minutes=token_lifetime),
|
||||||
|
)
|
||||||
|
jwToken = jwt.encode(payload, key, algorithm="RS256",
|
||||||
|
headers=dict(alg='RS256', kid=keyId))
|
||||||
|
data = dict(
|
||||||
|
grant_type='urn:ietf:params:oauth:grant-type:jwt-bearer',
|
||||||
|
scope='openid urn:zitadel:iam:org:project:id:zitadel:aud',
|
||||||
|
assertion=jwToken,
|
||||||
|
)
|
||||||
|
print(data)
|
||||||
|
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
|
||||||
|
url = config.oidc_provider + '/oauth/v2/token'
|
||||||
|
print(url)
|
||||||
|
resp = requests.post(url, data=data, headers=headers)
|
||||||
|
if resp.status_code != 200:
|
||||||
|
print(resp.text)
|
||||||
|
return None
|
||||||
|
tdata = resp.json()
|
||||||
|
return tdata['access_token']
|
||||||
|
|
||||||
|
def loadPrivateKeyData(fn='.private-key.json'):
|
||||||
|
with open(fn) as f:
|
||||||
|
return json.load(f)
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue