This repository was archived by the owner on Oct 7, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathauthenticate_with_authorization_code.py
More file actions
107 lines (89 loc) · 3.36 KB
/
authenticate_with_authorization_code.py
File metadata and controls
107 lines (89 loc) · 3.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
"""Log with UAA web login page (using grant_type "authorization_code")
The use case for this grant type is for websites that want to
"Log in with UAA".
This example is more of snippets, since it requires redirecting to UAA and
then receiving the authorization code on your web server...
"""
from __future__ import print_function
import os
import sys
import json
import cf_api
from webbrowser import open_new
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
PORT = int(os.getenv('PORT', 8080))
def browser_authorize(auth_uri):
"""Opens the UAA login page in the default web browser to allow the user
to login, then waits for UAA to redirect back to http://localhost:8080,
and then, then captures the authorization code and verifies it with UAA,
and finally displays the login info.
"""
# open the UAA login page in the web browser
open_new(auth_uri)
class CodeHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header('Content-Type', 'text/html')
self.end_headers()
self.wfile.write("""
<html><head>
<script>window.onload = function() {window.close();}</script>
</head><body>
Hi... and bye! (you may close this window)</body>
</html>
""")
parts = self.path.split('=')
if len(parts) < 2:
raise Exception('invalid response {0}'.format(self.path))
auth_code = parts[1]
self.server.result = auth_code
# create a server to handle the redirected authorization code from UAA
server = HTTPServer(('', PORT), CodeHandler)
# this method waits for a single HTTP request and then shuts down the
# server
server.handle_request()
return server.result
print('----------')
cloud_controller_url = raw_input('cloud controller url: ').strip()
client_id = 'test-client-id'
client_secret = 'test-client-secret'
print('----------')
print('Redirecting to UAA...')
# we create an instance of the cloud controller, but tell it to NOT authorize
# with UAA.
cc_noauth = cf_api.new_cloud_controller(
cloud_controller_url,
client_id=client_id,
client_secret=client_secret,
no_auth=True
)
# we use noauth client to create the redirect URI
uaa_uri = cc_noauth.uaa.authorization_code_url('code')
# get the authorization code by logging in at the web browser, receiving
# the redirect, and extracting the authorization code
code = browser_authorize(uaa_uri)
print('authorization code: ' + str(code))
print('----------')
print('Verifying authorization code...')
# we create a UAA authenticated client using the authorization code by passing
# in the "authorization_code" keyword argument
cc = cf_api.new_cloud_controller(
cloud_controller_url,
client_id=client_id,
client_secret=client_secret,
authorization_code=dict(
code=code,
response_type='code',
)
)
print('Login OK!')
print('----------')
access_token = cc.uaa.get_access_token()
refresh_token = cc.uaa.get_refresh_token()
print('access_token: ' + access_token.to_string() + '\n')
print('refresh_token: ' + refresh_token.to_string() + '\n')
print('user_id: ' + access_token.user_id + '\n')
print('user_name: ' + access_token.user_name + '\n')
print('access_token_data:')
json.dump(access_token.attrs, sys.stdout, indent=2)
print()