in LambdaFunction/FHIRClient.py [0:0]
def get_access_token(self, clientid, audience, expires_in_minutes=4):
segments = []
header_dict = {
"alg": "RS384",
"typ": "JWT"
}
header = json.dumps(header_dict, separators=(",", ":")).encode("utf-8")
segments.append( base64.urlsafe_b64encode(header).replace(b"=", b"") )
tmpexp = datetime.now(timezone.utc) + timedelta(minutes=expires_in_minutes)
tmpintexp = int((tmpexp - datetime(1970, 1, 1, tzinfo=timezone.utc)).total_seconds())
payload_dict = {
'iss': clientid,
'sub': clientid,
'aud': audience,
'jti': ''.join(random.choice(string.ascii_letters) for i in range(150)),
'exp': tmpintexp
}
payload = json.dumps(payload_dict, separators=(",", ":")).encode("utf-8")
segments.append( base64.urlsafe_b64encode(payload).replace(b"=", b"") )
signing_input = b".".join(segments)
logger.debug('signing input: {}'.format(signing_input.decode("utf-8")))
response = self.kms_client.sign(
KeyId=self.kms_key_id,
Message=signing_input,
MessageType='RAW',
SigningAlgorithm='RSASSA_PKCS1_V1_5_SHA_384' ## 'RSASSA_PSS_SHA_384'|'ECDSA_SHA_384'
)
signature = base64.urlsafe_b64encode(response['Signature']).replace(b"=", b"")
logger.debug('signature: {}'.format( signature ))
segments.append( signature )
encoded = b".".join(segments)
logger.debug('encoded: {}'.format(encoded.decode("utf-8")))
postData = {
'grant_type' : 'client_credentials',
'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
'client_assertion': encoded
};
r = self.http.request('POST', audience, fields=postData)
logger.debug(json.loads(r.data.decode()))
return {
'status': r.status,
'data': json.loads(r.data.decode())
}