in django_airavata/apps/auth/backends.py [0:0]
def _get_token_and_userinfo_from_refresh_token(self,
request,
refresh_token=None):
client_id = settings.KEYCLOAK_CLIENT_ID
client_secret = settings.KEYCLOAK_CLIENT_SECRET
token_url = settings.KEYCLOAK_TOKEN_URL
userinfo_url = settings.KEYCLOAK_USERINFO_URL
verify_ssl = settings.KEYCLOAK_VERIFY_SSL
oauth2_session = OAuth2Session(client_id, scope='openid profile email')
verify = verify_ssl
if verify_ssl and hasattr(settings, 'KEYCLOAK_CA_CERTFILE'):
verify = settings.KEYCLOAK_CA_CERTFILE
refresh_token_ = (refresh_token
if refresh_token is not None
else request.session['REFRESH_TOKEN'])
# refresh_token doesn't take client_secret kwarg, so create auth
# explicitly
auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
try:
token = oauth2_session.refresh_token(token_url=token_url,
refresh_token=refresh_token_,
auth=auth,
verify=verify)
userinfo = oauth2_session.get(userinfo_url).json()
return token, userinfo
except InvalidGrantError as e:
# probably session was terminated by admin or by user logging out in another client
logger.warning(f"Failed to refresh token for user {request.user.username} "
f": {e}")
return None, None