"""IAMAuth class. /* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ """ import requests import time from requests.auth import AuthBase class AuthHandlerException(Exception): def __init__(self, response): self.response = response class IAMAuth(AuthBase): def __init__(self, authKey, endpoint): self.authKey = authKey self.endpoint = endpoint self.tokenInfo = {} def __call__(self, r): r.headers['Authorization'] = 'Bearer {}'.format(self.__getToken()) return r def __getToken(self): if 'expires_in' not in self.tokenInfo or self.__isRefreshTokenExpired(): response = self.__requestToken() if response.ok and 'access_token' in response.json(): self.tokenInfo = response.json() return self.tokenInfo['access_token'] else: raise AuthHandlerException(response) elif self.__isTokenExpired(): response = self.__refreshToken() if response.ok and 'access_token' in response.json(): self.tokenInfo = response.json() return self.tokenInfo['access_token'] else: raise AuthHandlerException(response) else: return self.tokenInfo['access_token'] def __requestToken(self): headers = { 'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic Yng6Yng=' } payload = { 'grant_type': 'urn:ibm:params:oauth:grant-type:apikey', 'apikey': self.authKey } return self.__sendRequest(payload, headers) def __refreshToken(self): headers = { 'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic Yng6Yng=' } payload = { 'grant_type': 'refresh_token', 'refresh_token': self.tokenInfo['refresh_token'] } return self.__sendRequest(payload, headers) def __isTokenExpired(self): if 'expires_in' not in self.tokenInfo or 'expiration' not in self.tokenInfo: return True fractionOfTtl = 0.8 timeToLive = self.tokenInfo['expires_in'] expireTime = self.tokenInfo['expiration'] currentTime = int(time.time()) refreshTime = expireTime - (timeToLive * (1.0 - fractionOfTtl)) return refreshTime < currentTime def __isRefreshTokenExpired(self): if 'expiration' not in self.tokenInfo: return True sevenDays = 7 * 24 * 3600 currentTime = int(time.time()) newTokenTime = self.tokenInfo['expiration'] + sevenDays return newTokenTime < currentTime def __sendRequest(self, payload, headers): response = requests.post(self.endpoint, data=payload, headers=headers) return response