(
token,
user_info,
key,
iss,
aud,
alg="RS256",
exp=3600,
nonce=None,
auth_time=None,
acr=None,
amr=None,
code=None,
kid=None,
)
| 63 | |
| 64 | |
| 65 | def generate_id_token( |
| 66 | token, |
| 67 | user_info, |
| 68 | key, |
| 69 | iss, |
| 70 | aud, |
| 71 | alg="RS256", |
| 72 | exp=3600, |
| 73 | nonce=None, |
| 74 | auth_time=None, |
| 75 | acr=None, |
| 76 | amr=None, |
| 77 | code=None, |
| 78 | kid=None, |
| 79 | ): |
| 80 | now = int(time.time()) |
| 81 | if auth_time is None: |
| 82 | auth_time = now |
| 83 | |
| 84 | header = {"alg": alg} |
| 85 | if kid: |
| 86 | header["kid"] = kid |
| 87 | |
| 88 | payload = { |
| 89 | "iss": iss, |
| 90 | "aud": aud, |
| 91 | "iat": now, |
| 92 | "exp": now + exp, |
| 93 | "auth_time": auth_time, |
| 94 | } |
| 95 | if nonce: |
| 96 | payload["nonce"] = nonce |
| 97 | |
| 98 | if acr: |
| 99 | payload["acr"] = acr |
| 100 | |
| 101 | if amr: |
| 102 | payload["amr"] = amr |
| 103 | |
| 104 | if code: |
| 105 | c_hash = create_half_hash(code, alg) |
| 106 | if c_hash is not None: |
| 107 | payload["c_hash"] = to_native(c_hash) |
| 108 | |
| 109 | access_token = token.get("access_token") |
| 110 | if access_token: |
| 111 | at_hash = create_half_hash(access_token, alg) |
| 112 | if at_hash is not None: |
| 113 | payload["at_hash"] = to_native(at_hash) |
| 114 | |
| 115 | payload.update(user_info) |
| 116 | if alg == "none": |
| 117 | private_key = None |
| 118 | else: |
| 119 | private_key = import_any_key(key) |
| 120 | |
| 121 | return jwt.encode(header, payload, private_key, [alg]) |
| 122 |
searching dependent graphs…