| 137 | char.refreshToken = config.cipher.encrypt(tokenResponse['refresh_token'].encode()) |
| 138 | |
| 139 | def get_login_uri(self, redirect=None): |
| 140 | self.state = str(uuid.uuid4()) |
| 141 | |
| 142 | # Generate the PKCE code challenge |
| 143 | self.code_verifier = base64.urlsafe_b64encode(secrets.token_bytes(32)) |
| 144 | m = hashlib.sha256() |
| 145 | m.update(self.code_verifier) |
| 146 | d = m.digest() |
| 147 | code_challenge = base64.urlsafe_b64encode(d).decode().replace("=", "") |
| 148 | |
| 149 | state_arg = { |
| 150 | 'mode': self.settings.get('loginMode'), |
| 151 | 'redirect': redirect, |
| 152 | 'state': self.state |
| 153 | } |
| 154 | |
| 155 | if(self.server_name=="Serenity"): |
| 156 | args = { |
| 157 | 'response_type': 'code', |
| 158 | 'redirect_uri': self.server_base.callback, |
| 159 | 'client_id': self.client_id, |
| 160 | 'scope': ' '.join(scopes), |
| 161 | 'state': 'hilltech', |
| 162 | 'device_id': 'eims' |
| 163 | } |
| 164 | else: |
| 165 | args = { |
| 166 | 'response_type': 'code', |
| 167 | 'redirect_uri': self.server_base.callback, |
| 168 | 'client_id': self.client_id, |
| 169 | 'scope': ' '.join(scopes), |
| 170 | 'code_challenge': code_challenge, |
| 171 | 'code_challenge_method': 'S256', |
| 172 | 'state': base64.b64encode(bytes(json.dumps(state_arg), 'utf-8')) |
| 173 | } |
| 174 | return '%s?%s' % ( |
| 175 | self.oauth_authorize, |
| 176 | urlencode(args) |
| 177 | ) |
| 178 | |
| 179 | def get_oauth_header(self, token): |
| 180 | """ Return the Bearer Authorization header required in oauth calls |