Skip to content

Instantly share code, notes, and snippets.

@SimonShapiro

SimonShapiro/authenticate.ipynb

Created July 7, 2019 08:46
Show Gist options
  • Save SimonShapiro/e8911023e8dfc7e0d0993e3e5f8f4028 to your computer and use it in GitHub Desktop.
Save SimonShapiro/e8911023e8dfc7e0d0993e3e5f8f4028 to your computer and use it in GitHub Desktop.
Download ZIP
Solid application authentication
Display the source blob
Display the rendered blob
Raw
authenticate.ipynb
{
"cells": [
{
"cell_type": "code",
"execution_count": 262,
"metadata": {},
"outputs": [],
"source": [
"import requests"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 2.1a\n"
]
},
{
"cell_type": "code",
"execution_count": 263,
"metadata": {},
"outputs": [],
"source": [
"resp = requests.request(\n",
" method = \"OPTIONS\",\n",
" url = \"https://anvil1.inrupt.net/profile/card#me\"\n",
")"
]
},
{
"cell_type": "code",
"execution_count": 264,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"'<https://anvil1.inrupt.net/profile/.well-known/solid>; rel=\"service\", <https://inrupt.net>; rel=\"http://openid.net/specs/connect/1.0/issuer\", <card.acl>; rel=\"acl\", <card.meta>; rel=\"describedBy\", <http://www.w3.org/ns/ldp#Resource>; rel=\"type\"'"
]
},
"execution_count": 264,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"resp.headers[\"Link\"]"
]
},
{
"cell_type": "code",
"execution_count": 265,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"'https://inrupt.net'"
]
},
"execution_count": 265,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"openid_provider = resp.links[\"http://openid.net/specs/connect/1.0/issuer\"][\"url\"]\n",
"openid_provider"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 2.1b - shows that NSS only uses Link as above for .../1.0/issuer and not as content"
]
},
{
"cell_type": "code",
"execution_count": 266,
"metadata": {},
"outputs": [],
"source": [
"resp = requests.request(\n",
" method = \"get\",\n",
" url = \"https://anvil1.inrupt.net/profile/card#me\"\n",
")"
]
},
{
"cell_type": "code",
"execution_count": 267,
"metadata": {
"scrolled": true
},
"outputs": [
{
"data": {
"text/plain": [
"False"
]
},
"execution_count": 267,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"\"oidc\" in resp.content.decode(\"utf-8\")"
]
},
{
"cell_type": "code",
"execution_count": 268,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"<Graph identifier=Ne497ad678b2e490598b51766330c2b62 (<class 'rdflib.graph.Graph'>)>"
]
},
"execution_count": 268,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"import rdflib\n",
"g = rdflib.Graph()\n",
"g.parse(\"https://anvil1.inrupt.net/profile/card#me\")\n"
]
},
{
"cell_type": "code",
"execution_count": 269,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"http://xmlns.com/foaf/0.1/name\n",
"---------\n",
"http://www.w3.org/ns/pim/space#preferencesFile\n",
"---------\n",
"http://www.w3.org/ns/solid/terms#publicTypeIndex\n",
"---------\n",
"http://www.w3.org/ns/solid/terms#privateTypeIndex\n",
"---------\n",
"http://www.w3.org/ns/pim/space#storage\n",
"---------\n",
"http://www.w3.org/ns/solid/terms#account\n",
"---------\n",
"http://www.w3.org/1999/02/22-rdf-syntax-ns#type\n",
"---------\n",
"http://www.w3.org/ns/ldp#inbox\n",
"---------\n",
"http://www.w3.org/ns/auth/acl#trustedApp\n",
"---------\n"
]
}
],
"source": [
"for (p,) in g.query(\"\"\"\n",
"select distinct ?p {\n",
" <https://anvil1.inrupt.net/profile/card#me> ?p ?o\n",
"}\n",
"\"\"\"):\n",
" print(str(p))\n",
" print(\"---------\")"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 3"
]
},
{
"cell_type": "code",
"execution_count": 270,
"metadata": {},
"outputs": [],
"source": [
"resp = requests.request(\n",
" method = \"GET\",\n",
" url = openid_provider+\"/.well-known/openid-configuration\"\n",
")"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 4"
]
},
{
"cell_type": "code",
"execution_count": 271,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"{'issuer': 'https://inrupt.net',\n",
" 'authorization_endpoint': 'https://inrupt.net/authorize',\n",
" 'token_endpoint': 'https://inrupt.net/token',\n",
" 'userinfo_endpoint': 'https://inrupt.net/userinfo',\n",
" 'jwks_uri': 'https://inrupt.net/jwks',\n",
" 'registration_endpoint': 'https://inrupt.net/register',\n",
" 'response_types_supported': ['code',\n",
" 'code token',\n",
" 'code id_token',\n",
" 'id_token',\n",
" 'id_token token',\n",
" 'code id_token token',\n",
" 'none'],\n",
" 'response_modes_supported': ['query', 'fragment'],\n",
" 'grant_types_supported': ['authorization_code',\n",
" 'implicit',\n",
" 'refresh_token',\n",
" 'client_credentials'],\n",
" 'subject_types_supported': ['public'],\n",
" 'id_token_signing_alg_values_supported': ['RS256', 'RS384', 'RS512', 'none'],\n",
" 'token_endpoint_auth_methods_supported': ['client_secret_basic'],\n",
" 'token_endpoint_auth_signing_alg_values_supported': ['RS256'],\n",
" 'display_values_supported': [],\n",
" 'claim_types_supported': ['normal'],\n",
" 'claims_supported': [],\n",
" 'claims_parameter_supported': False,\n",
" 'request_parameter_supported': True,\n",
" 'request_uri_parameter_supported': False,\n",
" 'require_request_uri_registration': False,\n",
" 'check_session_iframe': 'https://inrupt.net/session',\n",
" 'end_session_endpoint': 'https://inrupt.net/logout'}"
]
},
"execution_count": 271,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"resp.json()"
]
},
{
"cell_type": "code",
"execution_count": 272,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"{'OPENID_CONFIGURATION': {'issuer': 'https://inrupt.net',\n",
" 'authorization_endpoint': 'https://inrupt.net/authorize',\n",
" 'token_endpoint': 'https://inrupt.net/token',\n",
" 'userinfo_endpoint': 'https://inrupt.net/userinfo',\n",
" 'jwks_uri': 'https://inrupt.net/jwks',\n",
" 'registration_endpoint': 'https://inrupt.net/register',\n",
" 'response_types_supported': ['code',\n",
" 'code token',\n",
" 'code id_token',\n",
" 'id_token',\n",
" 'id_token token',\n",
" 'code id_token token',\n",
" 'none'],\n",
" 'response_modes_supported': ['query', 'fragment'],\n",
" 'grant_types_supported': ['authorization_code',\n",
" 'implicit',\n",
" 'refresh_token',\n",
" 'client_credentials'],\n",
" 'subject_types_supported': ['public'],\n",
" 'id_token_signing_alg_values_supported': ['RS256', 'RS384', 'RS512', 'none'],\n",
" 'token_endpoint_auth_methods_supported': ['client_secret_basic'],\n",
" 'token_endpoint_auth_signing_alg_values_supported': ['RS256'],\n",
" 'display_values_supported': [],\n",
" 'claim_types_supported': ['normal'],\n",
" 'claims_supported': [],\n",
" 'claims_parameter_supported': False,\n",
" 'request_parameter_supported': True,\n",
" 'request_uri_parameter_supported': False,\n",
" 'require_request_uri_registration': False,\n",
" 'check_session_iframe': 'https://inrupt.net/session',\n",
" 'end_session_endpoint': 'https://inrupt.net/logout'}}"
]
},
"execution_count": 272,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"local_storage = {}\n",
"local_storage[\"OPENID_CONFIGURATION\"] = resp.json()\n",
"local_storage"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 5 Old"
]
},
{
"cell_type": "code",
"execution_count": 273,
"metadata": {},
"outputs": [],
"source": [
"import cryptography\n",
"from cryptography.hazmat.backends import default_backend\n",
"from cryptography.hazmat.primitives import serialization"
]
},
{
"cell_type": "code",
"execution_count": 274,
"metadata": {},
"outputs": [],
"source": [
"pvt = cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key(public_exponent=65537,\n",
"... key_size=2048, \n",
" backend=default_backend())"
]
},
{
"cell_type": "code",
"execution_count": 275,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"b'-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEA0JXZdLHsbsH+XKRzS2gyoH59iIqk97jQODNIVLBgA6ij+9Z0\\nmoxFMLeRqTBFlFX2ZEy8U0G0Xf1IF1SzMTgjKCIWh2dBoWHWuSB6XZ2TFhwflNiu\\n2j7dTTTnwQwwwSF1HzmGNlfplLLmlWwBDRDPvlwHfedV8lKBXKo6bGI2SDLFVnzE\\ngfDGQbujA7Bf9bSPyZaFAhXMhR7tZbLofFrdZ9i5rVliYL64P7lcFzRoRxTBWEId\\nUnYbUoDvmWuCuTVJIfVw4Jjls8x225hX0akz77QoPWYpS64w1Ml9xBijRrdlgg90\\n2RKniIco9EsSx/r+a+MjiZKf0oX2blAwCLPdhwIDAQABAoIBABcc47G4nXhQar0d\\nQ+FRNHrwSTy+EDWa9wejNxqbSKhfIXygcN9HN8uEK9HRlYQwWlMW5a9cEn5vuHNN\\nYWXM0Kh7zn9Gg9E8JCzzWlvRQCEtEJrPv+BTIvaRLDUKAsUDzhSdrS+MYkel40Mf\\naqZl/H8dd38OCUoGtmrsOfkUkOtC8cDEr9+4FDKwnT+68wWD43qCG+tKCpeN+sJj\\nzEZP05WUMLlv0JfIkr7nzf4gL6tQQt0JRJmpg8mEkiYCMxKP1QRyEs3eeCW7Idoa\\nOkTa+0qbmrSQ4MHc36UuFcWGciGrENObmb4LM76ybl7yVq9/wxnAl/X2wVMdM5lw\\nW8sul9ECgYEA56odrra3LSRVi8I7KyXc74UypvqU8yUURyGTtxWpa/p0i9sUNFge\\nGQb54xku+lgiBFaVSDY0Zr7l9K0zUsqP/L3tJz6KJVV4YRiCRo3/naQfhMTV25TF\\nsHOIhD967Lq7xB3ATcCyuvRKHQVi72s32oVbhKa9Knb5N5r2ywbFU+MCgYEA5n8X\\npFau/XxEvp66RhGpMwrfljT600FsN0egnWjOADgHGmAa8mbHl44b3yeuyYkklBGI\\nrT4qPzi2jxoI6VS0Hnuc3bGGCyqIjf+TaRL4edN7Ed/L1TJxuDeYb8RYETX/EVQU\\nBdRyMS7Y9rvEMa4tuJxMwoqbq5Rtjrgi2f1n6Q0CgYAm0BWRBAPEiGXcuHn5TKqr\\nZoGKAEmcQwYWtMVu0y5DbP7Bv76u1mSUhNqw9bMtNj7cwzTXmF1HKYyVZb9Hi7B8\\nA8YL4Sp7/sngWp7Y+0lsO+cb825xD4fffDvPDGOn7dEvllx1qmdHc05HdnOQ8UG2\\nVslyfA0NZEl0y321njjJSQKBgQC2VmvZcUlU9W1cbixlKatz2XIuXRLe864rvNnu\\nK+5qdegIkWY/w9a4qY6a5cV7YKYzC/vXMIozISYp5iqOipdCVf8t0TV8t9T2n+t4\\n/6zYkteUuDmDGjijxjcsk2Inm1N/3cdJJVqAVdMEvFzkACnjFKIUc5naDbztXfUU\\nBUaiMQKBgQDcpl3Nmje3CV+WVtKYZQSkmjRCrilm9LxMWo1I1UZqCqhR1jIFUgPv\\nCQYKO9GAtTcWpXZuS9nU2b5wLE0+gGqgNyfTTXLoZTYN5Uy3AUnGcwRohtBn+8JB\\n7FgsZ9SLbDhP+Uf6LJmiGG5V2Skdi1/jUY1RriBAI8ZtLqLR3F3xJQ==\\n-----END RSA PRIVATE KEY-----\\n'"
]
},
"execution_count": 275,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"pvt.private_bytes(\n",
"... encoding=serialization.Encoding.PEM,\n",
"... format=serialization.PrivateFormat.TraditionalOpenSSL,\n",
"... encryption_algorithm=serialization.NoEncryption()\n",
")"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 5"
]
},
{
"cell_type": "code",
"execution_count": 276,
"metadata": {},
"outputs": [],
"source": [
"import json\n",
"import pprint\n",
"from jwcrypto import jwk \n",
"key = jwk.JWK.generate(kty='RSA', size=2048)"
]
},
{
"cell_type": "code",
"execution_count": 277,
"metadata": {},
"outputs": [],
"source": [
"private_json = json.loads(key.export_private())"
]
},
{
"cell_type": "code",
"execution_count": 278,
"metadata": {},
"outputs": [],
"source": [
"local_storage[\"RP_PRIVATE_KEY\"] = {\"alg\": \"RS256\", \"ext\":True,\n",
"\t \"key_ops\":[ \n",
"\t \"verify\"\n",
"\t ],\n",
"\t**private_json}"
]
},
{
"cell_type": "code",
"execution_count": 279,
"metadata": {},
"outputs": [],
"source": [
"public_json = json.loads(key.export_public())"
]
},
{
"cell_type": "code",
"execution_count": 280,
"metadata": {},
"outputs": [],
"source": [
"local_storage[\"RP_PUBLIC_KEY\"] = {\"alg\": \"RS256\", \"ext\":True,\n",
"\t \"key_ops\":[ \n",
"\t \"sign\"\n",
"\t ],\n",
"\t**public_json}"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 6"
]
},
{
"cell_type": "code",
"execution_count": 281,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"dict_keys(['OPENID_CONFIGURATION', 'RP_PRIVATE_KEY', 'RP_PUBLIC_KEY'])"
]
},
"execution_count": 281,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"local_storage.keys()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 7"
]
},
{
"cell_type": "code",
"execution_count": 282,
"metadata": {},
"outputs": [],
"source": [
"resp = requests.request(\n",
" method = \"GET\",\n",
" url = local_storage[\"OPENID_CONFIGURATION\"][\"jwks_uri\"]\n",
")"
]
},
{
"cell_type": "code",
"execution_count": 283,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"{'keys': [{'kid': 'vZiCddeHlt4',\n",
" 'kty': 'RSA',\n",
" 'alg': 'RS256',\n",
" 'n': '1KZEoHz8tZQYw3re00FOsKGx79xr5tIIf1CB5qcv06x9an1pBCETG_g5LcRq5XtNYdpq1MtbLoustBJu3TgM2A1Q6kHpy-jvFtlJPrp62HQXT-m3NEb4IRfOT57HLgTFSP6bsfTKohPLOdU1ldYI0FPhjOn1FDQLxI1V5I9nYEJxXEaMss_qoymCQli0VpBWInSPcvd0N9KCuol9-ctcXRwSU4okZgrTjEBm3hIgy6BsgT-BIFI_J8yuuM8AKDcWH0vk_jN9f08Ja9kJJo6D7susYP2tbEf7XUEg-hCS3NA03jj-MRqS6LMN8OEOrPplkF5UR8tKcBhlaMl-wFYTqQ',\n",
" 'e': 'AQAB',\n",
" 'key_ops': ['verify'],\n",
" 'ext': True},\n",
" {'kid': 'oW_CA4sBaig',\n",
" 'kty': 'RSA',\n",
" 'alg': 'RS384',\n",
" 'n': '56WQ9K_Om_x2hN3l-IwBXDhlFqO4NgfNS_e-BuRfDM79cC9aLCvB-yc_fCEgZH_Mfcb-UU4yLN7Gvyafgv4jnx16AVRIIG2StrbC0ehM5QXaDHY0H7yu9S2YOiRpC9eSK39BZ0IfwKXX9BcENBQPJDz15Kmk4dRCu_LzHOQXJtQ37sQzdNC0wnUsTYFWATMhQfblY_wHI2WFGbXh_2yScMoYIwckDEmVaZsG53XJ9fdWbYFZr35L10f5_kvbG_9eEMWbVcmKny4Zp7-WZRB7kdUSYwmP2UAmUWPfk-U9haBBxcc1uqkaUwpwj3uHFh7Qf_DbDPxrEZ353jET9kYJrQ',\n",
" 'e': 'AQAB',\n",
" 'key_ops': ['verify'],\n",
" 'ext': True},\n",
" {'kid': 'q-YVIxbiQjk',\n",
" 'kty': 'RSA',\n",
" 'alg': 'RS512',\n",
" 'n': 't19Mfx6axVZEqwGppeC9snVjoGhfc2rfO_NGkCqOGn6d37RlZ1p5d1sUKVNFH4cs3MdUE7D2rji9uwt1pVq8cbvP6ERYzEe8NPykHKTqIabgi866Y8IQjsBHtnLQw2imiwX18O14f-SMrV4-VMtydTUDv9h1ELbJZmhW2ELdWJedMqGsnmP7cRhEh0LwF9lNQt9sY66_4kFwA64_pY6AQM6evzQ3mAlr5ObvWWnZ9_hBRBTntKpVM6FdeCTA3d_vO-vHacQu6RlSs3Ek0QCmbdhI9XMKE06HezcKFe-Fl3v9QIBWT4PZEAQImIbx3Kr5RRuipnRxVaN3j_0zIVi21Q',\n",
" 'e': 'AQAB',\n",
" 'key_ops': ['verify'],\n",
" 'ext': True},\n",
" {'kid': 'qbwrxeppWL0',\n",
" 'kty': 'RSA',\n",
" 'alg': 'RS256',\n",
" 'n': 'zVvZy8R7TebO2zTPYGXd8fkupjSJUhVpqNSmV1twT2G3heNKTG2byl1ZjkjNO5ePeg22c7v6zg1P1S7TwMAUmh2zHVnylnumLzMu3fWwrRYLPXSE8GGbscLLmlULnIKDaaHxUpCJ0gj4Cm_FWlmdT7_Pq9R4Q_qh3clAcP-LV7HDjeEH5UDN1SKPlTa01WeNYGeJ8JPqX0yDHgAYqzTGuZsAi-k6ucPrufZctAtKfpzmv3o4MlkFdn_qLEi3NZMgWNc5b5noDRhBl_V38X-9vU_guB9u0hDnH4uY0PntdhjBt0bACAx4c4_9ia7aNpX6ew-__AiRn4hqdcO41cnZoQ',\n",
" 'e': 'AQAB',\n",
" 'key_ops': ['verify'],\n",
" 'ext': True},\n",
" {'kid': 'rLcRkHrEwws',\n",
" 'kty': 'RSA',\n",
" 'alg': 'RS384',\n",
" 'n': 'ymoSZbJUxXZYq1tdcWUQeARKVRsgqz3UvtJNuMjUk3n5FNmutcjaLdol7ppZ20mp7VE_2DQoHo3gbYqFqghy88a8-JQzw-sC2cFwi19QZf46JMuebn7eSxC4UxLg-Jh9m8cazpySMImhOePAu8wYjhrmegdm-yftdNNNpr8JoQahTTQvIHupXbkrShFEcutXGDYUnh2Ny52JiKz-AxHRIsOkbxf3552gCVpV9z-cnRxsVQHRJ3QA0PQWNUq2YnyhxLgFTORn8h8ZOTO2nbsN89aLvd0WbnMkWGlJ1Yd8PuvpBnFf67EWHgXuvhquuAfwXtBYbxhhoXIy9Rj64QVG2w',\n",
" 'e': 'AQAB',\n",
" 'key_ops': ['verify'],\n",
" 'ext': True},\n",
" {'kid': '4mCUpCQaVW0',\n",
" 'kty': 'RSA',\n",
" 'alg': 'RS512',\n",
" 'n': '3Gbu8oBdvUyHZdf9epGxycV09wlIYl1yLmzdW9Spe1LkDNEHkVTGynRPPu81nwdHjB0ugpD-1UaxoyhK73TWouHEMwQbiRrUNd2bv_-XReLvbX5uKusABrkx3RS0lGgJnhsdJib_I2zAJkoZlWBNxL1OLqe0sTC8jTh56Gji1-HHYzET7VJjokGDswRw2GCbc9TzMBV3BEDFXu5-LGrBzPBigW-rnngipL23AM2q7zzZZhXGvtJ0ldyqPZBjPEP5aCaiPcxbHNpzXirYiF5jp6pusNE60hpIWyV_-K6MkeQtYu2gijnYaczvvTDSpXkDFJU9bANuWcmrfGWd688ihQ',\n",
" 'e': 'AQAB',\n",
" 'key_ops': ['verify'],\n",
" 'ext': True},\n",
" {'kid': 'OghWZ4Y91k4',\n",
" 'kty': 'RSA',\n",
" 'alg': 'RS256',\n",
" 'n': '0hfr7Bulk-_94FsDFO9FQG3zKbwTkuaEj0YQwKuHf8v1Rqmd9BYrE9O9fGHR9XMEQDLKwSaU0druRB_S_gFzX9pgDKKpPWmPbUxNpubu9u-LX5JLwelog8bsw_glHTbFoJNpxIKfM-GGHScrkbQkzQ9G2B3242Pb5GpiZPVMvBOuiRex58pD_G1TY8oyQe4LusTRm8xvyRgOfkrSYnNFI4c_PzVt25UpIzpnaCv4SkZPNcgDXHIlAjMyHEv6isJ_v7gSmw9m8uNfb_SUP1l85zzFnkB7xVaprYDKiX-_G_cmTPjRMWh3iGsNLsaL22VmQypPBaVeFNANYC0rX73P4Q',\n",
" 'e': 'AQAB',\n",
" 'key_ops': ['verify'],\n",
" 'ext': True}]}"
]
},
"execution_count": 283,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"resp.json()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 8"
]
},
{
"cell_type": "code",
"execution_count": 284,
"metadata": {},
"outputs": [],
"source": [
"local_storage[\"OP_JWKS\"] = resp.json()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 9"
]
},
{
"cell_type": "code",
"execution_count": 285,
"metadata": {},
"outputs": [],
"source": [
"data = {\n",
"\t \"grant_types\": [\"implicit\"],\n",
"\t \"issuer\": \"https://inrupt.net\",\n",
"\t \"redirect_uris\": [\"http://localhost:8888/tree/\"], # what happens with localhost\n",
"\t \"response_types\": [\"id_token token\"],\n",
"\t \"scope\": \"openid profile\"\n",
"\t}"
]
},
{
"cell_type": "code",
"execution_count": 286,
"metadata": {},
"outputs": [],
"source": [
"resp = requests.request(\n",
" method = \"POST\",\n",
" url = local_storage[\"OPENID_CONFIGURATION\"][\"registration_endpoint\"],\n",
" json = data\n",
")"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 10"
]
},
{
"cell_type": "code",
"execution_count": 287,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"<Response [201]>"
]
},
"execution_count": 287,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"resp"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 11\n"
]
},
{
"cell_type": "code",
"execution_count": 288,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"{'client_id': '63eeefcd2b98fee23ffbd2461128a17d',\n",
" 'redirect_uris': ['http://localhost:8888/tree/'],\n",
" 'response_types': ['id_token token'],\n",
" 'grant_types': ['implicit'],\n",
" 'application_type': 'web',\n",
" 'id_token_signed_response_alg': 'RS256',\n",
" 'token_endpoint_auth_method': 'client_secret_basic',\n",
" 'frontchannel_logout_session_required': False,\n",
" 'registration_access_token': 'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2lucnVwdC5uZXQiLCJzdWIiOiI2M2VlZWZjZDJiOThmZWUyM2ZmYmQyNDYxMTI4YTE3ZCIsImF1ZCI6IjYzZWVlZmNkMmI5OGZlZTIzZmZiZDI0NjExMjhhMTdkIn0.JyqJ2PKSCqFny3p-xdOX5ePZPAKn72-tPiZYb44lZP7w7QeV3ZG8yBAnn6zldIBeeTQKcHKP9485bX27rP5LvVhEGnk7hyccCVqYK4DY8ubNTvczmeHp5XkQkkBtseJjrueSL16_KvI1z2VGVNWuQHIp_yVi_edMLip0DUuNsQrQzetOukm92TwySxvwaUCAKvonQPI0UFz4OnYG39B-t6xGyDCWm9cw2mPfwUW7yn5Qe6ql7dsg1Lv_ErmSgJkeWKLdJ4Sa2qhGYsN5SVq3Pdl4RTpjYjzryCSYaZyNuULBebg-ae8_u0pcIV1fbRniwhHvg7WPgvfCLa9V-7quBg',\n",
" 'registration_client_uri': 'https://inrupt.net/register/63eeefcd2b98fee23ffbd2461128a17d',\n",
" 'client_id_issued_at': 1562488156}"
]
},
"execution_count": 288,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"resp.json()"
]
},
{
"cell_type": "code",
"execution_count": 289,
"metadata": {},
"outputs": [],
"source": [
"local_storage[\"CLIENT_REGISTRATION_RESPONSE\"] = resp.json()"
]
},
{
"cell_type": "code",
"execution_count": 290,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"dict_keys(['OPENID_CONFIGURATION', 'RP_PRIVATE_KEY', 'RP_PUBLIC_KEY', 'OP_JWKS', 'CLIENT_REGISTRATION_RESPONSE'])"
]
},
"execution_count": 290,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"local_storage.keys()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## 12"
]
},
{
"cell_type": "code",
"execution_count": 291,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"'009bb7ee4ce14f3a8106da05d05a41da'"
]
},
"execution_count": 291,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"import uuid\n",
"nonce = uuid.uuid4()\n",
"nonce.hex"
]
},
{
"cell_type": "code",
"execution_count": 292,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"{'redirect_uri': 'http://localhost:8888/tree',\n",
" 'display': 'page',\n",
" 'nonce': '009bb7ee4ce14f3a8106da05d05a41da',\n",
" 'key': {'alg': 'RS256',\n",
" 'ext': True,\n",
" 'key_ops': ['verify'],\n",
" 'e': 'AQAB',\n",
" 'kty': 'RSA',\n",
" 'n': 'pdd1au_TtQ-PY7tkjIN6hshuftLNQYBEXwKVt0aPElAF1g0Yg2Bgp-bpWNKHNpyyft7jTDsoMocBbAmCoo6lDRI7FC9Xlgle00RIy4jxZJAXyeCtbvoIMore2iY8BQ6S4ycys4knNzKyeO16AsFuAtPg3KAukONVgSJJzm7dWo3Hs7swK6dGH3thMFZMk27Z6ybQOwrUdMIlHYcqzAcVufUaNrn_zGI8qTuxc4T_9KIR4zA1DuM0pM-sLZr8PnHzsXkGT0yklfHrvSAzVLK-1n-l7KCWoz4pA2I_sRsrb7D7d_yF8zj9KbYo-CX9R9MjNdEltUrYYKzr5luKa1O0jQ'}}"
]
},
"execution_count": 292,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"raw_request = {\n",
" \"redirect_uri\": \"http://localhost:8888/tree\",\n",
" \"display\": \"page\",\n",
" \"nonce\": nonce.hex,\n",
" \"key\": local_storage[\"RP_PUBLIC_KEY\"]\n",
"}\n",
"raw_request[\"key\"][\"key_ops\"] = ['verify']\n",
"raw_request"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Extract `RP_PRIVATE_KEY` as `PEM`"
]
},
{
"cell_type": "code",
"execution_count": 293,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"{'alg': 'RS256',\n",
" 'ext': True,\n",
" 'key_ops': ['verify'],\n",
" 'd': 'FoQ0WvqI4fJk44OT2UgYoKgh6HIykAwcPFIbhbC8yB25TSCmDWBOfz1ovTiIRy_rRDJ65eS6RnHyDXsVE4EOg8HP56Ot3p8TEtgYkhnbvG2b7TrmEUU9S69zJmc-iuk5pEG0LpAWlPX7KVQE1s7wYs3ln87Xw7A58bh4EOEYiKyzUrG9XUNdqI933mZSwD5WBw0s5gLqm6sUl91kcI-wqnVJr7QNoUO_XXSFKHnd_KYGwBKDiCUT7863yrabdjrpwcF9d_cWseizscQm4bOyWlRdCywwEmkAdZu63ockTbzIUqmf1J76NfkBAs6I5r2vxqeOXOpxTlJy3Wpy8KulwQ',\n",
" 'dp': 'Rq3pyHuS6E6kWSYR-G-ZJWj6FKxs6pNUJ5Q8MxEJobceHNZEmB12Sq2yH32lOO65fciFXTiHWdG8Weut24XrVFxgVRoTBmSW2KaX27O8UljkX6kwNx-kG_q6kWsae791DRdlC5QXXzFtUknKWCeOz9Y2h_gAREGQRMvFp_SXPIE',\n",
" 'dq': 'AexqsO8OeM-hH7HFFT55pUTBxaeqYRRPKXcTBxf_JQx7jNV6iOTG3FlhXWiJ0MySpMEDmTkCs4ixMgBL6E0K4YGoL-2Y8MfBhC2aALNGiGUmScEV2IbJfXTr6NvdL6H2uN7gZs8oBlaSqU3EZiw_agPmeohCSg90ZEdGSkRpDD0',\n",
" 'e': 'AQAB',\n",
" 'kty': 'RSA',\n",
" 'n': 'pdd1au_TtQ-PY7tkjIN6hshuftLNQYBEXwKVt0aPElAF1g0Yg2Bgp-bpWNKHNpyyft7jTDsoMocBbAmCoo6lDRI7FC9Xlgle00RIy4jxZJAXyeCtbvoIMore2iY8BQ6S4ycys4knNzKyeO16AsFuAtPg3KAukONVgSJJzm7dWo3Hs7swK6dGH3thMFZMk27Z6ybQOwrUdMIlHYcqzAcVufUaNrn_zGI8qTuxc4T_9KIR4zA1DuM0pM-sLZr8PnHzsXkGT0yklfHrvSAzVLK-1n-l7KCWoz4pA2I_sRsrb7D7d_yF8zj9KbYo-CX9R9MjNdEltUrYYKzr5luKa1O0jQ',\n",
" 'p': '0yo0i1wAazLAC1M47wa9lZdtlIW2suKrWqjX8Hg2Xn3ZxHxgJP7cbjbcHa_DZCFzuo_Qo4vpD2rg8_TjJETLdqkKeU5VJu17ZJ1qRfhwGyLPLYhOzTWI0X3t17vMK5949SDjdzy4Vf8GlCfre6JYaEBOxthS3Lr27LibNkUULdk',\n",
" 'q': 'yQ25giSA93ead5YpPknbJiK4t4CgWuwXlsG7ea5wTJtlYtGa5S4JcTIac-pzr1EF2XsKTdMOgzkM8K-HY5pov00K2sHiwdDCUh14kd_XCULUrn5oXVlsTBxSYrbvDfFyQSnBz6QQ8SMc8EBjmV_Hw0rrWoi0mJji5vU1TKMJp9U',\n",
" 'qi': 'NKicn1kG04s5IkW21WHTzozQf8S8iDMhcBjjIRSIW0cz7H_QbVoRfNoxTpS1brbwsvU8My6RuqGo3aQpDbwa1pK-tBz0RM2sgqY1ERCno20fPqYSzP6SdQl1Lv2B03Ilzx7CZyB4yRqlXup0ayYNgSFEt6eRyhLVhu-D7WMdPzU'}"
]
},
"execution_count": 293,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"\n",
"local_storage[\"RP_PRIVATE_KEY\"]"
]
},
{
"cell_type": "code",
"execution_count": 294,
"metadata": {},
"outputs": [],
"source": [
"rehydrate = jwk.JWK.from_json(json.dumps(local_storage[\"RP_PRIVATE_KEY\"]))"
]
},
{
"cell_type": "code",
"execution_count": 295,
"metadata": {},
"outputs": [],
"source": [
"rehydrated_private = rehydrate.export_to_pem(private_key=True, password=None)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Form JWT using private PEM and request above"
]
},
{
"cell_type": "code",
"execution_count": 296,
"metadata": {},
"outputs": [],
"source": [
"import jwt\n",
"request_jwt = jwt.encode(raw_request, rehydrated_private, algorithm=\"RS256\")"
]
},
{
"cell_type": "code",
"execution_count": 297,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"'63eeefcd2b98fee23ffbd2461128a17d'"
]
},
"execution_count": 297,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"local_storage[\"CLIENT_REGISTRATION_RESPONSE\"][\"client_id\"]"
]
},
{
"cell_type": "code",
"execution_count": 298,
"metadata": {},
"outputs": [],
"source": [
"resp = requests.request(\n",
" url = \"https://inrupt.net/authorize\",\n",
" method = \"GET\",\n",
" params = {\n",
" \"scope\": \"openid\",\n",
" \"client_id\": local_storage[\"CLIENT_REGISTRATION_RESPONSE\"][\"client_id\"],\n",
" \"response_type\": \"id_token token\",\n",
" \"request\": request_jwt\n",
" }\n",
")"
]
},
{
"cell_type": "code",
"execution_count": 299,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"<Response [500]>"
]
},
"execution_count": 299,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"resp"
]
},
{
"cell_type": "code",
"execution_count": 300,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"'https://inrupt.net/authorize?scope=openid&client_id=63eeefcd2b98fee23ffbd2461128a17d&response_type=id_token+token&request=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0Ojg4ODgvdHJlZSIsImRpc3BsYXkiOiJwYWdlIiwibm9uY2UiOiIwMDliYjdlZTRjZTE0ZjNhODEwNmRhMDVkMDVhNDFkYSIsImtleSI6eyJhbGciOiJSUzI1NiIsImV4dCI6dHJ1ZSwia2V5X29wcyI6WyJ2ZXJpZnkiXSwiZSI6IkFRQUIiLCJrdHkiOiJSU0EiLCJuIjoicGRkMWF1X1R0US1QWTd0a2pJTjZoc2h1ZnRMTlFZQkVYd0tWdDBhUEVsQUYxZzBZZzJCZ3AtYnBXTktITnB5eWZ0N2pURHNvTW9jQmJBbUNvbzZsRFJJN0ZDOVhsZ2xlMDBSSXk0anhaSkFYeWVDdGJ2b0lNb3JlMmlZOEJRNlM0eWN5czRrbk56S3llTzE2QXNGdUF0UGczS0F1a09OVmdTSkp6bTdkV28zSHM3c3dLNmRHSDN0aE1GWk1rMjdaNnliUU93clVkTUlsSFljcXpBY1Z1ZlVhTnJuX3pHSThxVHV4YzRUXzlLSVI0ekExRHVNMHBNLXNMWnI4UG5IenNYa0dUMHlrbGZIcnZTQXpWTEstMW4tbDdLQ1dvejRwQTJJX3NSc3JiN0Q3ZF95Rjh6ajlLYllvLUNYOVI5TWpOZEVsdFVyWVlLenI1bHVLYTFPMGpRIn19.Nzncetjm0a20s96F-F-hfRaHJGEBkvHa0HWX1eRzi_1M6B4JPRk6D6L6AEgoGtzw8fmpqjCOpb1G8TpYQeljw8O-fz2T1embcIaq--uuVY0eYEVNj_FE65224d_pbEu0tjdCLB84QayrTeRwSOEzl27iqcxBYTJq9XmXYvZP4zCgMnrauxxEWyWpXXKpjNGbexhGkmWOOw9dwMaSzQvGFA4j8LFB2As0L9_PRadnD6Y2ZI0NQc4sM2k5CZpNN0LsA-lfrBe4Wli47f65sMJ4s2eZghxXqHlND6FpX4zpzNO8aUaK7AIlmTM2nkrL3qXCPWriQD5CLsIyG_P5DfyXCQ'"
]
},
"execution_count": 300,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"resp.url\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": []
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.6.8"
}
},
"nbformat": 4,
"nbformat_minor": 2
}
@SimonShapiro
Copy link
Author

SimonShapiro commented Jul 7, 2019
edited
Loading

In this notebook I have recorded all the steps up to the failing step 12 from (the Solid application authentication spec)[https://github.com/solid/webid-oidc-spec/pull/27/files].

Steps 2b simply shows that the NSS does not send the issuer as part of the content, using the Link instead.

Also, Step 5 Old get a private key in PEM format, but doesn't use it: rather step 5 below that is used.

@zenomt
Copy link

zenomt commented Jul 7, 2019

mentioned in gitter: your JWT needs to use "alg":"none" instead of "alg":"RS256" (that'll fix the 500), and your redirect_uri in the request doesn't match the one you registered (registered "http://localhost:8888/tree/", using "http://localhost:8888/tree"). try

curl -v 'https://inrupt.net/authorize?scope=openid%20profile&client_id=63eeefcd2b98fee23ffbd2461128a17d&response_type=id_token%20token&request=eyJhbGciOiJub25lIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0Ojg4ODgvdHJlZS8iLCJpc3MiOiI2M2VlZWZjZDJiOThmZWUyM2ZmYmQyNDYxMTI4YTE3ZCIsImRpc3BsYXkiOiJwYWdlIiwibm9uY2UiOiIwMDliYjdlZTRjZTE0ZjNhODEwNmRhMDVkMDVhNDFkYSIsImtleSI6eyJhbGciOiJSUzI1NiIsImV4dCI6dHJ1ZSwia2V5X29wcyI6WyJ2ZXJpZnkiXSwiZSI6IkFRQUIiLCJrdHkiOiJSU0EiLCJuIjoicGRkMWF1X1R0US1QWTd0a2pJTjZoc2h1ZnRMTlFZQkVYd0tWdDBhUEVsQUYxZzBZZzJCZ3AtYnBXTktITnB5eWZ0N2pURHNvTW9jQmJBbUNvbzZsRFJJN0ZDOVhsZ2xlMDBSSXk0anhaSkFYeWVDdGJ2b0lNb3JlMmlZOEJRNlM0eWN5czRrbk56S3llTzE2QXNGdUF0UGczS0F1a09OVmdTSkp6bTdkV28zSHM3c3dLNmRHSDN0aE1GWk1rMjdaNnliUU93clVkTUlsSFljcXpBY1Z1ZlVhTnJuX3pHSThxVHV4YzRUXzlLSVI0ekExRHVNMHBNLXNMWnI4UG5IenNYa0dUMHlrbGZIcnZTQXpWTEstMW4tbDdLQ1dvejRwQTJJX3NSc3JiN0Q3ZF95Rjh6ajlLYllvLUNYOVI5TWpOZEVsdFVyWVlLenI1bHVLYTFPMGpRIn19.'

next step, which will be hard without a browser, is logging in in the UI and getting a cookie.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment