|
1 | | -from typing import Any |
| 1 | +from typing import Any, Optional, Union |
2 | 2 |
|
3 | 3 | from .base import AuthenticationBase |
4 | 4 |
|
| 5 | +import json |
| 6 | + |
5 | 7 |
|
6 | 8 | class BackChannelLogin(AuthenticationBase): |
7 | 9 | """Back-Channel Login endpoint""" |
8 | 10 |
|
9 | 11 | def back_channel_login( |
10 | | - self, binding_message: str, login_hint: str, scope: str, **kwargs |
| 12 | + self, |
| 13 | + binding_message: str, |
| 14 | + login_hint: str, |
| 15 | + scope: str, |
| 16 | + authorization_details: Optional[Union[str, list[dict]]] = None, |
| 17 | + **kwargs |
11 | 18 | ) -> Any: |
12 | 19 | """Send a Back-Channel Login. |
13 | 20 |
|
14 | 21 | Args: |
15 | 22 | binding_message (str): Human-readable string displayed on both the device calling /bc-authorize and the user’s |
16 | 23 | authentication device to ensure the user is approves the correct request. |
17 | 24 |
|
18 | | - login_hint (str): String containing information about the user to contact for authentication. |
| 25 | + login_hint (str): A JSON object containing user details for authentication in the iss_sub format. |
19 | 26 |
|
20 | 27 | scope(str): "openid" is a required scope.Multiple scopes are separated |
21 | 28 | with whitespace. |
22 | 29 |
|
23 | | - **kwargs: Other fields to send along with the PAR. |
| 30 | + authorization_details (str, list of dict, or dict, optional): JSON string or dictionary representing |
| 31 | + Rich Authorization Requests (RAR) details to include in the CIBA request. |
| 32 | +
|
| 33 | + **kwargs: Other fields to send along with the request. |
24 | 34 |
|
25 | 35 | Returns: |
26 | 36 | auth_req_id, expires_in, interval |
27 | 37 | """ |
28 | | - return self.authenticated_post( |
29 | | - f"{self.protocol}://{self.domain}/bc-authorize", |
30 | | - data={ |
| 38 | + |
| 39 | + data = { |
31 | 40 | "client_id": self.client_id, |
32 | 41 | "binding_message": binding_message, |
33 | 42 | "login_hint": login_hint, |
34 | 43 | "scope": scope, |
35 | 44 | **kwargs, |
36 | | - }, |
| 45 | + } |
| 46 | + |
| 47 | + if authorization_details is not None: |
| 48 | + if isinstance(authorization_details, str): |
| 49 | + data["authorization_details"] = authorization_details |
| 50 | + elif isinstance(authorization_details, (list, dict)): |
| 51 | + data["authorization_details"] = json.dumps(authorization_details) |
| 52 | + |
| 53 | + data.update(kwargs) |
| 54 | + |
| 55 | + return self.authenticated_post( |
| 56 | + f"{self.protocol}://{self.domain}/bc-authorize", |
| 57 | + data = data, |
37 | 58 | headers={"Content-Type": "application/x-www-form-urlencoded"}, |
38 | 59 | ) |
0 commit comments