1 files changed, 42 insertions, 0 deletions

diff --git a/auth-server-poc/src/app.py b/auth-server-poc/src/app.py
new file mode 100644
index 0000000..443eded
--- /dev/null
+++ b/auth-server-poc/src/app.py
@@ -0,0 +1,42 @@
+from flask import Flask, request
+from flask_restful import Api, Resource
+from flask_jwt_extended import create_access_token, JWTManager
+from flask_cors import CORS
+
+app = Flask(__name__)
+cors = CORS(
+    app,
+    resources={r"/api/*": {"origins": "*"}},
+    expose_headers=["Content-Type", "Authorization", "X-Total-Count"],
+)
+api = Api(app, prefix='/api/v1.0')
+jwt = JWTManager(app)
+
+PEM_PRIVATE = '/opt/auth-server-poc/cert/private.pem'
+PEM_PUBLIC = '/opt/auth-server-poc/cert/public.pem'
+
+app.config['JWT_PRIVATE_KEY'] = open(PEM_PRIVATE).read()
+app.config['JWT_PUBLIC_KEY'] = open(PEM_PUBLIC).read()
+app.config['JWT_ALGORITHM'] = 'ES256'
+app.config['JWT_IDENTITY_CLAIM'] = 'sub'
+app.config['JWT_ACCESS_TOKEN_EXPIRES'] = False
+
+
+class AuthApi(Resource):
+    def post(self):
+        additional_claims = {"type": "access", "domains": ["sunet.se"]}
+        access_token = create_access_token(
+            identity=request.environ.get('REMOTE_USER'),
+            additional_claims=additional_claims,
+        )
+        return {'access_token': access_token}, 200
+
+
+@app.route('/')
+def index():
+    return "<p>Username: {}</p><p>Auth type: {}</p>".format(
+        request.environ.get('REMOTE_USER'), request.environ.get('AUTH_TYPE')
+    )
+
+
+api.add_resource(AuthApi, '/auth')