added support for client_credentials before password flow which is downgraded to backup

3 years ago · 1253174c74
parent 11716f0d4d
commit 1253174c74
1 changed files with 18 additions and 2 deletions
--- a/roles/pep/templates/pep.js.j2
+++ b/roles/pep/templates/pep.js.j2
@ -155,11 +155,27 @@ function requestToken(context){
      if (reply.status === 200) {
        var response = JSON.parse(reply.responseBody);
        context.authn.token = response.access_token
-        context.authn.verified_token = 
+        context.authn.verified_token =
          JSON.parse(Buffer.from(context.authn.token.split('.')[1], 'base64url').toString())
        return context
+      } else if (reply.status === 401){
+        var options = {
+          "body" : "grant_type=password&username="+context.authn.user+"&password="+context.authn.password
+        }
+        return context.request.subrequest("/jwt_request", options)
+          .then( reply=>{
+            if (reply.status === 200) {
+                var response = JSON.parse(reply.responseBody);
+                context.authn.token = response.access_token
+                context.authn.verified_token =
+                        JSON.parse(Buffer.from(context.authn.token.split('.')[1], 'base64url').toString())
+                return context
+            } else{
+               throw new Error("Unauthorized " + reply.status)
+            }
+          })
      } else {
-        throw new Error("Unauthorized")
+        throw new Error("Unauthorized " + reply.status)
      }
    })
 }