Test refresh_token

mail@pastecode.io avatar
unknown
plain_text
6 months ago
5.5 kB
3
Indexable
Never
# Test

from urllib.parse import urlencode, quote
import http.cookies as cookies
from jose import jwt
from jose.exceptions import *
import http.client 
import base64
import boto3
import json
import hmac 
import hashlib

cognito_user_pool_id    = "us-east-1_u5c3GmmKE"
cognito_client_id       = "2vm2fhicgfrdksjr4ka87enso1"
cognito_client_secret   = "k79ggnf9uhu9ls1f3vkhiritrc2prm5ns0bmd3ti777gvktp4e8"
cognito_user_pool_url   = "https://stylcoggoogle.auth.us-east-1.amazoncognito.com"
cloudfront_domain_name  = "https://d2z2rc8j78yv4c.cloudfront.net"
cognito_idp_domain      = "cognito-idp.us-east-1.amazonaws.com"

def generate_secret_hash(A, B) :
    credentials = A + B
    secret_hash = hmac.new(
        cognito_client_secret.encode('utf-8'), credentials.encode('utf-8'), hashlib.sha256
    ).digest()

    secret_hash_base64 = base64.b64encode(secret_hash).decode()
    return secret_hash_base64
    

def get_key(access_token) :
    jwks_url = f"/{cognito_user_pool_id}/.well-known/jwks.json"
    
    conn = http.client.HTTPSConnection(cognito_idp_domain)
    conn.request("GET", jwks_url)
    
    response = conn.getresponse().read().decode('utf-8')
    jwks_data = eval(response)

    header = jwt.get_unverified_header(access_token)
    header_kid = header['kid']

    for item in jwks_data['keys']:
        if (item['kid'] == header_kid) : return item

def refresh_access_token(refresh_token) :
    cognito_client = boto3.client("cognito-idp")
    response = cognito_client.initiate_auth(
        AuthFlow = 'REFRESH_TOKEN_AUTH',
        AuthParameters = {
            'REFRESH_TOKEN' : refresh_token,
            'SECRET_HASH' : generate_secret_hash("Google_117727834150775985850", cognito_client_id)
        },
        ClientId = cognito_client_id
    )

    return response['AuthenticationResult']['AccessToken']

access_token = "eyJraWQiOiJtVkhPeGJYek0rdjlCV056WmlvdmRncVkwK3FISlVMVmdrdXM2Zm9XWmhJPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIyYTExZGU3Ny03ZjY5LTRhMTAtYmRjZC0wYzA1MzIwNWNmYTYiLCJjb2duaXRvOmdyb3VwcyI6WyJ1cy1lYXN0LTFfdTVjM0dtbUtFX0dvb2dsZSJdLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV91NWMzR21tS0UiLCJ2ZXJzaW9uIjoyLCJjbGllbnRfaWQiOiIydm0yZmhpY2dmcmRrc2pyNGthODdlbnNvMSIsIm9yaWdpbl9qdGkiOiI2OGY3M2JlMy1iZWUxLTQ0NDUtOTRmOS02YTU2MGQ3NmU0Y2MiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIG9wZW5pZCBwcm9maWxlIGVtYWlsIiwiYXV0aF90aW1lIjoxNjk2MzkyNDY3LCJleHAiOjE2OTYzOTI3NjcsImlhdCI6MTY5NjM5MjQ2OCwianRpIjoiYTg5Zjg4ZDAtMTliZS00ZjgxLTlmZjQtZDQxZTI5YWI1NzQ4IiwidXNlcm5hbWUiOiJHb29nbGVfMTE3NzI3ODM0MTUwNzc1OTg1ODUwIn0.pJmoqcj-H0WxZ6cLFHJLjaXkmt0zR_B__jUIAsIP4dFvA72BpVsQOqerrB4y_U1iKKtboQQOAKVO5fdTpWIwp39mW90aOLnMH_rqUT6fGlA7P85SbuAR2OV9nSIBMWFSwXKw7CyqCJjjBz9l_e03rz0bgauFxeIG0Vk1Ipo-pef-24dZNt5hviRKpu3jMiXUahEgCOyIihJItB2KNmIJ0HJdTf1yhsS53Wr_HqThInQR_b_J4LpAvbZSXQS2Sw7SGrXrEU7cl_VRZWMRxchd6F5s-5fkfqZ1X-JYZMjo13IxUvbPJYJkzuCvddtBiZl5mXWENj8MvopOdasKutYIlA"
refresh_token = "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.HYOuGb6MEOpPlGiGDSx0KnH0iLJhcracQM6UY9DL_u0VMMAZjPDAEc9P7KYv2L-ztX84BQhWMMvYKv2XSwj_87F3mKFmotsiUJ8A0troCY-3TW1AEiXM2cs2UrPUqqwEODtUF93w4TlmXcaWB0KCnewitGlXc95yALiy1ZCNJijrYCVF-tG-9LcPf-PRPnJvIqphoDx7TRoXi4SEHPjih1qs4E3gRF4Kwy571k_uk3HYAiIwJnJaWvk70N0PEaJKCnsgNN8Od1c-l5E4wIY_iWw4GoO-9pmkN-QdF1525PTmYVymACnapsRPBe0nIS66E4FIWHOIYcZNVhHwf1nkkQ.xpaD1CYQNJatGNDe.f2FZT1dNd9pq26eNCqR3MfzRN4nPWB6JT26OAA7XnOvPQttU6jLLo-7SGdR2A9HkHBO8TmYrAe4YZAUqULrjMW3zk_iXm4dXmJVACnkqW7XWPfse-RHJoKbKI4Cl5FKtIBX36GwAUFDe8-EOUEOFutzk0CGx5DPzz8PecF6CzRs3oX8owlI5OA0KqeTFitANw4B54jGK4n4zi4kCJwJi8l0g0XLzNSFfD1LMW-zyjEkndhivNxzl5r8pD3bU0YXVQC5MgW5oZhylulqakzNeRhIJPcsLm7SWovI3iFbtxyxl2hZl6yhYLmjwts8tJtdM9N5aK1Y8Oi92NdsFxO-tSnVgThbPEkO08SRzmNYu8VZlyeFPxvKw2j88t36wyp1aZQ87okiyF_Qv9RCxlr1CrZD_s--Xb8jGC4zsS2Wq2mxpjnWSC4n1nk36zIXynnzSzuvvoC5C51lRZDs7MgZq85bKa4RjzbFs0uUSA_uJ6B4rh1iIpohhpSEjTHiaSSo_TsiQ2FcqHjdlL6_xLkCYvD4mog6dYSDngD70UdS4yhwpbkYFfzJScXOnK9ZElC_WiS4l3flDgIhMr1PQWrfUMeEePIeEqhw5op-RoM5RXnGH1A8ZTpOwh3PT7EWc9wIaRkr6e4o9aa2H4c4KM-C7Ajjn5UBxGj6rYUH0_ay_bzKbvp_mJ-DUb1v70vCfXpYQNlo9lem_7yCmSIPb8NOV4tYvD9f9opUYFCUn5FrVwSn4IW7dCQ1WG2PpeAdhRtdFQq8KcZJlCBE120siC6pKFrYxyeZAoUsvUCKB3KksbgrXJUULzbzqAGDhKYVa07eOwR8Dsu6Wo7yJOxFQVDh1vFobHN-O8eFFTthSVgpRHy7AFFoARdNBouiMw0R-QZxcnO3w_YIXFtbM591Xzjs1i_XQyUEPmhG7DgH1ddC4X-_9wV309xO4wA9OYQWStX9rs2nsKnaZCfbPcbg_IomAfiux46zybvH1jHk57SIHiGUUv_tWZs5x8EFYKgnw73X6WCokBK-KoZWVfXPBXD-PdnKGPjr_iuuuoOFxl6QHOXWr0cyR21UoZWLB4Dy-uFEeGliUstY3Kdl0bfo4xv1Eyt3P9osIogts_utjw8ttAlGMqBew38YeDrrn2Q3lODz7OYZq0gZP2KIaPugaJ119RMJ5J9aqJjDEMHu1-1g6m6yCn-dyGK70MPWzPBHVHMxG0G2jP1A_gvE_zTqxC2kjNTNB6ceqAJBWYY6hP8mT2iefypMneOQL5jeXB5mOhWLpNxOmSCG0-P_bq0I.4N3KX0tINDJfAEnR58PGCQ"
while (True) : 
    try : 
        print("ACCESS_TOKEN : ", access_token)
        key = get_key(access_token)
        response = jwt.decode(
            access_token, key,
            options = {
                "verify_iss": True,
                "iss" : f"https://{cognito_idp_domain}/{cognito_user_pool_id}",
                "verify_signature": True,
                "verify_exp": True
            }
        )
        
        print("Token verification status : ", response)
        break

    except ExpiredSignatureError as e :
        print("Access token - ", e)
        access_token = refresh_access_token(refresh_token)

    except :
        print("No access_token found")