def validate_requested_scope(self):
"""Validate if requested scope is supported by Authorization Server."""
scope = self.request.scope
state = self.request.state
if scope:
allowed = set(
scope_to_list(self.request.client.get_allowed_scope(scope)))
requested = set(scope_to_list(scope))
if not (requested <= allowed):
raise InvalidScopeError(state=state)
return self.server.validate_requested_scope(scope, state)
def validate_authorization_request(self):
if not is_openid_scope(self.request.scope):
raise InvalidScopeError(
'Missing "openid" scope',
redirect_uri=self.request.redirect_uri,
redirect_fragment=True,
)
self.register_hook(
'after_validate_authorization_request', lambda grant:
validate_nonce(grant.request, grant.exists_nonce, required=True))
return validate_code_authorization_request(self)
def validate_authorization_request(self):
if not is_openid_scope(self.request.scope):
raise InvalidScopeError(
'Missing "openid" scope',
redirect_uri=self.request.redirect_uri,
redirect_fragment=True,
)
redirect_uri = super(OpenIDImplicitGrant, self).validate_authorization_request()
try:
validate_nonce(self.request, self.exists_nonce, required=True)
except OAuth2Error as error:
error.redirect_uri = redirect_uri
error.redirect_fragment = True
raise error
return redirect_uri
def validate_authorization_request(self):
if not is_openid_scope(self.request.scope):
raise InvalidScopeError('Missing "openid" scope')
super(OpenIDHybridGrant, self).validate_authorization_request()
def validate_authorization_request(self):
if not is_openid_scope(self.request.scope):
raise InvalidScopeError('Missing "openid" scope')
super(OpenIDImplicitGrant, self).validate_authorization_request()
validate_nonce(self.request, self.exists_nonce, required=True)