def validate_authorization_request(self):
"""Validate authorization request
:return: None
"""
# Validate client for this request
client_id = self.request.client_id
self.server.log.debug("Validate authorization request of", client_id)
if client_id is None:
raise InvalidClientError(state=self.request.state)
client = self.server.query_client(client_id)
if not client:
raise InvalidClientError(state=self.request.state)
response_type = self.request.response_type
if not client.check_response_type(response_type):
raise UnauthorizedClientError(
'The client is not authorized to use "response_type={}"'.
format(response_type))
self.request.client = client
self.validate_requested_scope()
# Check user_code, when user go to authorization endpoint
userCode = self.request.args.get("user_code")
if not userCode:
raise OAuth2Error("user_code is absent.")
# Get session from cookie
if not self.server.db.getSessionByUserCode(userCode):
raise OAuth2Error("Session with %s user code is expired." %
userCode)
return None
def save_device_credential(self, client_id, scope, data):
"""Save device credentials
:param str client_id: client id
:param str scope: request scopes
:param dict data: device credentials
"""
data.update(
dict(
uri=
"{api}?{query}&response_type=device&client_id={client_id}&scope={scope}"
.format(
api=data["verification_uri"],
query=self.req.query,
client_id=client_id,
scope=scope,
),
id=data["device_code"],
client_id=client_id,
scope=scope,
))
result = self.server.db.addSession(data)
if not result["OK"]:
raise OAuth2Error("Cannot save device credentials",
result["Message"])
async def _refresh_token(self, data):
resp = await self.request('POST',
self.token_endpoint,
data=data,
withhold_token=True)
token = resp.json()
if 'error' in token:
raise OAuth2Error(error=token['error'],
description=token.get('error_description'))
self.token = token
return self.token
def _refresh_token(self, data):
resp = self.request("POST",
self.token_endpoint,
data=data,
withhold_token=True)
token = resp.json()
if "error" in token:
raise OAuth2Error(error=token["error"],
description=token.get("error_description"))
self.token = token
return self.token
def query_user_grant(self, user_code):
"""Check if user alredy authed and return it to token generator
:param str user_code: user code
:return: (str, bool) or None -- user dict and user auth status
"""
result = self.server.db.getSessionByUserCode(user_code)
if not result["OK"]:
raise OAuth2Error("Cannot found authorization session",
result["Message"])
return (result["Value"]["user_id"], True) if result["Value"].get(
"username", "None") != "None" else None
def query_device_credential(self, device_code):
"""Get device credential from previously savings via ``DeviceAuthorizationEndpoint``.
:param str device_code: device code
:return: dict
"""
result = self.server.db.getSession(device_code)
if not result["OK"]:
raise OAuth2Error(result["Message"])
data = result["Value"]
if not data:
return None
data["verification_uri"] = self.server.metadata[
"device_authorization_endpoint"]
data["expires_at"] = int(data["expires_in"]) + int(time.time())
data["interval"] = DeviceAuthorizationEndpoint.INTERVAL
return DeviceCredentialDict(data)
def get_auth_token(self):
"""Fetch Access Token either using redirection grant flow or using auth_client"""
if self.auth_client is not None and self.auth_registrar is not None:
try:
if "authorization_code" in self.auth_registrar.client_metadata.get(
"grant_types", {}):
self.logger.writeInfo(
"Endpoint '/oauth' on Node API will provide redirect to authorization endpoint on Auth Server."
)
return
elif "client_credentials" in self.auth_registrar.client_metadata.get(
"grant_types", {}):
# Fetch Token
token = self.auth_client.fetch_access_token()
# Store token in member variable to be extracted using `fetch_local_token` function
self.auth_registry.bearer_token = token
else:
raise OAuth2Error(
"Client not registered with supported Grant Type")
except OAuth2Error as e:
self.logger.writeError(
"Failure fetching access token. {}".format(e))
def raise_error_response(self, error: OAuth2Error) -> typing.NoReturn:
status_code = error.status_code
data = dict(error.get_body())
headers = error.get_headers()
raise JSONException(status_code, data, headers)