Beispiel #1
0
    def create_authorization_response(self, grant_user):
        state = self.request.state
        if grant_user:
            self.request.user = grant_user
            client = self.request.client
            token = self.generate_token(client,
                                        self.GRANT_TYPE,
                                        user=grant_user,
                                        scope=self.request.scope,
                                        include_refresh_token=False)
            if self.request.response_type == 'id_token':
                token = {
                    'expires_in': token['expires_in'],
                    'scope': token['scope'],
                }
                token = self.process_token(token, self.request)
            else:
                log.debug('Grant token {!r} to {!r}'.format(token, client))
                self.server.save_token(token, self.request)
                token = self.process_token(token, self.request)
            params = [(k, token[k]) for k in token]
            if state:
                params.append(('state', state))
        else:
            error = AccessDeniedError(state=state)
            params = error.get_body()

        # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
        return create_response_mode_response(
            redirect_uri=self.redirect_uri,
            params=params,
            response_mode=self.request.response_mode,
        )
Beispiel #2
0
    def create_authorization_response(self, grant_user):
        """
        Overrides method from authlib---authlib has some peculiarities here such as
        trying to access ``token["scope"]`` from the token response which is not
        following OIDC. This should be creating a response in accordance with the spec
        here:

        https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse
        """
        state = self.request.state
        if grant_user:
            self.request.user = grant_user
            client = self.request.client
            include_access_token = self.request.response_type == "id_token token"
            token_response = self.generate_token(
                client,
                self.GRANT_TYPE,
                include_access_token=include_access_token,
                user=grant_user,
                scope=self.request.scope,
            )
            params = [(k, token_response[k]) for k in token_response]
            if state:
                params.append(("state", state))
        else:
            error = AccessDeniedError(state=state)
            params = error.get_body()

        # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
        return create_response_mode_response(
            redirect_uri=self.redirect_uri,
            params=params,
            response_mode=self.request.response_mode,
        )
Beispiel #3
0
    def create_authorization_response(self, grant_user):
        state = self.request.state
        if grant_user:
            self.request.user = grant_user
            client = self.request.client
            token = self.generate_token(client,
                                        self.GRANT_TYPE,
                                        scope=self.request.scope,
                                        include_refresh_token=False)
            if self.request.response_type == 'id_token':
                token = {
                    'expires_in': token['expires_in'],
                    'scope': token['scope'],
                }
                token = self.process_token(token, self.request)
            else:
                log.debug('Grant token {!r} to {!r}'.format(token, client))
                self.server.save_token(token, self.request)
                token = self.process_token(token, self.request)
            params = [(k, token[k]) for k in token]
            if state:
                params.append(('state', state))
        else:
            error = AccessDeniedError(state=state)
            params = error.get_body()

        uri = add_params_to_uri(self.redirect_uri, params, fragment=True)
        headers = [('Location', uri)]
        return 302, '', headers
Beispiel #4
0
    def create_authorization_response(self, grant_user):
        state = self.request.state
        if grant_user:
            params = self._create_granted_params(grant_user)
            if state:
                params.append(('state', state))
        else:
            error = AccessDeniedError(state=state)
            params = error.get_body()

        # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
        return create_response_mode_response(
            redirect_uri=self.redirect_uri,
            params=params,
            response_mode=self.request.data.get('response_mode'),
        )
Beispiel #5
0
    def create_authorization_response(self, grant_user):
        state = self.request.state
        if grant_user:
            self.request.user = grant_user
            client = self.request.client

            code = self.create_authorization_code(client, grant_user,
                                                  self.request)
            params = [('code', code)]

            token = self.generate_token(client,
                                        'implicit',
                                        scope=self.request.scope,
                                        include_refresh_token=False)

            response_types = self.request.response_type.split()
            if 'token' in response_types:
                log.debug('Grant token {!r} to {!r}'.format(token, client))
                self.server.save_token(token, self.request)
                if 'id_token' in response_types:
                    token = self.process_implicit_token(
                        token, self.request, code)
            else:
                # response_type is "code id_token"
                token = {
                    'expires_in': token['expires_in'],
                    'scope': token['scope']
                }
                token = self.process_implicit_token(token, self.request, code)

            params.extend([(k, token[k]) for k in token])
            if state:
                params.append(('state', state))
        else:
            error = AccessDeniedError(state=state)
            params = error.get_body()

        # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
        fragment = True
        response_mode = self.request.response_mode
        if response_mode and response_mode == 'query':
            fragment = False

        uri = add_params_to_uri(self.redirect_uri, params, fragment=fragment)
        headers = [('Location', uri)]
        return 302, '', headers
Beispiel #6
0
    def create_authorization_response(self, grant_user):
        state = self.request.state
        if grant_user:
            params = self._create_granted_params(grant_user)
            if state:
                params.append(('state', state))
        else:
            error = AccessDeniedError(state=state)
            params = error.get_body()

        # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
        fragment = True
        response_mode = self.request.response_mode
        if response_mode and response_mode == 'query':
            fragment = False

        uri = add_params_to_uri(self.redirect_uri, params, fragment=fragment)
        headers = [('Location', uri)]
        return 302, '', headers