def validate_params(self):
## TODO get user from session
#self.user = users.get_current_user()
# if self.request.method == 'POST' and not self.user:
# self.error(403)
# self.response.out.write("Authentication required.")
# return False
self.redirect_uri = self.request.get('redirect_uri')
if not self.redirect_uri:
self.error(400)
self.response.out.write("The parameter redirect_uri is required.")
return False
# TODO: validate url?
if not self.request.get('response_type') in self.SUPPORTED_RESPONSE_TYPES:
self.authz_error('unsupported_response_type', "The requested response type is not supported.")
return False
self.client = OAuth_Client.get_by_client_id(str(self.request.get('client_id')))
if not self.client:
self.authz_error('invalid_client', "The client identifier provided is invalid.")
return False
logging.info(str(self.client.redirect_uri))
logging.info(str(self.redirect_uri))
if self.client.redirect_uri:
if str(self.client.redirect_uri) != str(self.redirect_uri):
self.authz_error('redirect_uri_mismatch',
"The redirection URI provided does not match a pre-registered value.")
return False
return True
def handle(self):
# TODO: MUST require transport-level security
if self.request.headers.get('Authorization', '').startswith('Basic'):
client_secret = self.request.headers['Authorization'].split(' ')[1]
else:
client_secret = self.request.get('client_secret')
logging.debug('Client Secret ='+str(client_secret))
client_id = self.request.get('client_id')
grant_type = self.request.get('grant_type')
scope = self.request.get('scope')
if not grant_type in self.SUPPORTED_GRANT_TYPES:
self.render_error('unsupported_grant_type', "Grant type not supported.")
return
client = OAuth_Client.authenticate(client_id, client_secret)
logging.debug('Client ID ='+str(client_id))
if not client:
self.render_error('invalid_client', "Invalid client credentials.")
return
# Dispatch to one of the grant handlers below
getattr(self, 'handle_%s' % grant_type)(client, scope)
