def get_token(self, token_id, scope):
"""Retrieves a registered token by token ID and required scope.
@type token_id: basestring
@param token_id: token ID
@type scope: basestring
@param scope: required scopes as space separated string
"""
try:
token = self.get_value(token_id)
except KeyError:
log.debug("Request for token of ID that is not registered: %s",
token_id)
return None, 'invalid_token'
if not token.valid:
log.debug("Request for invalid token of ID: %s", token_id)
return None, 'invalid_token'
if token.expires <= datetime.utcnow():
log.debug("Request for expired token of ID: %s", token_id)
return None, 'invalid_token'
# Check scope
if not scopeutil.isScopeGranted(token.scope,
scopeutil.scopeStringToList(scope)):
log.debug("Request for token of ID: %s - token was not granted "
"scope %s", token_id, scope)
return None, 'insufficient_scope'
return token, None
def eq_authz_basis(self, other):
"""Determines whether a requested client authorization is equivalent to
a granted one.
@type other: ClientAuthorization
@param other: requested authorization
@rtype: bool
@return: True if the user and client ID are the same and if there are no
requested scopes that are not granted, otherwise False
"""
return (self.user == other.user
and self.client_id == other.client_id
and scopeutil.isScopeGranted(self.scope, other.scope))
