def run_auth_server():
try:
client = MongoClient('localhost', 27017)
db = client.test_database
client_store = ClientStore(collection=db["clients"])
token_store = AccessTokenStore(collection=db["access_tokens"])
code_store = AuthCodeStore(collection=db["auth_codes"])
provider = Provider(
access_token_store=token_store,
auth_code_store=code_store,
client_store=client_store,
token_generator=Uuid4())
provider.add_grant(
AuthorizationCodeGrant(site_adapter=TestSiteAdapter(), scopes=["basic", "big", "long"],
unique_token=True,
expires_in=20
)
)
provider.add_grant(
RefreshToken(scopes=["basic", "big", "long"], expires_in=2592000, reissue_refresh_tokens=True)
)
app = Application(provider=provider)
httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler)
print("Starting OAuth2 server on http://localhost:8080/...")
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
def run_auth_server():
try:
client_store = ClientStore()
client_store.add_client(
client_id="abc",
client_secret="xyz",
redirect_uris=["http://localhost:8081/callback"])
token_store = TokenStore()
auth_controller = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
site_adapter=TestSiteAdapter(),
token_generator=Uuid4())
auth_controller.add_grant(AuthorizationCodeGrant())
app = Wsgi(server=auth_controller)
httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler)
print(
"Starting implicit_grant oauth2 server on http://localhost:8080/..."
)
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
def main():
client = MongoClient()
db = client.testdb
access_token_store = AccessTokenStore(collection=db["access_tokens"])
auth_code_store = AuthCodeStore(collection=db["auth_codes"])
client_store = ClientStore(collection=db["clients"])
provider = Provider(access_token_store=access_token_store,
auth_code_store=auth_code_store,
client_store=client_store,
site_adapter=TestSiteAdapter(),
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant())
provider.add_grant(ImplicitGrant())
provider.add_grant(ResourceOwnerGrant())
provider.add_grant(ClientCredentialsGrant())
provider.add_grant(RefreshToken(expires_in=600))
provider.enable_unique_tokens()
app = Wsgi(server=provider)
try:
httpd = make_server('', 8888, app)
print("Starting test auth server on port 8888...")
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
def run_provider(queue):
try:
redirect_uri = "http://127.0.0.1:15487/callback"
stores = store_factory(client_identifier="abc",
client_secret="xyz",
redirect_uris=[redirect_uri])
provider = Provider(
access_token_store=stores["access_token_store"],
auth_code_store=stores["auth_code_store"],
client_store=stores["client_store"],
site_adapter=TestSiteAdapter(),
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant(expires_in=120))
provider.add_grant(RefreshToken(expires_in=60))
app = Wsgi(server=provider)
httpd = make_server('',
15486,
app,
handler_class=NoLoggingHandler)
queue.put({"result": 0})
httpd.serve_forever()
except Exception as e:
queue.put({"result": 1, "error_message": str(e)})
def create_auth_server():
client_store = ClientStore()
client_store.add_client(
client_id="alexa.matsuoka",
client_secret="xxxx",
redirect_uris=[
"https://layla.amazon.com/api/skill/link/M2Q7FOC6AVxxxx",
"https://pitangui.amazon.com/api/skill/link/M2Q7FOC6AVxxxx",
"https://alexa.amazon.co.jp/api/skill/link/M2Q7FOC6AVxxxx"
])
token_store = TokenStore()
token_store.save_token(
AccessToken(client_id="alexa.matsuoka",
grant_type="authorization_code",
user_id="*****@*****.**",
token="xxxx"))
provider = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=Uuid4(),
client_authentication_source=http_basic_auth)
provider.add_grant(
AuthorizationCodeGrant(site_adapter=TestSiteAdapter(),
unique_token=True))
app = Application([
url(provider.authorize_path, OAuth2Handler, dict(provider=provider)),
url(provider.token_path, OAuth2Handler, dict(provider=provider)),
],
debug=False)
return app
def run_auth_server():
client_store = ClientStore()
# client_store.add_client(client_id="abc", client_secret="xyz",
# redirect_uris=["http://localhost:8081/callback"])
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=["http://localhost:8080/auth/realms/keycloak-express/broker/oidc/endpoint"])
token_store = TokenStore()
provider = Provider(access_token_store=token_store,
auth_code_store=token_store, client_store=client_store,
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter()))
try:
app = Application([
url(provider.authorize_path, OAuth2Handler, dict(provider=provider)),
url(provider.token_path, OAuth2Handler, dict(provider=provider)),
])
app.listen(8090)
print("Starting OAuth2 server on http://localhost:8090/...")
IOLoop.current().start()
except KeyboardInterrupt:
IOLoop.close()
def run_auth_server():
client_store = ClientStore()
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=["http://10.10.112.59:8081/callback"])
client_store.add_client(client_id="bcd", client_secret="fff",
redirect_uris=["http://10.10.112.59:50000/callback"])
client_store.add_client(client_id="9fdc2c7a1cee0cca54c150e3e0b822eb", client_secret="zzz",
redirect_uris=["http://10.10.112.59:8888/callback"])
token_store = TokenStore()
provider = Provider(access_token_store=token_store,
auth_code_store=token_store, client_store=client_store,
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter()))
settings = dict(
template_path=os.path.join(os.path.dirname(__file__), "templates"),
static_path=os.path.join(os.path.dirname(__file__), "static"),
cookie_secret='61oETzKXQAGaYdkL5gEmGEJJFuYh7EQnp2XdTP1o/Vo=',
)
try:
app = Application([
url(provider.authorize_path, OAuth2Handler, dict(provider=provider)),
url(provider.token_path, OAuth2Handler, dict(provider=provider)),
url("/", MainHandler),
], **settings)
app.listen(8080)
print "Starting OAuth2 server on http://10.10.112.59:8080/..."
IOLoop.current().start()
except KeyboardInterrupt:
IOLoop.close()
def test_add_grant_set_expire_time(self):
"""
Provider.add_grant() should set the expiration time on the instance of TokenGenerator
"""
self.auth_server.add_grant(AuthorizationCodeGrant(expires_in=400))
self.auth_server.add_grant(ResourceOwnerGrant(expires_in=500))
self.auth_server.add_grant(RefreshToken(expires_in=1200))
self.assertEqual(self.token_generator_mock.expires_in[AuthorizationCodeGrant.grant_type], 400)
self.assertEqual(self.token_generator_mock.expires_in[ResourceOwnerGrant.grant_type], 500)
self.assertEqual(self.token_generator_mock.refresh_expires_in, 1200)
def main():
parser = argparse.ArgumentParser(description="python-oauth2 test provider")
parser.add_argument("--store", dest="store", type=str, default="mongodb",
help="The store adapter to use. Can one of 'mongodb'"\
"(default), 'mysql'")
args = parser.parse_args()
if args.store == "mongodb":
print("Using mongodb stores...")
client = MongoClient()
db = client.testdb
access_token_store = AccessTokenStore(collection=db["access_tokens"])
auth_code_store = AuthCodeStore(collection=db["auth_codes"])
client_store = ClientStore(collection=db["clients"])
elif args.store == "mysql":
print("Using mysql stores...")
connection = mysql.connector.connect(host="127.0.0.1",
user="******",
passwd="",
db="testdb")
access_token_store = MysqlAccessTokenStore(connection=connection)
auth_code_store = MysqlAuthCodeStore(connection=connection)
client_store = MysqlClientStore(connection=connection)
else:
raise Exception("Unknown store")
provider = Provider(access_token_store=access_token_store,
auth_code_store=auth_code_store,
client_store=client_store,
site_adapter=TestSiteAdapter(),
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant(expires_in=120))
provider.add_grant(ImplicitGrant())
provider.add_grant(ResourceOwnerGrant())
provider.add_grant(ClientCredentialsGrant())
provider.add_grant(RefreshToken(expires_in=60))
app = Wsgi(server=provider)
try:
httpd = make_server('', 8888, app)
print("Starting test auth server on port 8888...")
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
def make_provider(session_factory, url_prefix, login_url):
"""Make an OAuth provider"""
token_store = AccessTokenStore(session_factory)
code_store = AuthCodeStore(session_factory)
client_store = ClientStore(session_factory)
provider = Provider(
access_token_store=token_store,
auth_code_store=code_store,
client_store=client_store,
token_generator=UUID4(),
)
provider.token_path = url_path_join(url_prefix, 'token')
provider.authorize_path = url_path_join(url_prefix, 'authorize')
site_adapter = JupyterHubSiteAdapter(login_url=login_url)
provider.add_grant(AuthorizationCodeGrant(site_adapter=site_adapter))
return provider
def create_provider():
redirect_uri = "http://127.0.0.1:15487/callback"
stores = store_factory(client_identifier="abc",
client_secret="xyz",
redirect_uris=[redirect_uri])
provider = Provider(access_token_store=stores["access_token_store"],
auth_code_store=stores["auth_code_store"],
client_store=stores["client_store"],
token_generator=Uuid4())
provider.add_grant(
AuthorizationCodeGrant(expires_in=120, site_adapter=TestSiteAdapter()))
provider.add_grant(RefreshToken(expires_in=60))
return provider
def run_auth_server():
try:
client = MongoClient('localhost', 27017)
db = client.test_database
client_store = ClientStore(collection=db["clients"])
# memory
# client_store = ClientStore()
# client_store.add_client(client_id="abc", client_secret="xyz",
# redirect_uris=["http://localhost:8081/callback"])
#
# token_store = TokenStore()
token_store = AccessTokenStore(collection=db["access_tokens"])
code_store = AuthCodeStore(collection=db["auth_codes"])
provider = Provider(access_token_store=token_store,
auth_code_store=code_store,
client_store=client_store,
token_generator=Uuid4())
provider.add_grant(
AuthorizationCodeGrant(site_adapter=TestSiteAdapter(),
scopes=["test", "test2"],
unique_token=True,
expires_in=1))
# auth_controller.add_grant_type(ResourceOwnerGrant(tokens_expire=600))
provider.add_grant(
RefreshToken(scopes=["test", "test2"],
expires_in=2592000,
reissue_refresh_tokens=True))
# auth_controller.add_grant_type(RefreshToken(tokens_expire=1200))
app = Application(provider=provider)
httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler)
print("Starting OAuth2 server on http://localhost:8080/...")
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
def run_auth_server(port=8282):
print("Starting OAuth2 server on port:" + str(port))
client_store = ClientStore()
client_store.add_client(client_id="abc",
client_secret="xyz",
redirect_uris=["http://0.0.0.0:5000/"])
token_store = TokenStore()
provider = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter()))
app = Application(provider=provider)
httpd = make_server('', port, app, handler_class=OAuthRequestHandler)
httpd.serve_forever()
def __init__(self, dbconnection):
self.templates = os.path.join(os.path.dirname(__file__),
"../templates")
self.static = os.path.join(os.path.dirname(__file__), "../static")
# DataBase connection
self.dbconnection = dbconnection
##
# OAuth authentication service (token provider)
# Client Store (will be taken from db)
client_store = ClientStore()
client_store.add_client(client_id="abc",
client_secret="xyz",
redirect_uris=["http://localhost:8111"])
##
# OAuth Token Store (in memory)
token_store = TokenStore()
# Generator of tokens
token_generator = Uuid4()
#token_generator.expires_in[ClientCredentialsGrant.grant_type] = 3600
##
# OAuth Provider
provider = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=token_generator)
#provider.token_path = '/oauth/token'
# Support for the authorization code grant
provider.add_grant(
AuthorizationCodeGrant(site_adapter=CodeGrant(self.templates)))
# provider.add_grant(
# ImplicitGrant(site_adapter=Authentication())
# )
logger.debug(provider.authorize_path)
logger.debug(provider.token_path)
##
# Auth handlers
auth_handlers = [
web.url(provider.authorize_path, OAuth2Handler,
dict(provider=provider)),
web.url(provider.token_path, OAuth2Handler,
dict(provider=provider))
]
##
# Web
web_handlers = [
web.url(r"/login", login.Index),
web.url(r"/logout", logout.Index),
web.url(r"/password/(.*)", password.Index),
web.url(r"/forgot_password", password.Forgot),
web.url(r"/registration", registration.Index),
web.url(r'/', home.Index),
web.url(r'/settings', home.User),
web.url(r'/projects', projects.Projects),
web.url(r'/slices/([a-z0-9\._\-]+)', slices.Slices),
web.url(r'/users', users.Users),
web.url(r'/users/?(' + self.urn_regex + ')', users.Users),
web.url(r'/activity', activity.Index),
web.url(r'/confirm/(' + self.uuid_regex + ')?', confirm.Index),
web.url(r'/status', status.Index),
web.url(r'/static/(.*)', web.StaticFileHandler,
{'path': self.static}),
web.url(r'/test', test.Index),
web.url(r"/addOrganization", addOrganization.Index)
]
##
# REST API
rest_handlers = [
web.url(r'/api/v1/activity?([A-Za-z0-9-]+)?', ActivityHandler),
web.url(r'/api/v1/activity/(' + self.uuid_regex + ')?',
ActivityHandler),
web.url(r'/api/v1/confirm/(' + self.uuid_regex + ')?',
ConfirmHandler),
web.url(r'/api/v1/requests?([A-Za-z0-9-]+)?', RequestsHandler),
web.url(r'/api/v1/requests/(' + self.uuid_regex + ')?',
RequestsHandler),
web.url(r'/api/v1/usertoken?', UserTokenHandler),
web.url(r'/api/v1/login', LoginHandler),
web.url(r'/api/v1/password', PasswordHandler),
web.url(r'/api/v1/password/(.*)', PasswordHandler),
web.url(r'/api/v1/resources$', ResourcesHandler),
web.url(r'/api/v1/resources/(' + self.urn_regex + ')?$',
ResourcesHandler),
web.url(r'/api/v1/resources/(' + self.urn_regex + ')?/?(leases)?$',
ResourcesHandler),
web.url(r'/api/v1/resources/(' + self.urn_regex + ')?/?(slices)?$',
ResourcesHandler),
web.url(
r'/api/v1/resources/(' + self.urn_regex + ')?/?(testbeds)?$',
ResourcesHandler),
# leases
web.url(r'/api/v1/leases$', LeasesHandler),
web.url(r'/api/v1/leases/([A-Za-z0-9-]+)?', LeasesHandler),
web.url(r'/api/v1/profile$', ProfileHandler),
# testbeds
web.url(
r'/api/v1/testbeds/?(' + self.urn_regex + ')?/?(resources)?$',
TestbedsHandler),
web.url(r'/api/v1/testbeds/?(' + self.urn_regex + ')?/?(leases)?$',
TestbedsHandler),
# users
web.url(r'/api/v1/users$', UsersHandler),
web.url(r'/api/v1/users/(' + self.email_regex + ')$',
UsersHandler),
web.url(
r'/api/v1/users/?(' + self.urn_regex +
')?/?(authorities|projects|slices)?$', UsersHandler),
web.url(r'/api/v1/users/?(authorities|projects|slices)?$',
UsersHandler),
# authorities
web.url(r'/api/v1/authorities$', AuthoritiesHandler),
web.url(
r'/api/v1/authorities/?(' + self.urn_regex +
')?/?(users|projects)?$', AuthoritiesHandler),
# projects
web.url(
r'/api/v1/projects/?(' + self.urn_regex +
')?/?(users|slices)?$', ProjectsHandler),
# slices
web.url(
r'/api/v1/slices/?(' + self.hrn_regex +
')?/?(users|resources)?$', SlicesHandler),
web.url(
r'/api/v1/slices/?(' + self.urn_regex +
')?/?(users|resources)?$', SlicesHandler),
# F-Interop sessions
# security based on the slice id
web.url(
r'/api/v1/finterop/sessions/?(' + self.urn_regex +
')?/?(start|stop)?$', FinteropSessionsHandler),
web.url(
r'/api/v1/finterop/sessions/?(' + self.hrn_regex +
')?/?(start|stop)?$', FinteropSessionsHandler),
web.url(
r'/api/v1/finterop/sessions/?([a-zA-Z0-9]+)?/?(start|stop)?$',
FinteropSessionsHandler),
#web.url(r'/api/v1/finterop/sessions/?([a-zA-Z0-9]+)?/resources$', ResourceRepoHandler),
]
##
# Websockets API
# SockJSRouter: configure Websocket
WebsocketRouter = SockJSRouter(WebsocketsHandler, '/api/v1/live')
##
# URLs handlers
handlers = auth_handlers + web_handlers + rest_handlers + WebsocketRouter.urls
settings = dict(
cookie_secret=config.web["cookie_secret"],
login_url="/login",
token_secret=config.web["token_secret"],
template_path=self.templates,
static_path=self.static,
#xsrf_cookies=True,
debug=True)
web.Application.__init__(self, handlers, **settings)