def init_oauth(*args, **options):
global auth_provider
if auth_provider:
return auth_provider
# Populate mock
oauth_model = oauth.OauthModel()
coll = oauth_model.get_coll()
client_store = oauth2.store.mongodb.ClientStore(coll)
# Redis for tokens storage
token_store = oauth2.store.redisdb.TokenStore(rs=utils.Redis())
# Generator of tokens
token_generator = oauth2.tokengenerator.Uuid4()
token_generator.expires_in[
oauth2.grant.ClientCredentialsGrant.grant_type] = 3600 * 24
# OAuth2 controller
auth_provider = oauth2.Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=token_generator)
# auth_controller.token_path = '/oauth/token'
default_scope = "font-api" # token默认具有的权限 默认具有前端访问权限
scopes = ["font-api", "back-api", "system-api"] # token 可获得的权限
# Add Client Credentials to OAuth2 controller
auth_provider.add_grant(
oauth2.grant.ClientCredentialsGrant(default_scope=default_scope,
scopes=scopes))
return auth_provider
def get_provider(role="normal"):
# OAuth2 controller
auth_provider = oauth2.Provider(access_token_store=token_store,
auth_code_store=auth_code_store,
client_store=client_store,
token_generator=token_generator)
auth_provider.token_path = '/api/oauth/token'
# scope_model = model.BaseModel.get_model("scope.ScopeModel")
# scopes = [s['name'] for s in scope_model.get_allow_scopes(role)]
default_scope = role
scopes = []
# Add Client Credentials to OAuth2 controller
auth_provider.add_grant(
oauth2.grant.ClientCredentialsGrant(default_scope=default_scope,
scopes=scopes))
return auth_provider
# Create an in-memory storage to store your client apps.
client_store = oauth2.store.memory.ClientStore()
# Add a client
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=["http://localhost/callback"])
site_adapter = ExampleSiteAdapter()
# Create an in-memory storage to store issued tokens.
# LocalTokenStore can store access and auth tokens
token_store = oauth2.store.memory.TokenStore()
# Create the controller.
provider = oauth2.Provider(
access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=oauth2.tokengenerator.Uuid4()
)
# Add Grants you want to support
provider.add_grant(oauth2.grant.AuthorizationCodeGrant(site_adapter=site_adapter))
provider.add_grant(oauth2.grant.ImplicitGrant(site_adapter=site_adapter))
# Add refresh token capability and set expiration time of access tokens
# to 30 days
provider.add_grant(oauth2.grant.RefreshToken(expires_in=2592000))
# Wrap the controller with the Wsgi adapter
app = oauth2.web.wsgi.Application(provider=provider)
if __name__ == "__main__":
from api.utils.auth import check_password
# updated link -- using python-oauth2 with tornado
# http://python-oauth2.readthedocs.org/en/latest/tornado.html
class AuthSiteAdapter(oauth2.web.SiteAdapter):
def user_has_denied_access(self, request):
raise NotImplementedError
def authenticate(self, request, environ, scopes):
raise NotImplementedError
client_store = oauth2.store.memory.ClientStore()
token_store = oauth2.store.memory.TokenStore()
client_store.add_client(client_id='client_id',
client_secret='client_secret',
redirect_uris=['/'])
AuthController = oauth2.Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
site_adapter=AuthSiteAdapter(),
token_generator=oauth2.tokengenerator.Uuid4())
AuthController.add_grant(oauth2.grant.ImplicitGrant())
AuthController.add_grant(oauth2.grant.ResourceOwnerGrant())
port=dbconfig.get('port'))
self.cur = self.conn.cursor()
def __enter__(self):
return self.cur
def __exit__(self, type, value, tb):
try:
if not value:
self.conn.commit()
except:
pass
self.cur.close()
self.conn.close()
google_openid = oauth2.Provider()
google_openid.google_discover()
app = Flask(__name__)
application = app
app.config['CORS_HEADERS'] = ['content-type', 'authorization']
app.config['CORS_METHODS'] = ['GET', 'POST', 'PUT']
flask_cors.CORS(app)
def authorize():
toks = request.headers.get('authorization', '').split(' ')
if len(toks) != 2 or toks[0] != 'Bearer':
abort(401)
auth = jwt.decode(toks[1], jwt_secret)
if auth['iss'] != 'gsd.ratatanek.cz':
