def prepare_refresh_body(self,
body='',
refresh_token=None,
scope=None,
**kwargs):
"""Prepare an access token request, using a refresh token.
If the authorization server issued a refresh token to the client, the
client makes a refresh request to the token endpoint by adding the
following parameters using the "application/x-www-form-urlencoded"
format in the HTTP request entity-body:
grant_type
REQUIRED. Value MUST be set to "refresh_token".
refresh_token
REQUIRED. The refresh token issued to the client.
scope
OPTIONAL. The scope of the access request as described by
Section 3.3. The requested scope MUST NOT include any scope
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
resource owner. Note that if none is provided, the ones provided
in the constructor are used if any.
"""
refresh_token = refresh_token or self.refresh_token
scope = self.scope if scope is None else scope
return prepare_token_request(self.refresh_token_key,
body=body,
scope=scope,
refresh_token=refresh_token,
**kwargs)
def prepare_request_body(self, body=u'', scope=None, **kwargs):
"""Add the client credentials to the request body.
"""
grant_type = GrantType.JWT_BEARER
return prepare_token_request(grant_type,
body=body,
scope=scope,
**kwargs)
def prepare_request_body(self, body='', scope=None, **kwargs):
"""Prepare request body.
Overridden.
This passes our JWT token grant type parameter.
"""
return prepare_token_request(GRANT_TYPE, body=body, scope=scope,
client_id=self.client_id, **kwargs)
def prepare_request_body(self,
client_id=None,
code=None,
body='',
redirect_uri=None,
**kwargs):
code = code or self.code
return prepare_token_request('authorization_code_push',
code=code,
body=body,
client_id=self.client_id,
**kwargs)
def prepare_request_body(self,
client_id=None,
code=None,
body='',
redirect_uri=None,
**kwargs):
code = code or self.code
return prepare_token_request('openlab_api_key',
code=code,
body=body,
client_id=self.client_id,
redirect_uri=redirect_uri,
**kwargs)
def prepare_request_body(self,
device_code,
body='',
scope=None,
include_client_id=False,
**kwargs):
"""Add device_code to request body
The client makes a request to the token endpoint by adding the
device_code as a parameter using the
"application/x-www-form-urlencoded" format to the HTTP request
body.
:param body: Existing request body (URL encoded string) to embed parameters
into. This may contain extra paramters. Default ''.
:param scope: The scope of the access request as described by
`Section 3.3`_.
:param include_client_id: `True` to send the `client_id` in the
body of the upstream request. This is required
if the client is not authenticating with the
authorization server as described in
`Section 3.2.1`_. False otherwise (default).
:type include_client_id: Boolean
:param kwargs: Extra credentials to include in the token request.
The prepared body will include all provided device_code as well as
the ``grant_type`` parameter set to
``urn:ietf:params:oauth:grant-type:device_code``::
>>> from oauthlib.oauth2 import DeviceClient
>>> client = DeviceClient('your_id', 'your_code')
>>> client.prepare_request_body(scope=['hello', 'world'])
'grant_type=urn:ietf:params:oauth:grant-type:device_code&scope=hello+world'
.. _`Section 3.4`: https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
"""
kwargs['client_id'] = self.client_id
kwargs['include_client_id'] = include_client_id
scope = self.scope if scope is None else scope
return prepare_token_request(self.grant_type,
body=body,
device_code=device_code,
scope=scope,
**kwargs)
def prepare_request_body(self,
private_key=None,
subject=None,
issuer=None,
audience=None,
expires_at=None,
issued_at=None,
extra_claims=None,
body='',
scope=None,
**kwargs):
key = private_key or self.private_key
if not key:
raise ValueError(
"Encryption key must be supplied to make JWT token requests."
)
claim = {
"iss": issuer or self.issuer,
"aud": audience or self.audience,
"sub": subject,
"exp": int(expires_at or time.time() + 3600),
"iat": int(issued_at or time.time()),
"scope": scope,
}
for attr in {"iss", "aud"}:
if claim[attr] is None:
raise ValueError(
"Claim must include {} but none was given.".format(attr)
)
if "not_before" in kwargs:
claim["nbf"] = kwargs.pop("not_before")
if "jwt_id" in kwargs:
claim["jti"] = kwargs.pop("jwt_id")
claim.update(extra_claims or {})
assertion = jwt.encode(claim, key, "RS256")
assertion = to_unicode(assertion)
return prepare_token_request(self.grant_type,
body=body,
assertion=assertion,
**kwargs)
def prepare_request_body(self,
private_key=None,
subject=None,
issuer=None,
audience=None,
expires_at=None,
issued_at=None,
extra_claims=None,
body="",
scope=None,
**kwargs):
key = private_key or self.private_key
if not key:
raise ValueError(
"Encryption key must be supplied to make JWT token requests.")
claim = {
"iss": issuer or self.issuer,
"aud": audience or self.audience,
"sub": subject,
"exp": int(expires_at or time.time() + 3600),
"iat": int(issued_at or time.time()),
"scope": scope,
}
for attr in {"iss", "aud"}:
if claim[attr] is None:
raise ValueError(
"Claim must include {} but none was given.".format(attr))
if "not_before" in kwargs:
claim["nbf"] = kwargs.pop("not_before")
if "jwt_id" in kwargs:
claim["jti"] = kwargs.pop("jwt_id")
claim.update(extra_claims or {})
assertion = jwt.encode(claim, key, "RS256")
assertion = to_unicode(assertion)
return prepare_token_request(self.grant_type,
body=body,
assertion=assertion,
**kwargs)
def prepare_refresh_body(self, body="", refresh_token=None, scope=None, **kwargs):
"""Prepare an access token request, using a refresh token.
If the authorization server issued a refresh token to the client, the
client makes a refresh request to the token endpoint by adding the
following parameters using the "application/x-www-form-urlencoded"
format in the HTTP request entity-body:
grant_type
REQUIRED. Value MUST be set to "refresh_token".
refresh_token
REQUIRED. The refresh token issued to the client.
scope
OPTIONAL. The scope of the access request as described by
Section 3.3. The requested scope MUST NOT include any scope
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
resource owner.
"""
refresh_token = refresh_token or self.refresh_token
return prepare_token_request("refresh_token", body=body, scope=scope, refresh_token=refresh_token, **kwargs)
def prepare_request_body(self, body='', scope=None, **kwargs):
return prepare_token_request('password',
body=body,
scope=scope,
**kwargs)
def prepare_request_body(self, **kwargs):
return prepare_token_request('client_credential', **kwargs)
def prepare_request_body(self, body='', scope=None, **kwargs):
return prepare_token_request('password',
body = body,
scope = scope,
**kwargs)
