def post(self, request):
grant_type = request.POST.get('grant_type')
if grant_type == 'authorization_code':
client_id = request.POST.get('client_id')
client_secret = request.POST.get('client_secret')
redirect_uri = request.POST.get('redirect_uri')
code = request.POST.get('code')
if not client_id:
return self.error('invalid_client')
if not client_secret:
return self.error('invalid_client')
try:
application = ApiApplication.objects.get(
client_id=client_id,
status=ApiApplicationStatus.active,
)
except ApiApplication.DoesNotExist:
return self.error('invalid_client')
if not constant_time_compare(client_secret, application.client_secret):
return self.error('invalid_client')
try:
grant = ApiGrant.objects.get(application=application, code=code)
except ApiGrant.DoesNotExist:
return self.error('invalid_grant')
if grant.is_expired():
return self.error('invalid_grant')
if not redirect_uri:
redirect_uri = application.get_default_redirect_uri()
elif grant.redirect_uri != redirect_uri:
return self.error('invalid_grant')
token = ApiToken.from_grant(grant)
elif grant_type == 'refresh_token':
refresh_token = request.POST.get('refresh_token')
scope = request.POST.get('scope')
client_id = request.POST.get('client_id')
client_secret = request.POST.get('client_secret')
if not refresh_token:
return self.error('invalid_request')
# TODO(dcramer): support scope
if scope:
return self.error('invalid_request')
if not client_id:
return self.error('invalid_client')
if not client_secret:
return self.error('invalid_client')
try:
application = ApiApplication.objects.get(
client_id=client_id,
status=ApiApplicationStatus.active,
)
except ApiApplication.DoesNotExist:
return self.error('invalid_client')
if not constant_time_compare(client_secret, application.client_secret):
return self.error('invalid_client')
try:
token = ApiToken.objects.get(
application=application,
refresh_token=refresh_token,
)
except ApiToken.DoesNotExist:
return self.error('invalid_grant')
token.refresh()
else:
return self.error('unsupported_grant_type')
return HttpResponse(
json.dumps(
{
'access_token': token.token,
'refresh_token': token.refresh_token,
'expires_in': (timezone.now() - token.expires_at).total_seconds(),
'expires_at': token.expires_at,
'token_type': 'bearer',
'scope': ' '.join(token.get_scopes()), # NOQA
'user': {
'id': six.text_type(token.user.id),
# we might need these to become scope based
'name': token.user.name,
'email': token.user.email,
},
}
),
content_type='application/json'
)
def post(self, request):
grant_type = request.POST.get("grant_type")
if grant_type == "authorization_code":
client_id = request.POST.get("client_id")
redirect_uri = request.POST.get("redirect_uri")
code = request.POST.get("code")
if not client_id:
return self.error(request, "invalid_client",
"missing client_id")
try:
application = ApiApplication.objects.get(
client_id=client_id, status=ApiApplicationStatus.active)
except ApiApplication.DoesNotExist:
return self.error(request, "invalid_client",
"invalid client_id")
try:
grant = ApiGrant.objects.get(application=application,
code=code)
except ApiGrant.DoesNotExist:
return self.error(request, "invalid_grant", "invalid grant")
if grant.is_expired():
return self.error(request, "invalid_grant", "grant expired")
if not redirect_uri:
redirect_uri = application.get_default_redirect_uri()
elif grant.redirect_uri != redirect_uri:
return self.error(request, "invalid_grant",
"invalid redirect_uri")
token = ApiToken.from_grant(grant)
elif grant_type == "refresh_token":
refresh_token = request.POST.get("refresh_token")
scope = request.POST.get("scope")
client_id = request.POST.get("client_id")
if not refresh_token:
return self.error(request, "invalid_request")
# TODO(dcramer): support scope
if scope:
return self.error(request, "invalid_request")
if not client_id:
return self.error(request, "invalid_client",
"missing client_id")
try:
application = ApiApplication.objects.get(
client_id=client_id, status=ApiApplicationStatus.active)
except ApiApplication.DoesNotExist:
return self.error(request, "invalid_client",
"invalid client_id")
try:
token = ApiToken.objects.get(application=application,
refresh_token=refresh_token)
except ApiToken.DoesNotExist:
return self.error(request, "invalid_grant", "invalid token")
token.refresh()
else:
return self.error(request, "unsupported_grant_type")
return HttpResponse(
json.dumps({
"access_token":
token.token,
"refresh_token":
token.refresh_token,
"expires_in":
int((token.expires_at - timezone.now()).total_seconds())
if token.expires_at else None,
"expires_at":
token.expires_at,
"token_type":
"bearer",
"scope":
" ".join(token.get_scopes()), # NOQA
"user": {
"id": six.text_type(token.user.id),
# we might need these to become scope based
"name": token.user.name,
"email": token.user.email,
},
}),
content_type="application/json",
)
def post(self, request):
grant_type = request.POST.get('grant_type')
if grant_type == 'authorization_code':
client_id = request.POST.get('client_id')
client_secret = request.POST.get('client_secret')
redirect_uri = request.POST.get('redirect_uri')
code = request.POST.get('code')
if not client_id:
return self.error('invalid_client')
if not client_secret:
return self.error('invalid_client')
try:
application = ApiApplication.objects.get(
client_id=client_id,
status=ApiApplicationStatus.active,
)
except ApiApplication.DoesNotExist:
return self.error('invalid_client')
if not constant_time_compare(client_secret, application.client_secret):
return self.error('invalid_client')
try:
grant = ApiGrant.objects.get(application=application, code=code)
except ApiGrant.DoesNotExist:
return self.error('invalid_grant')
if grant.is_expired():
return self.error('invalid_grant')
if not redirect_uri:
redirect_uri = application.get_default_redirect_uri()
elif grant.redirect_uri != redirect_uri:
return self.error('invalid_grant')
token = ApiToken.from_grant(grant)
elif grant_type == 'refresh_token':
refresh_token = request.POST.get('refresh_token')
scope = request.POST.get('scope')
client_id = request.POST.get('client_id')
client_secret = request.POST.get('client_secret')
if not refresh_token:
return self.error('invalid_request')
# TODO(dcramer): support scope
if scope:
return self.error('invalid_request')
if not client_id:
return self.error('invalid_client')
if not client_secret:
return self.error('invalid_client')
try:
application = ApiApplication.objects.get(
client_id=client_id,
status=ApiApplicationStatus.active,
)
except ApiApplication.DoesNotExist:
return self.error('invalid_client')
if not constant_time_compare(client_secret, application.client_secret):
return self.error('invalid_client')
try:
token = ApiToken.objects.get(
application=application,
refresh_token=refresh_token,
)
except ApiToken.DoesNotExist:
return self.error('invalid_grant')
token.refresh()
else:
return self.error('unsupported_grant_type')
return HttpResponse(json.dumps({
'access_token': token.token,
'refresh_token': token.refresh_token,
'expires_in': (timezone.now() - token.expires_at).total_seconds(),
'expires_at': token.expires_at,
'token_type': 'bearer',
'scope': ' '.join(token.get_scopes()), # NOQA
'user': {
'id': six.text_type(token.user.id),
# we might need these to become scope based
'name': token.user.name,
'email': token.user.email,
},
}), content_type='application/json')