def _auth_none(auth, req):
if req.method == 'GET':
req.url = add_params_to_qs(req.url, [('client_id', auth.client_id)])
elif req.method == 'POST':
req.body = add_params_to_qs(req.body or '',
[('client_id', auth.client_id)])
return req
def encode_client_secret_post(client, method, uri, headers, body):
body = add_params_to_qs(body or '',
[('client_id', client.client_id),
('client_secret', client.client_secret or '')])
if 'Content-Length' in headers:
headers['Content-Length'] = str(len(body))
return uri, headers, body
def add_to_body(token, body=None):
"""Add a Bearer Token to the request body.
access_token=h480djs93hd8
"""
if body is None:
body = ''
return add_params_to_qs(body, [('access_token', token)])
def encode_none(client, method, uri, headers, body):
if method == 'GET':
uri = add_params_to_uri(uri, [('client_id', client.client_id)])
return uri, headers, body
body = add_params_to_qs(body, [('client_id', client.client_id)])
if 'Content-Length' in headers:
headers['Content-Length'] = str(len(body))
return uri, headers, body
def keycloak_revoke_token_fix(url, headers, body):
""" Fix keycloak compliance issues """
params = extract_params(body)
# the function prepare_revoke_token_request in authlib places the token as
# the first param, so just pop it and rename it. keycloak does not conform
# to rfc7009 and instead names the parameter "refresh_token", so we need to
# change that here
params.insert(0, ("refresh_token", params.pop(0)[1]))
return url, headers, add_params_to_qs("", params)
def __call__(self, auth, method, uri, headers, body):
token_endpoint = self.token_endpoint
if not token_endpoint:
token_endpoint = uri
client_assertion = self.sign(auth, token_endpoint)
body = add_params_to_qs(body or '',
[('client_assertion_type', ASSERTION_TYPE),
('client_assertion', client_assertion)])
return uri, headers, body
def _auth(client, req):
if token_url:
_url = token_url
else:
_url = req.url
client_assertion = func(client.client_secret,
client_id=client.client_id,
token_url=_url,
**kwargs)
req.body = add_params_to_qs(req.body or '',
[('client_assertion_type', ASSERTION_TYPE),
('client_assertion', client_assertion)])
return req
def _auth(client, method, uri, headers, body):
if token_url:
_url = token_url
else:
_url = uri
client_assertion = func(
client.client_secret,
client_id=client.client_id,
token_url=_url,
**kwargs
)
body = add_params_to_qs(body or '', [
('client_assertion_type', ASSERTION_TYPE),
('client_assertion', client_assertion)
])
return uri, headers, body
def prepare_token_request(grant_type, body='', redirect_uri=None, **kwargs):
"""Prepare the access token request. Per `Section 4.1.3`_.
The client makes a request to the token endpoint by adding the
following parameters using the ``application/x-www-form-urlencoded``
format in the HTTP request entity-body:
:param grant_type: To indicate grant type being used, i.e. "password",
"authorization_code" or "client_credentials".
:param body: Existing request body to embed parameters in.
:param redirect_uri: If the "redirect_uri" parameter was included in the
authorization request as described in
`Section 4.1.1`_, and their values MUST be identical.
:param kwargs: Extra arguments to embed in the request body.
An example of an authorization code token request body::
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
.. _`Section 4.1.1`: http://tools.ietf.org/html/rfc6749#section-4.1.1
.. _`Section 4.1.3`: https://tools.ietf.org/html/rfc6749#section-4.1.3
"""
params = [('grant_type', grant_type)]
if redirect_uri:
params.append(('redirect_uri', redirect_uri))
if 'scope' in kwargs:
kwargs['scope'] = list_to_scope(kwargs['scope'])
if grant_type == 'authorization_code' and 'code' not in kwargs:
raise MissingCodeError()
for k in kwargs:
if kwargs[k]:
params.append((to_unicode(k), kwargs[k]))
return add_params_to_qs(body, params)
def prepare_revoke_token_request(token,
token_type_hint=None,
body=None,
headers=None):
"""Construct request body and headers for revocation endpoint.
:param token: access_token or refresh_token string.
:param token_type_hint: Optional, `access_token` or `refresh_token`.
:param body: current request body.
:param headers: current request headers.
:return: tuple of (body, headers)
https://tools.ietf.org/html/rfc7009#section-2.1
"""
params = [('token', token)]
if token_type_hint:
params.append(('token_type_hint', token_type_hint))
body = add_params_to_qs(body or '', params)
if headers is None:
headers = {}
headers['Content-Type'] = 'application/x-www-form-urlencoded'
return body, headers
def _auth_client_secret_post(auth, req):
req.body = add_params_to_qs(req.body or '',
[('client_id', auth.client_id),
('client_secret', auth.client_secret or '')])
return req
def encode_none(client, method, uri, headers, body):
if method == 'GET':
uri = add_params_to_qs(uri, [('client_id', client.client_id)])
return uri, headers, body
body = add_params_to_qs(body, [('client_id', client.client_id)])
return uri, headers, body
def encode_client_secret_post(client, method, uri, headers, body):
body = add_params_to_qs(body or '',
[('client_id', client.client_id),
('client_secret', client.client_secret or '')])
return uri, headers, body
