def config_oauth(app):
auth_server.init_app(app,
query_client=query_client,
save_token=save_token_to_db_and_redis)
# support all grants
auth_server.register_grant(grants.ImplicitGrant)
auth_server.register_grant(grants.ClientCredentialsGrant)
auth_server.register_grant(AuthorizationCodeGrant)
auth_server.register_grant(RefreshTokenGrant)
auth_server.redis_client = redis.Redis.from_url(app.config['REDIS_URI'],
decode_responses=True)
permission.deps.init_redis(auth_server.redis_client)
# support revocation
SQLARevocationEndpoint = create_revocation_endpoint(
db.session, OAuth2Token)
class RedisRevocationEndpoint(SQLARevocationEndpoint):
def revoke_token(self, token):
super().revoke_token(token)
auth_server.redis_client.delete('token:{}'.format(
token.access_token))
auth_server.register_endpoint(RedisRevocationEndpoint)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def init_oauth(app):
"""OAuth配置app"""
# 认证服务器的配置
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all grants
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant) # 注册 code 授权
authorization.register_grant(PasswordGrant) # 注册密码授权
authorization.register_grant(RefreshTokenGrant) # 注册 refresh token 授权
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# 资源服务器的配置
# protect resource
# only bearer token is supported currently
require_oauth.register_token_validator(MyBearerTokenValidator())
def config_oauth(app):
authorization.init_app(app, query_client=query_client,
save_token=save_token)
authorization.register_grant(PasswordGrant)
revocation_cls = create_revocation_endpoint(db.session, Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
revocation_cls = create_revocation_endpoint(db.session, Token)
authorization.register_endpoint(revocation_cls)
bearer_cls = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(bearer_cls())
def init_app(app):
server.init_app(app)
# register it to grant endpoint
server.register_grant(grants.ImplicitGrant)
server.register_grant(AuthorizationCodeGrant)
server.register_grant(grants.ClientCredentialsGrant)
server.register_grant(PasswordGrant)
server.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, Token)
server.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
# support all grants
# authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
# support all grants
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
# all grant types
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
# custom grants
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# revocations
revocation_class = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_class)
bearer_class = create_bearer_token_validator(db.session, OAuth2Token)
# make sure to instantiate bearer object instance
require_oauth.register_token_validator(bearer_class())
def config_oauth(app):
"""OAuth配置app"""
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all grants
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def init_app(self, app, query_client=None, save_token=None):
from app.extensions import db
if query_client is None:
query_client = create_query_client_func(db.session, OAuth2Client)
if save_token is None:
save_token = create_save_token_func(db.session, OAuth2Token)
super().init_app(app, query_client=query_client, save_token=save_token)
# support all grants
self.register_grant(grants.ImplicitGrant)
self.register_grant(grants.ClientCredentialsGrant)
self.register_grant(AuthorizationCodeGrant)
self.register_grant(PasswordGrant)
self.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
self.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
OAuth2ResourceProtector.register_token_validator(bearer_cls())
self._require_oauth = OAuth2ResourceProtector()
from flask import json
from authlib.flask.oauth2.sqla import create_revocation_endpoint
from .oauth2_server import db, User, Client, Token
from .oauth2_server import TestCase
from .oauth2_server import create_authorization_server
RevocationEndpoint = create_revocation_endpoint(db.session, Token)
class RevokeTokenTest(TestCase):
def prepare_data(self):
server = create_authorization_server(self.app)
server.register_endpoint(RevocationEndpoint)
user = User(username='******')
db.session.add(user)
db.session.commit()
client = Client(
user_id=user.id,
client_id='revoke-client',
client_secret='revoke-secret',
redirect_uri='http://localhost/authorized',
scope='profile',
)
db.session.add(client)
db.session.commit()
def create_token(self):
token = Token(
user_id=1,
client_id='revoke-client',
#def query_client(client_id):
# return Client.query.filter_by(client_id=client_id).first()
def save_token(token, request):
authCode = AuthorizationCode.query.filter_by(
code=request.code, client_id=request.client.client_id).first()
print(authCode)
if authCode and not authCode.is_expired():
payment_agreement = PaymentAgreement.query.filter_by(
user_id=authCode.user_id, client_id=authCode.client_id).first()
item = Token(client_id=authCode.client_id,
user_id=authCode.user_id,
payment_agreement_id=payment_agreement.id,
**token)
db.session.add(item)
db.session.commit()
#Registering grants
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, Token)
authorization.register_endpoint(revocation_cls)
#Resourse Protector
bearer_cls = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(bearer_cls())
