def config_oauth(app):
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all openid grants
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(require_nonce=True),
])
#authorization.register_grant(ImplicitGrant)
#authorization.register_grant(OpenIDImplicitGrant)
#authorization.register_grant(HybridGrant)
#authorization.register_grant(grants.ClientCredentialsGrant)
#authorization.register_grant(RefreshTokenGrant)
#authorization.register_grant(PasswordGrant)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
def configure_oauth(app):
authorization.init_app(app)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(RefreshTokenGrant)
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
authorization.register_grant(AuthorizationCodeGrant,
[CodeChallenge(required=True)])
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant,
[CodeChallenge(required=True)])
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
revocation_cls = create_revocation_endpoint(db.session, OAuth2TokenModel)
authorization.register_endpoint(revocation_cls)
bearer_cls = create_bearer_token_validator(db.session, OAuth2TokenModel)
require_oauth.register_token_validator(bearer_cls())
def configOauth2(app):
authorization.init_app(app)
# support all grants
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
authorization.register_client_auth_method(
'client_secret_json', authenticate_client_secret_json)
# supported grant types
authorization.register_grant(ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=False)])
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all openid grants
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(require_nonce=True),
])
authorization.register_grant(ImplicitGrant)
authorization.register_grant(HybridGrant)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all grants
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant,
[CodeChallenge(required=True)])
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
'''Setup the application configuration'''
query_client = create_query_client_func(db, OAuth2Client)
save_token = create_save_token_func(db, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(require_nonce=True),
])
authorization.register_grant(RefreshTokenGrant)
authorization.register_endpoint(IntrospectionEndpoint)
revocation_cls = create_revocation_endpoint(db, OAuth2Token)
authorization.register_endpoint(revocation_cls)
bearer_cls = create_bearer_token_validator(db, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
require_oauth = ResourceProtector()
authorization = AuthorizationServer()
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all openid grants
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(require_nonce=True, **app.config['OAUTH_JWT_CONFIG']),
])
authorization.register_grant(HybridGrant)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
register_as_extension(app, 'authorization', authorization)
register_as_extension(app, 'require_oauth', require_oauth)
def config_oauth(app):
"""
configure all grants we have (namely open id and oauth2) in authlib
"""
query_client = create_query_client_func(database.session, OAuth2Client)
save_token = create_save_token_func(database.session, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all openid grants
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(),
])
authorization.register_grant(ImplicitGrant)
authorization.register_grant(HybridGrant)
# protect resource
bearer_cls = create_bearer_token_validator(database.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app, url_prefix="/oauth"):
authorization.init_app(app)
# support all grants
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
# main
app.register_blueprint(bp, url_prefix=url_prefix)
def config_oauth(app):
"""Initialize authorization server, and register suportted authorization grant types
For more information, please refer to https://docs.authlib.org/en/latest/flask/2/authorization-server.html#server
"""
query_client = create_query_client_func(auth_db.session, OAuth2Client)
save_token = save_token = create_save_token_func(auth_db.session,
OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# Register Authorization code grant types
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(require_nonce=False),
])
# protect resource
bearer_cls = create_bearer_token_validator(auth_db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
from flask import json, jsonify
from authlib.integrations.flask_oauth2 import ResourceProtector, current_token
from authlib.integrations.sqla_oauth2 import create_bearer_token_validator
from .models import db, User, Client, Token
from .oauth2_server import TestCase
from .oauth2_server import create_authorization_server
require_oauth = ResourceProtector()
BearerTokenValidator = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(BearerTokenValidator())
def create_resource_server(app):
@app.route('/user')
@require_oauth('profile')
def user_profile():
user = current_token.user
return jsonify(id=user.id, username=user.username)
@app.route('/user/email')
@require_oauth('email')
def user_email():
user = current_token.user
return jsonify(email=user.username + '@example.com')
@app.route('/info')
@require_oauth()
def public_info():
return jsonify(status='ok')
@app.route('/operator-and')
credential.revoked = True
db.session.add(credential)
db.session.commit()
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization = AuthorizationServer(
query_client=query_client,
save_token=save_token,
)
require_oauth = ResourceProtector()
authorization.init_app(app)
# support all grants
# authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant,
[CodeChallenge(required=True)])
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
from authlib.integrations.fastapi_oauth2 import ResourceProtector
from authlib.integrations.sqla_oauth2 import create_bearer_token_validator
from fastapi import Request
from .models import Client, Token, User, db
from .oauth2_server import TestCase, create_authorization_server
require_oauth = ResourceProtector()
BearerTokenValidator = create_bearer_token_validator(db, Token)
require_oauth.register_token_validator(BearerTokenValidator())
def create_resource_server(app):
@app.get("/user")
@require_oauth(["profile"])
def user_profile(request: Request):
user = request.state.token.user
return {"id": user.id, "username": user.username}
@app.get("/user/email")
@require_oauth("email")
def user_email(request: Request):
pass
@app.get("/info")
@require_oauth()
def public_info(request: Request):
return {"status": "ok"}
@app.get("/operator-and")
@require_oauth(["profile email"])
