def config_oauth(app):
authorization.init_app(
app,
query_client=query_client,
save_token=save_token
)
# support all grants
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant, [
CodeChallenge(required=True),
OpenIDCode(require_nonce=True)
])
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
authorization.register_grant(OpenIDImplicitGrant)
authorization.register_grant(OpenIDHybridGrant)
# OAuth2 server configurations
with app.app_context():
AuthorizationCodeGrant.TOKEN_ENDPOINT_AUTH_METHODS = app.config.get('TOKEN_ENDPOINT_AUTH_METHODS', [])
RefreshTokenGrant.INCLUDE_NEW_REFRESH_TOKEN = app.config.get('INCLUDE_NEW_REFRESH_TOKEN', False)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
def config_oauth(app):
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all openid grants
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(require_nonce=True),
])
#authorization.register_grant(ImplicitGrant)
#authorization.register_grant(OpenIDImplicitGrant)
#authorization.register_grant(HybridGrant)
#authorization.register_grant(grants.ClientCredentialsGrant)
#authorization.register_grant(RefreshTokenGrant)
#authorization.register_grant(PasswordGrant)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
def configure_oauth(app):
authorization.init_app(app)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(RefreshTokenGrant)
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
authorization.register_grant(AuthorizationCodeGrant,
[CodeChallenge(required=True)])
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant,
[CodeChallenge(required=True)])
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
revocation_cls = create_revocation_endpoint(db.session, OAuth2TokenModel)
authorization.register_endpoint(revocation_cls)
bearer_cls = create_bearer_token_validator(db.session, OAuth2TokenModel)
require_oauth.register_token_validator(bearer_cls())
def configOauth2(app):
authorization.init_app(app)
# support all grants
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
authorization.register_client_auth_method(
'client_secret_json', authenticate_client_secret_json)
# supported grant types
authorization.register_grant(ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=False)])
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all grants
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant,
[CodeChallenge(required=True)])
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
'''Setup the application configuration'''
query_client = create_query_client_func(db, OAuth2Client)
save_token = create_save_token_func(db, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(require_nonce=True),
])
authorization.register_grant(RefreshTokenGrant)
authorization.register_endpoint(IntrospectionEndpoint)
revocation_cls = create_revocation_endpoint(db, OAuth2Token)
authorization.register_endpoint(revocation_cls)
bearer_cls = create_bearer_token_validator(db, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app, url_prefix="/oauth"):
authorization.init_app(app)
# support all grants
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
# main
app.register_blueprint(bp, url_prefix=url_prefix)
from flask import json
from authlib.integrations.sqla_oauth2 import create_revocation_endpoint
from .models import db, User, Client, Token
from .oauth2_server import TestCase
from .oauth2_server import create_authorization_server
RevocationEndpoint = create_revocation_endpoint(db.session, Token)
class RevokeTokenTest(TestCase):
def prepare_data(self):
app = self.app
server = create_authorization_server(app)
server.register_endpoint(RevocationEndpoint)
@app.route('/oauth/revoke', methods=['POST'])
def revoke_token():
return server.create_endpoint_response('revocation')
user = User(username='******')
db.session.add(user)
db.session.commit()
client = Client(
user_id=user.id,
client_id='revoke-client',
client_secret='revoke-secret',
)
client.set_client_metadata({
'scope': 'profile',
'redirect_uris': ['http://localhost/authorized'],
credential.revoked = True
db.session.add(credential)
db.session.commit()
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization = AuthorizationServer(
query_client=query_client,
save_token=save_token,
)
require_oauth = ResourceProtector()
authorization.init_app(app)
# support all grants
# authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant,
[CodeChallenge(required=True)])
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
from fastapi import Request, Form
from authlib.integrations.sqla_oauth2 import create_revocation_endpoint
from .models import db, User, Client, Token
from .oauth2_server import TestCase
from .oauth2_server import create_authorization_server
RevocationEndpoint = create_revocation_endpoint(db, Token)
class RevokeTokenTest(TestCase):
def prepare_data(self):
app = self.app
server = create_authorization_server(app)
server.register_endpoint(RevocationEndpoint)
@app.post('/oauth/revoke')
def revoke_token(request: Request,
token: str = Form(None),
token_type_hint: str = Form(None)):
request.body = {}
if token:
request.body.update({'token': token})
if token_type_hint:
request.body.update({'token_type_hint': token_type_hint})
return server.create_endpoint_response('revocation',
request=request)
user = User(username='******')
db.add(user)
db.commit()
client = Client(
