Ejemplo n.º 1
0
    def __init__(self, oauth_validator, user_svc, domain):
        self.oauth_validator = oauth_validator

        auth_code_grant = AuthorizationCodeGrant(oauth_validator)
        jwt_auth_grant = JWTAuthorizationGrant(oauth_validator, user_svc,
                                               domain)
        refresh_grant = RefreshTokenGrant(oauth_validator)

        refresh_grant.custom_validators.pre_token.append(
            self.load_client_id_from_refresh_token)

        bearer = BearerToken(
            oauth_validator,
            token_generator=self.generate_access_token,
            expires_in=ACCESS_TOKEN_TTL,
            refresh_token_generator=self.generate_refresh_token,
            refresh_token_expires_in=REFRESH_TOKEN_TTL)

        AuthorizationEndpoint.__init__(
            self,
            default_response_type='code',
            response_types={'code': auth_code_grant},
            default_token_type=bearer)
        TokenEndpoint.__init__(
            self,
            default_grant_type='authorization_code',
            grant_types={
                'authorization_code': auth_code_grant,
                'refresh_token': refresh_grant,
                'urn:ietf:params:oauth:grant-type:jwt-bearer': jwt_auth_grant,
            },
            default_token_type=bearer)
        RevocationEndpoint.__init__(self, oauth_validator)
Ejemplo n.º 2
0
    def __init__(self, oauth_validator, user_svc, domain):
        self.oauth_validator = oauth_validator

        auth_code_grant = AuthorizationCodeGrant(oauth_validator)
        jwt_auth_grant = JWTAuthorizationGrant(oauth_validator, user_svc, domain)
        refresh_grant = RefreshTokenGrant(oauth_validator)

        refresh_grant.custom_validators.pre_token.append(self.load_client_id_from_refresh_token)

        bearer = BearerToken(oauth_validator,
                             token_generator=self.generate_access_token,
                             expires_in=ACCESS_TOKEN_TTL,
                             refresh_token_generator=self.generate_refresh_token,
                             refresh_token_expires_in=REFRESH_TOKEN_TTL)

        AuthorizationEndpoint.__init__(self,
                                       default_response_type='code',
                                       response_types={'code': auth_code_grant},
                                       default_token_type=bearer)
        TokenEndpoint.__init__(self, default_grant_type='authorization_code',
                               grant_types={
                                   'authorization_code': auth_code_grant,
                                   'refresh_token': refresh_grant,
                                   'urn:ietf:params:oauth:grant-type:jwt-bearer': jwt_auth_grant,
                               },
                               default_token_type=bearer)
        RevocationEndpoint.__init__(self, oauth_validator)
Ejemplo n.º 3
0
    def __init__(self,
                 request_validator,
                 token_expires_in=None,
                 token_generator=None,
                 refresh_token_generator=None,
                 *args,
                 **kwargs):
        """Construct a new all-grants-in-one server.

        :param request_validator: An implementation of
                                  oauthlib.oauth2.RequestValidator.
        :param token_expires_in: An int or a function to generate a token
                                 expiration offset (in seconds) given a
                                 oauthlib.common.Request object.
        :param token_generator: A function to generate a token from a request.
        :param refresh_token_generator: A function to generate a token from a
                                        request for the refresh token.
        :param kwargs: Extra parameters to pass to authorization-,
                       token-, resource-, and revocation-endpoint constructors.
        """
        auth_grant = AuthorizationCodeGrant(request_validator)
        implicit_grant = ImplicitGrant(request_validator)
        password_grant = ResourceOwnerPasswordCredentialsGrant(
            request_validator)
        facebook_grant = FacebookGrant(request_validator)
        credentials_grant = ClientCredentialsGrant(request_validator)
        refresh_grant = RefreshTokenGrant(request_validator)
        bearer = BearerToken(request_validator, token_generator,
                             token_expires_in, refresh_token_generator)
        AuthorizationEndpoint.__init__(self,
                                       default_response_type='code',
                                       response_types={
                                           'code': auth_grant,
                                           'token': implicit_grant,
                                       },
                                       default_token_type=bearer)
        TokenEndpoint.__init__(self,
                               default_grant_type='authorization_code',
                               grant_types={
                                   'authorization_code': auth_grant,
                                   'password': password_grant,
                                   'facebook': facebook_grant,
                                   'client_credentials': credentials_grant,
                                   'refresh_token': refresh_grant,
                               },
                               default_token_type=bearer)
        ResourceEndpoint.__init__(self,
                                  default_token='Bearer',
                                  token_types={'Bearer': bearer})
        RevocationEndpoint.__init__(self, request_validator)
Ejemplo n.º 4
0
 def test_token_endpoint(self):
     endpoint = TokenEndpoint(None, None, grant_types={"password": None})
     metadata = MetadataEndpoint([endpoint], {
         "issuer": 'https://foo.bar',
         "token_endpoint": "https://foo.bar/token"
     })
     self.assertIn("grant_types_supported", metadata.claims)
     self.assertEqual(metadata.claims["grant_types_supported"],
                      ["password"])
Ejemplo n.º 5
0
    def __init__(self, request_validator, token_expires_in=None,
                 token_generator=None, refresh_token_generator=None,
                 *args, **kwargs):
        """Construct a new all-grants-in-one server.

        :param request_validator: An implementation of
                                  oauthlib.oauth2.RequestValidator.
        :param token_expires_in: An int or a function to generate a token
                                 expiration offset (in seconds) given a
                                 oauthlib.common.Request object.
        :param token_generator: A function to generate a token from a request.
        :param refresh_token_generator: A function to generate a token from a
                                        request for the refresh token.
        :param kwargs: Extra parameters to pass to authorization-,
                       token-, resource-, and revocation-endpoint constructors.
        """
        auth_grant = AuthorizationCodeGrant(request_validator)
        implicit_grant = ImplicitGrant(request_validator)
        password_grant = ResourceOwnerPasswordCredentialsGrant(
            request_validator)
        facebook_grant = FacebookGrant(request_validator)
        credentials_grant = ClientCredentialsGrant(request_validator)
        refresh_grant = RefreshTokenGrant(request_validator)
        bearer = BearerToken(request_validator, token_generator,
                             token_expires_in, refresh_token_generator)
        AuthorizationEndpoint.__init__(self, default_response_type='code',
                                       response_types={
                                           'code': auth_grant,
                                           'token': implicit_grant,
                                       },
                                       default_token_type=bearer)
        TokenEndpoint.__init__(self, default_grant_type='authorization_code',
                               grant_types={
                                   'authorization_code': auth_grant,
                                   'password': password_grant,
                                   'facebook': facebook_grant,
                                   'client_credentials': credentials_grant,
                                   'refresh_token': refresh_grant,
                               },
                               default_token_type=bearer)
        ResourceEndpoint.__init__(self, default_token='Bearer',
                                  token_types={'Bearer': bearer})
        RevocationEndpoint.__init__(self, request_validator)
Ejemplo n.º 6
0
 def test_create_metadata_response(self):
     endpoint = TokenEndpoint(None, None, grant_types={"password": None})
     metadata = MetadataEndpoint([endpoint], {
         "issuer": 'https://foo.bar',
         "token_endpoint": "https://foo.bar/token"
     })
     headers, body, status = metadata.create_metadata_response('/', 'GET')
     assert headers == {
         'Content-Type': 'application/json',
         'Access-Control-Allow-Origin': '*',
     }
     claims = json.loads(body)
     assert claims['issuer'] == 'https://foo.bar'
Ejemplo n.º 7
0
    def __init__(self, request_validator, token_expires_in=None,
                 token_generator=None, refresh_token_generator=None,
                 *args, **kwargs):
        """Construct a new all-grants-in-one server.

        :param request_validator: An implementation of
                                  oauthlib.oauth2.RequestValidator.
        :param token_expires_in: An int or a function to generate a token
                                 expiration offset (in seconds) given a
                                 oauthlib.common.Request object.
        :param token_generator: A function to generate a token from a request.
        :param refresh_token_generator: A function to generate a token from a
                                        request for the refresh token.
        :param kwargs: Extra parameters to pass to authorization-,
                       token-, resource-, and revocation-endpoint constructors.
        """
        auth_grant = AuthorizationCodeGrant(request_validator)
        implicit_grant = ImplicitGrant(request_validator)
        password_grant = ResourceOwnerPasswordCredentialsGrant(
                request_validator)
        credentials_grant = ClientCredentialsGrant(request_validator)
        refresh_grant = RefreshTokenGrant(request_validator)
        openid_connect_auth = OpenIDConnectAuthCode(request_validator)
        openid_connect_implicit = OpenIDConnectImplicit(request_validator)

        bearer = BearerToken(request_validator, token_generator,
                             token_expires_in, refresh_token_generator)

        auth_grant_choice = AuthCodeGrantDispatcher(
            default_auth_grant=auth_grant,
            oidc_auth_grant=openid_connect_auth)

        # See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations for valid combinations  # noqa
        # internally our AuthorizationEndpoint will ensure they can appear in any order for any valid combination  # noqa
        AuthorizationEndpoint.__init__(
            self,
            default_response_type='code',
            response_types={
                'code': auth_grant_choice,
                'token': implicit_grant,
                'id_token': openid_connect_implicit,
                'id_token token': openid_connect_implicit,
                'code token': openid_connect_auth,
                'code id_token': openid_connect_auth,
                'code token id_token': openid_connect_auth,
                'none': auth_grant
            },
            default_token_type=bearer)
        TokenEndpoint.__init__(
            self,
            default_grant_type='authorization_code',
            grant_types={
                    'authorization_code': openid_connect_auth,
                    'password': password_grant,
                    'client_credentials': credentials_grant,
                    'refresh_token': refresh_grant,
                    'openid': openid_connect_auth
            },
            default_token_type=bearer)
        ResourceEndpoint.__init__(
            self,
            default_token='Bearer',
            token_types={'Bearer': bearer})
        RevocationEndpoint.__init__(self, request_validator)