def post(self): """POST action to authorize the Client Application. To authorize will be send a POST with 'grant' parameter set to true, to deny 'parameter' set to false.""" grant = self.get_argument("grant") client_id = self.get_argument("client_id") response_type = self.get_argument("response_type") redirect_uri = self.get_argument("redirect_uri") scope = self.get_argument("scope") # the client send correct paramenters, we need to check if the client id exist and we # create the relation between the user-agent and the client if grant == "true": try: #check if the client exist client = Client() exist = client.get(client_id=client_id) if exist['redirect_uri'] != redirect_uri: #have an error, return a 403 raise tornado.web.HTTPError(403,"redirect uri problem") except ObjectDoesNotExist, e: raise tornado.web.HTTPError(403,"the client id not correspond to any Client") grant = Grant() try: #we accept the grant for the user grant.is_already_authorized(client_id,self.get_current_user()) grant.update(client_id,self.get_current_user()) except ObjectDoesNotExist, e: grant.add(client_id,self.get_current_user())