def _auth_none(auth, req): if req.method == 'GET': req.url = add_params_to_qs(req.url, [('client_id', auth.client_id)]) elif req.method == 'POST': req.body = add_params_to_qs(req.body or '', [('client_id', auth.client_id)]) return req
def encode_client_secret_post(client, method, uri, headers, body): body = add_params_to_qs(body or '', [('client_id', client.client_id), ('client_secret', client.client_secret or '')]) if 'Content-Length' in headers: headers['Content-Length'] = str(len(body)) return uri, headers, body
def add_to_body(token, body=None): """Add a Bearer Token to the request body. access_token=h480djs93hd8 """ if body is None: body = '' return add_params_to_qs(body, [('access_token', token)])
def encode_none(client, method, uri, headers, body): if method == 'GET': uri = add_params_to_uri(uri, [('client_id', client.client_id)]) return uri, headers, body body = add_params_to_qs(body, [('client_id', client.client_id)]) if 'Content-Length' in headers: headers['Content-Length'] = str(len(body)) return uri, headers, body
def keycloak_revoke_token_fix(url, headers, body): """ Fix keycloak compliance issues """ params = extract_params(body) # the function prepare_revoke_token_request in authlib places the token as # the first param, so just pop it and rename it. keycloak does not conform # to rfc7009 and instead names the parameter "refresh_token", so we need to # change that here params.insert(0, ("refresh_token", params.pop(0)[1])) return url, headers, add_params_to_qs("", params)
def __call__(self, auth, method, uri, headers, body): token_endpoint = self.token_endpoint if not token_endpoint: token_endpoint = uri client_assertion = self.sign(auth, token_endpoint) body = add_params_to_qs(body or '', [('client_assertion_type', ASSERTION_TYPE), ('client_assertion', client_assertion)]) return uri, headers, body
def _auth(client, req): if token_url: _url = token_url else: _url = req.url client_assertion = func(client.client_secret, client_id=client.client_id, token_url=_url, **kwargs) req.body = add_params_to_qs(req.body or '', [('client_assertion_type', ASSERTION_TYPE), ('client_assertion', client_assertion)]) return req
def _auth(client, method, uri, headers, body): if token_url: _url = token_url else: _url = uri client_assertion = func( client.client_secret, client_id=client.client_id, token_url=_url, **kwargs ) body = add_params_to_qs(body or '', [ ('client_assertion_type', ASSERTION_TYPE), ('client_assertion', client_assertion) ]) return uri, headers, body
def prepare_token_request(grant_type, body='', redirect_uri=None, **kwargs): """Prepare the access token request. Per `Section 4.1.3`_. The client makes a request to the token endpoint by adding the following parameters using the ``application/x-www-form-urlencoded`` format in the HTTP request entity-body: :param grant_type: To indicate grant type being used, i.e. "password", "authorization_code" or "client_credentials". :param body: Existing request body to embed parameters in. :param redirect_uri: If the "redirect_uri" parameter was included in the authorization request as described in `Section 4.1.1`_, and their values MUST be identical. :param kwargs: Extra arguments to embed in the request body. An example of an authorization code token request body:: grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb .. _`Section 4.1.1`: http://tools.ietf.org/html/rfc6749#section-4.1.1 .. _`Section 4.1.3`: https://tools.ietf.org/html/rfc6749#section-4.1.3 """ params = [('grant_type', grant_type)] if redirect_uri: params.append(('redirect_uri', redirect_uri)) if 'scope' in kwargs: kwargs['scope'] = list_to_scope(kwargs['scope']) if grant_type == 'authorization_code' and 'code' not in kwargs: raise MissingCodeError() for k in kwargs: if kwargs[k]: params.append((to_unicode(k), kwargs[k])) return add_params_to_qs(body, params)
def prepare_revoke_token_request(token, token_type_hint=None, body=None, headers=None): """Construct request body and headers for revocation endpoint. :param token: access_token or refresh_token string. :param token_type_hint: Optional, `access_token` or `refresh_token`. :param body: current request body. :param headers: current request headers. :return: tuple of (body, headers) https://tools.ietf.org/html/rfc7009#section-2.1 """ params = [('token', token)] if token_type_hint: params.append(('token_type_hint', token_type_hint)) body = add_params_to_qs(body or '', params) if headers is None: headers = {} headers['Content-Type'] = 'application/x-www-form-urlencoded' return body, headers
def _auth_client_secret_post(auth, req): req.body = add_params_to_qs(req.body or '', [('client_id', auth.client_id), ('client_secret', auth.client_secret or '')]) return req
def encode_none(client, method, uri, headers, body): if method == 'GET': uri = add_params_to_qs(uri, [('client_id', client.client_id)]) return uri, headers, body body = add_params_to_qs(body, [('client_id', client.client_id)]) return uri, headers, body
def encode_client_secret_post(client, method, uri, headers, body): body = add_params_to_qs(body or '', [('client_id', client.client_id), ('client_secret', client.client_secret or '')]) return uri, headers, body