def admin_jwt(f): """ @param f: flask function @return: decorator, return the wrapped function or abort json object. """ require_oauth = ResourceProtector() if Config.environment != "test": require_oauth.register_token_validator(OIDCTokenValidator(RemoteToken)) @wraps(f) def decorated(*args, **kwargs): oauth = require_oauth(f) return oauth(*args, **kwargs) return decorated
def init_app(self, app, oauth, token_class): """ Configure AuthClient for Flask application Available configuration options: RESOURCE_SERVER_INTROSPECTION_URL RESOURCE_SERVER_INTROSPECTION_CREDENTIALS :param app: Flask application :param oauth: Oauth instance :param token_class: a token class which inherits from TokenMixin """ require_oauth = ResourceProtector() require_oauth.register_token_validator( RemoteTokenValidator(token_class)) self._require_auth = require_oauth
def config_oauth(app): require_oauth = ResourceProtector() authorization = AuthorizationServer() query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all openid grants authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(require_nonce=True, **app.config['OAUTH_JWT_CONFIG']), ]) authorization.register_grant(HybridGrant) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls()) register_as_extension(app, 'authorization', authorization) register_as_extension(app, 'require_oauth', require_oauth)
from flask import json, jsonify from authlib.integrations.flask_oauth2 import ResourceProtector, current_token from authlib.integrations.sqla_oauth2 import create_bearer_token_validator from .models import db, User, Client, Token from .oauth2_server import TestCase from .oauth2_server import create_authorization_server require_oauth = ResourceProtector() BearerTokenValidator = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(BearerTokenValidator()) def create_resource_server(app): @app.route('/user') @require_oauth('profile') def user_profile(): user = current_token.user return jsonify(id=user.id, username=user.username) @app.route('/user/email') @require_oauth('email') def user_email(): user = current_token.user return jsonify(email=user.username + '@example.com') @app.route('/info') @require_oauth() def public_info(): return jsonify(status='ok') @app.route('/operator-and')
credential.revoked = True db.session.add(credential) db.session.commit() query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization = AuthorizationServer( query_client=query_client, save_token=save_token, ) require_oauth = ResourceProtector() authorization.init_app(app) # support all grants # authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def create_resource_server(): resource_protector = ResourceProtector() resource_protector.register_token_validator(NeverminedJWTTokenValidator()) return resource_protector