def post(self):
if not self.validate_params():
return
# TODO: check for some sort of cross site request forgery? sign the request?
if self.request.get('authorize').lower() == 'no':
self.authz_error('access_denied', "The user did not allow authorization.")
return
response_type = self.request.get('response_type')
if response_type in ['code', 'code_and_token']:
code = OAuth_Authorization(
user_id = self.user.user_id(),
client_id = self.client.client_id,
redirect_uri = self.redirect_uri, )
code.put()
code = code.serialize(state=self.request.get('state'))
else:
code = None
if response_type in ['token', 'code_and_token']:
token = OAuth_Token(
user_id = self.user.user_id(),
client_id = self.client.client_id,
scope = self.request.get('scope'), )
token.put(can_refresh=False)
token = token.serialize(requested_scope=self.request.get('scope'))
else:
token = None
self.authz_redirect(code, token)
def post(self):
if not self.validate_params():
return
# TODO: check for some sort of cross site request forgery? sign the request?
if self.request.get('authorize').lower() == 'no':
self.authz_error('access_denied',
"The user did not allow authorization.")
return
response_type = self.request.get('response_type')
if response_type in ['code', 'code_and_token']:
code = OAuth_Authorization(
user_id=self.user.user_id(),
client_id=self.client.client_id,
redirect_uri=self.redirect_uri,
)
code.put()
code = code.serialize(state=self.request.get('state'))
else:
code = None
if response_type in ['token', 'code_and_token']:
token = OAuth_Token(
user_id=self.user.user_id(),
client_id=self.client.client_id,
scope=self.request.get('scope'),
)
token.put(can_refresh=False)
token = token.serialize(requested_scope=self.request.get('scope'))
else:
token = None
self.authz_redirect(code, token)
def handle_authorization_code(self, client, scope=None):
authorization = OAuth_Authorization.get_by_code(self.request.get('code'))
redirect_uri = self.request.get('redirect_uri')
if not authorization or not authorization.validate(code, redirect_uri, client.client_id):
self.render_error('invalid_grant', "Authorization code expired or invalid.")
return
token = OAuth_Token(
user_id = authorization.user_id,
client_id = authorization.client_id,
scope = scope, )
token.put()
authorization.delete()
self.render_response(token)
def handle_authorization_code(self, client, scope=None):
authorization = OAuth_Authorization.get_by_code(
self.request.get('code'))
redirect_uri = self.request.get('redirect_url')
if not authorization or not authorization.validate(
code, redirect_uri, client.client_id):
self.render_error('invalid_grant',
"Authorization code expired or invalid.")
return
token = OAuth_Token(
user_id=authorization.user_id,
client_id=authorization.client_id,
scope=scope,
)
token.put()
authorization.delete()
self.render_response(token)
