def _auth_redirect(self, callback_uri, realm, authenticate): """ Redirects the resource owner to obtain OAuth authorization for this service. You should call this method to log the user in, and then call :func:`get_authenticated_user` in the handler you registered as your callback URL to complete the authorization process. This method sets a cookie called ``_oauth_temporary_credentials`` which is subsequently used (and cleared) in :func:`get_authenticated_user` for security purposes. :param callback_uri: The callback URI path. For example, ``/auth/ready?format=json`` The host on which this handler is running will be used as the base URI for this path. :param realm: The OAuth authorization realm. :param authenticate: Internal parameter. Not meant for use in client code. When set to ``True``, the resource owner will be redirected to an "authentication" URL instead of an "authorization" URL. Authentication URLs automatically redirect back to the application if the application is already authorized. """ callback_uri = callback_uri or OAUTH_VALUE_CALLBACK_OOB if callback_uri and callback_uri != OAUTH_VALUE_CALLBACK_OOB: callback_uri = urljoin(self.adapter_request_full_url, callback_uri) # Ask for temporary credentials, and when we get them, redirect # to either the authentication or authorization URL. #async_callback = partial(self._on_temporary_credentials, # authenticate=authenticate) temp, _ = self.oauth_client.fetch_temporary_credentials( realm=realm, oauth_callback=callback_uri # async_callback=async_callback ) self._on_temporary_credentials(authenticate, temp)
def _openid_args(self, callback_uri, ax_attrs=None, oauth_scope=None): """ Builds and returns the OpenID arguments used in the authentication request. :param callback_uri: The URL to redirect to after authentication. :param ax_attrs: List of Attribute Exchange attributes to be fetched. :param oauth_scope: OAuth scope. :returns: A dictionary of arguments for the authentication URL. """ ax_attrs = ax_attrs or () url = urljoin(self.adapter_request_full_url, callback_uri) request_host = self.adapter_request_host #request_protocol = self.adapter_request_scheme args = { "openid.ns": self.SPEC_OPENID_NS, "openid.claimed_id": self.SPEC_IDENTIFIER_SELECT, "openid.identity": self.SPEC_IDENTIFIER_SELECT, "openid.return_to": url, #"openid.realm": request_protocol + "://" + request_host + "/", # See: # https://github.com/facebook/tornado/commit/1882670c5f9dd9be5840e1fac91e3ef98ba1deeb "openid.realm": urljoin(url, "/"), "openid.mode": OPENID_MODE_CHECKID_SETUP, } if ax_attrs: args.update({ "openid.ns.ax": self.SPEC_AX_NS, "openid.ax.mode": OPENID_AX_MODE_FETCH_REQUEST, }) ax_attrs = set(ax_attrs) required = [] if "name" in ax_attrs: ax_attrs -= set(["name", "firstname", "fullname", "lastname"]) required += ["firstname", "fullname", "lastname"] args.update({ "openid.ax.type.firstname": self.ATTRIB_FIRST_NAME, "openid.ax.type.fullname": self.ATTRIB_FULL_NAME, "openid.ax.type.lastname": self.ATTRIB_LAST_NAME, }) known_attrs = { "email": self.ATTRIB_EMAIL, "country": self.ATTRIB_COUNTRY, "language": self.ATTRIB_LANGUAGE, "username": self.ATTRIB_USERNAME, } for name in ax_attrs: args["openid.ax.type." + name] = known_attrs[name] required.append(name) args["openid.ax.required"] = ",".join(required) if oauth_scope: args.update({ "openid.ns.oauth": self.SPEC_OAUTH_NS, "openid.oauth.consumer": request_host.split(":")[0], "openid.oauth.scope": oauth_scope, }) return args