def request_client_credential(self, client_id, password=None):
"""
This is designed to support section 4.4 of the OAuth 2.0 spec:
"The client can request an access token using only its client
credentials (or other supported means of authentication) when the
client is requesting access to the protected resources under its
control"
If we have a user_key_file defined, the the client_id and password
for RSA authentication, if we don't have an RSA keyfile, use the
client_id and password for BASIC auth
"""
body = 'grant_type=client_credentials'
path = '/goauth/token'
method = 'POST'
url_parts = ('https', self.server, path, None, None)
url = urlparse.urlunsplit(url_parts)
if self.user_key_file:
headers = sign_with_rsa(self.user_key_file,
path,
method,
client_id,
body=body,
password=password)
response = requests.post(url, data={'grant_type': 'client_credentials'}, headers=headers, verify=self.verify_ssl)
elif password:
response = requests.post(url, data={'grant_type': 'client_credentials','client_id' : client_id }, auth = (client_id, password), verify=self.verify_ssl)
else:
raise Exception( "Password and legitimate user_key_file required")
return response.json()
def rsa_get_request_token(self, username, client_id, password=None):
query_params = {"response_type": "code", "client_id": client_id}
query_params = urllib.urlencode(query_params)
path = '/goauth/authorize'
method = 'GET'
headers = sign_with_rsa(self.user_key_file,
path,
method,
username,
query=query_params,
password=password)
url_parts = ('https', self.server, '/goauth/authorize', query_params,
None)
url = urlparse.urlunsplit(url_parts)
response = requests.get(url, headers=headers, verify=self.verify_ssl)
return response.json()
def rsa_get_request_token(self, username, client_id, password=None):
query_params = {
"response_type": "code",
"client_id": client_id
}
query_params = urllib.urlencode(query_params)
path = '/goauth/authorize'
method = 'GET'
headers = sign_with_rsa(self.user_key_file,
path,
method,
username,
query=query_params,
password=password)
url_parts = ('https', self.server, '/goauth/authorize', query_params, None)
url = urlparse.urlunsplit(url_parts)
response = requests.get(url, headers=headers, verify=self.verify_ssl)
return response.json()
def request_client_credential(self, client_id, password=None):
"""
This is designed to support section 4.4 of the OAuth 2.0 spec:
"The client can request an access token using only its client
credentials (or other supported means of authentication) when the
client is requesting access to the protected resources under its
control"
If we have a user_key_file defined, the the client_id and password
for RSA authentication, if we don't have an RSA keyfile, use the
client_id and password for BASIC auth
"""
body = 'grant_type=client_credentials'
path = '/goauth/token'
method = 'POST'
url_parts = ('https', self.server, path, None, None)
url = urlparse.urlunsplit(url_parts)
if self.user_key_file:
headers = sign_with_rsa(self.user_key_file,
path,
method,
client_id,
body=body,
password=password)
response = requests.post(url,
data={'grant_type': 'client_credentials'},
headers=headers,
verify=self.verify_ssl)
elif password:
response = requests.post(url,
data={
'grant_type': 'client_credentials',
'client_id': client_id
},
auth=(client_id, password),
verify=self.verify_ssl)
else:
raise Exception("Password and legitimate user_key_file required")
return response.json()
