def grant_access_token(request):
client_id = request.POST.get('client_id')
try:
client = Client.get_by_client_id(client_id)
except KeyError:
return JsonResponse({'error': 'incorrect_client_credentials',
'oops': "No such client %r" % client_id}, status=400)
client_secret = request.POST.get('client_secret')
if client_secret != client.client_secret:
return JsonResponse({'error': 'incorrect_client_credentials',
'oops': "Incorrect secret for client %r" % client_id}, status=400)
code = request.POST.get('code')
try:
authorization = authorizations[code]
except KeyError:
return JsonResponse({'error': 'bad_verification_code',
'oops': "Invalid authorization code %r" % code}, status=400)
if client_id != authorization['client_id']:
return JsonResponse({'error': 'bad_verification_code',
'oops': "Invalid authorization code %r for client %r" % (code, client_id)}, status=400)
redirect_uri = request.POST.get('redirect_uri')
if redirect_uri != client.redirect_uri:
return JsonResponse({'error': 'redirect_uri_mismatch',
'oops': "Incorrect redirect URI for client %r" % client_id}, status=400)
# Okay then.
token_token = squib(20)
access_token = {
'token': token_token,
'username': authorization['username'],
}
access_tokens[token_token] = access_token
return JsonResponse({
'access_token': token_token,
'user_id': 'https://%s/person/%s' % (request._environ['HTTP_HOST'], authorization['username']),
})
def user_endpoint(request):
client_id = request.GET.get('client_id')
try:
Client.get_by_client_id(client_id)
except KeyError:
return OopsResponse("No such client %r", client_id)
scope = request.GET.get('scope')
if scope != 'openid':
return OopsResponse("Unknown scope %r", scope)
redirect_uri = request.GET.get('redirect_uri')
authorization = {
'client_id': client_id,
'redirect_uri': redirect_uri,
}
code = squib(20)
authorizations[code] = authorization
return TemplateResponse('connectme/user_endpoint.html', {
'code': code,
})
def __init__(self, **kwargs):
self.client_id = squib(10)
self.client_secret = squib(20)
for key, val in kwargs.items():
setattr(self, key, val)
