def process_refresh_token_grant(self,
client_id,
client_secret,
refresh_token):
token = database.tokens.get_token(client_id,
client_secret,
refresh_token)
if not isinstance(token, database.models.RefreshToken):
return { 'error' : 'invalid_grant' }
access_token = token.access_token
#database.tokens.delete_token(access_token)
del access_token
new_access_token = database.tokens.get_token(
client_id,
client_secret,
database.accesstoken.create_access_token_from_refresh_token(token))
tokens = {
'access_token' : new_access_token.code,
'token_type' : 'bearer',
'expires_in' : new_access_token.expire,
}
if new_access_token.scope:
tokens.update({'scope' : new_access_token.scope})
return tokens
def process_auth_code_grant(self,
client_id,
client_secret,
scope,
code,
redirect_uri):
client = database.client.get_client(client_id)
auth_code = database.authcode.get_auth_code(client_id,
client_secret,
code)
print client, auth_code,
if client:
print redirect_uri, client.redirect_uri
if auth_code and \
client and \
redirect_uri == client.redirect_uri:
access_token_str = database.accesstoken.create_access_token_from_code(auth_code)
refresh_token_str = database.refreshtoken.create_refresh_token_from_code(
auth_code,
access_token_str)
if not access_token_str:
return { 'error' : 'access_denied' }
tokens = {
'access_token' : access_token_str,
'token_type' : 'bearer',
'expires_in' : database.tokens.get_token(client_id,
client_secret,
access_token_str).expire,
'refresh_token' : refresh_token_str,
}
if scope:
tokens.update({'scope' : scope})
try:
if not database.associations.isassociated(auth_code.user,
auth_code.client,
refresh_token_str):
database.associations.associate_client_with_user(auth_code.user,
auth_code.client,
refresh_token_str)
else:
#import pdb; pdb.set_trace()
database.associations.update_association(auth_code.user,
auth_code.client,
refresh_token_str)
except AssociationExistsWarning, e:
logging.warn('process_auth_code_grant: ' + str(e))
finally:
def process_password_grant(self,
client_id,
client_secret,
username,
password,
scope):
access_token = database.accesstoken.create_access_token_from_user_pass(
client_id,
client_secret,
username,
password,
scope)
refresh_token = database.refreshtoken.create_refresh_token_from_user_pass(
client_id,
client_secret,
username,
password,
scope,
access_token)
if access_token is not None and \
refresh_token is not None:
#turn it into a AccessToken instance & RefreshToken instance
if client_id != None:
access_token = database.tokens.get_token(client_id,
client_secret,
access_token)
refresh_token = database.tokens.get_token(client_id,
client_secret,
refresh_token)
else:
access_token = database.tokens.get_token(username,
password,
access_token)
refresh_token = database.tokens.get_token(username,
password,
refresh_token)
tokens = {
'access_token' : access_token.code,
'token_type' : 'bearer',
'expires_in' : access_token.expire,
'refresh_token' : refresh_token.code,
}
if scope:
tokens.update({'scope' : scope})
try:
if not database.associations.isassociated(refresh_token.user,
refresh_token.client,
refresh_token):
database.associations.associate_client_with_user(refresh_token.user,
refresh_token.client,
refresh_token)
else:
database.associations.update_association(refresh_token.user,
refresh_token.client,
refresh_token)
except AssociationExistsWarning, e:
logging.warn('process_auth_code_grant: ' + str(e))
return tokens
