def authorize(user, auth_request, redirect_uri):
"""
handler with validation for the request providing a code that the client
can use to authorize
user param supplied by login_required
auth_request and redirect_uri wrapper objects supplied by validate_auth_request
NOTE: upon login the user has implicitly given permission for the neuaer
client to obtain an authorization token with the code provided here
"""
# store the authorization associated with this user
# for reconciliation upon token request
auth = Authorization(authorizer=user,
# generate a code for the client to submit when
# requesting an authorization token
code=str(uuid1()),
# an absence of the client_id should be caught in
# the validations above
client_id=auth_request.raw_args.get("client_id"),
# per the oauth 2 standard the redirect uri must
# be matched on the later request for a token
redirect_uri=redirect_uri.get_url())
# gae db save
auth.put()
# add the unique code to the query params, and redirect to the redirect_uri
return redirect_with_params(redirect_uri, code=auth.code)
def decorated_view(*args, **kwargs):
auth_request = AuthRequest(request, settings.OAUTH)
redirect_uri = auth_request.redirect_uri
# if the redirect uri is invalid display the error message immediately
if not redirect_uri.is_valid():
return redirect_uri.error_message['error_description']
# if any other part of the auth request is invalid, redirect with
# the error information appended to the redirect uri as params
if not auth_request.is_valid():
return redirect_with_params(redirect_uri, **auth_request.error_message)
return route(auth_request, redirect_uri, *args, **kwargs)
