def create_auth_server(): client_store = ClientStore() client_store.add_client( client_id="alexa.matsuoka", client_secret="xxxx", redirect_uris=[ "https://layla.amazon.com/api/skill/link/M2Q7FOC6AVxxxx", "https://pitangui.amazon.com/api/skill/link/M2Q7FOC6AVxxxx", "https://alexa.amazon.co.jp/api/skill/link/M2Q7FOC6AVxxxx" ]) token_store = TokenStore() token_store.save_token( AccessToken(client_id="alexa.matsuoka", grant_type="authorization_code", user_id="*****@*****.**", token="xxxx")) provider = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=Uuid4(), client_authentication_source=http_basic_auth) provider.add_grant( AuthorizationCodeGrant(site_adapter=TestSiteAdapter(), unique_token=True)) app = Application([ url(provider.authorize_path, OAuth2Handler, dict(provider=provider)), url(provider.token_path, OAuth2Handler, dict(provider=provider)), ], debug=False) return app
def run_auth_server(): try: client_store = ClientStore() client_store.add_client( client_id="abc", client_secret="xyz", redirect_uris=["http://localhost:8081/callback"]) token_store = TokenStore() auth_controller = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, site_adapter=TestSiteAdapter(), token_generator=Uuid4()) auth_controller.add_grant(AuthorizationCodeGrant()) app = Wsgi(server=auth_controller) httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler) print( "Starting implicit_grant oauth2 server on http://localhost:8080/..." ) httpd.serve_forever() except KeyboardInterrupt: httpd.server_close()
def run_auth_server(): try: client_store = ClientStore() client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=["http://localhost:8081/"]) token_store = TokenStore() provider = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=Uuid4()) provider.add_grant(ImplicitGrant(site_adapter=TestSiteAdapter())) app = Application(provider=provider) httpd = make_server('', 8080, app) print( "Starting implicit_grant oauth2 server on http://localhost:8080/..." ) httpd.serve_forever() except KeyboardInterrupt: httpd.server_close()
def run_auth_server(): try: client_store = ClientStore() client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=[]) token_store = TokenStore() token_gen = Uuid4() token_gen.expires_in['client_credentials'] = 3600 auth_controller = Provider( access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=token_gen) auth_controller.add_grant(ClientCredentialsGrant()) app = Application(provider=auth_controller) httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler) print("Starting implicit_grant oauth2 server on http://localhost:8080/...") httpd.serve_forever() except KeyboardInterrupt: httpd.server_close()
def run_auth_server(): client_store = ClientStore() client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=[], authorized_grants=[oauth2.grant.ClientCredentialsGrant.grant_type]) token_store = TokenStore() # Generator of tokens token_generator = oauth2.tokengenerator.Uuid4() token_generator.expires_in[oauth2.grant.ClientCredentialsGrant.grant_type] = 3600 provider = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=token_generator) # provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter())) provider.add_grant(ClientCredentialsGrant()) try: app = Application([ url(provider.authorize_path, OAuth2Handler, dict(provider=provider)), url(provider.token_path, OAuth2Handler, dict(provider=provider)), ]) app.listen(8080) print("Starting OAuth2 server on http://localhost:8080/...") IOLoop.current().start() except KeyboardInterrupt: IOLoop.close()
def run_auth_server(): client_store = ClientStore() # client_store.add_client(client_id="abc", client_secret="xyz", # redirect_uris=["http://localhost:8081/callback"]) client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=["http://localhost:8080/auth/realms/keycloak-express/broker/oidc/endpoint"]) token_store = TokenStore() provider = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=Uuid4()) provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter())) try: app = Application([ url(provider.authorize_path, OAuth2Handler, dict(provider=provider)), url(provider.token_path, OAuth2Handler, dict(provider=provider)), ]) app.listen(8090) print("Starting OAuth2 server on http://localhost:8090/...") IOLoop.current().start() except KeyboardInterrupt: IOLoop.close()
def run_auth_server(): client_store = ClientStore() client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=["http://10.10.112.59:8081/callback"]) client_store.add_client(client_id="bcd", client_secret="fff", redirect_uris=["http://10.10.112.59:50000/callback"]) client_store.add_client(client_id="9fdc2c7a1cee0cca54c150e3e0b822eb", client_secret="zzz", redirect_uris=["http://10.10.112.59:8888/callback"]) token_store = TokenStore() provider = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=Uuid4()) provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter())) settings = dict( template_path=os.path.join(os.path.dirname(__file__), "templates"), static_path=os.path.join(os.path.dirname(__file__), "static"), cookie_secret='61oETzKXQAGaYdkL5gEmGEJJFuYh7EQnp2XdTP1o/Vo=', ) try: app = Application([ url(provider.authorize_path, OAuth2Handler, dict(provider=provider)), url(provider.token_path, OAuth2Handler, dict(provider=provider)), url("/", MainHandler), ], **settings) app.listen(8080) print "Starting OAuth2 server on http://10.10.112.59:8080/..." IOLoop.current().start() except KeyboardInterrupt: IOLoop.close()
def setUp(self): self.access_token_data = { "client_id": "myclient", "token": "xyz", "scopes": ["foo_read", "foo_write"], "data": { "name": "test" }, "grant_type": "authorization_code" } self.auth_code = AuthorizationCode("myclient", "abc", 100, "http://localhost", ["foo_read", "foo_write"], {"name": "test"}) self.test_store = TokenStore()
def setUp(self): self.access_token_data = {"client_id": "myclient", "token": "xyz", "scopes": ["foo_read", "foo_write"], "data": {"name": "test"}, "grant_type": "authorization_code"} self.auth_code = AuthorizationCode("myclient", "abc", 100, "http://localhost", ["foo_read", "foo_write"], {"name": "test"}) self.test_store = TokenStore()
class MemoryTokenStoreTestCase(unittest.TestCase): def setUp(self): self.access_token_data = {"client_id": "myclient", "token": "xyz", "scopes": ["foo_read", "foo_write"], "data": {"name": "test"}, "grant_type": "authorization_code"} self.auth_code = AuthorizationCode("myclient", "abc", 100, "http://localhost", ["foo_read", "foo_write"], {"name": "test"}) self.test_store = TokenStore() def test_fetch_by_code(self): with self.assertRaises(AuthCodeNotFound): self.test_store.fetch_by_code("unknown") def test_save_code_and_fetch_by_code(self): success = self.test_store.save_code(self.auth_code) self.assertTrue(success) result = self.test_store.fetch_by_code(self.auth_code.code) self.assertEqual(result, self.auth_code) def test_save_token_and_fetch_by_token(self): access_token = AccessToken(**self.access_token_data) success = self.test_store.save_token(access_token) self.assertTrue(success) result = self.test_store.fetch_by_token(access_token.token) self.assertEqual(result, access_token)
def run_auth_server(port=8282): print("Starting OAuth2 server on port:" + str(port)) client_store = ClientStore() client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=["http://0.0.0.0:5000/"]) token_store = TokenStore() provider = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=Uuid4()) provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter())) app = Application(provider=provider) httpd = make_server('', port, app, handler_class=OAuthRequestHandler) httpd.serve_forever()
def get(self): try: client_store = ClientStore() client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=[], authorized_grants=[oauth2.grant.ClientCredentialsGrant.grant_type]) token_store = TokenStore() # Generator of tokens token_generator = oauth2.tokengenerator.Uuid4() token_generator.expires_in[oauth2.grant.ClientCredentialsGrant.grant_type] = 3600 provider = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=token_generator) # provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter())) provider.add_grant(ClientCredentialsGrant()) except Exception as e: result = {"success":0,"return_code":unicode(e),"error_msg":utils.format_error()} self.finish(result)
def run_auth_server(): try: client_store = ClientStore() client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=["http://localhost:8081/callback"]) token_store = TokenStore() provider = TestProvider( access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=Uuid4()) app = OAuthApplication(provider=provider) httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler) print("Starting OAuth2 server on http://localhost:8080/...") httpd.serve_forever() except KeyboardInterrupt: httpd.server_close()
class MemoryTokenStoreTestCase(unittest.TestCase): def setUp(self): self.access_token_data = { "client_id": "myclient", "token": "xyz", "scopes": ["foo_read", "foo_write"], "data": { "name": "test" }, "grant_type": "authorization_code" } self.auth_code = AuthorizationCode("myclient", "abc", 100, "http://localhost", ["foo_read", "foo_write"], {"name": "test"}) self.test_store = TokenStore() def test_fetch_by_code(self): with self.assertRaises(AuthCodeNotFound): self.test_store.fetch_by_code("unknown") def test_save_code_and_fetch_by_code(self): success = self.test_store.save_code(self.auth_code) self.assertTrue(success) result = self.test_store.fetch_by_code(self.auth_code.code) self.assertEqual(result, self.auth_code) def test_save_token_and_fetch_by_token(self): access_token = AccessToken(**self.access_token_data) success = self.test_store.save_token(access_token) self.assertTrue(success) result = self.test_store.fetch_by_token(access_token.token) self.assertEqual(result, access_token)
# -*- coding: utf-8 -*- import cherrypy from . import verify, client_credentials, password from oauth2.tokengenerator import Uuid4 from oauth2.store.memory import ClientStore, TokenStore tokens = TokenStore() clients = ClientStore() clients.add_client(client_id="novareto", client_secret="test", redirect_uris=[]) tickets = Uuid4() tickets.expires_in['client_credentials'] = 7200 def run(): cherrypy.config.update({ 'server.socket_host': '0.0.0.0', 'server.socket_port': 8085, }) cherrypy.tree.graft( client_credentials.make_application(tokens, clients, tickets), '/auth.client') cherrypy.tree.graft( password.make_application(tokens, clients, tickets), '/auth.passwd') cherrypy.tree.graft(
def __init__(self, dbconnection): self.templates = os.path.join(os.path.dirname(__file__), "../templates") self.static = os.path.join(os.path.dirname(__file__), "../static") # DataBase connection self.dbconnection = dbconnection ## # OAuth authentication service (token provider) # Client Store (will be taken from db) client_store = ClientStore() client_store.add_client(client_id="abc", client_secret="xyz", redirect_uris=["http://localhost:8111"]) ## # OAuth Token Store (in memory) token_store = TokenStore() # Generator of tokens token_generator = Uuid4() #token_generator.expires_in[ClientCredentialsGrant.grant_type] = 3600 ## # OAuth Provider provider = Provider(access_token_store=token_store, auth_code_store=token_store, client_store=client_store, token_generator=token_generator) #provider.token_path = '/oauth/token' # Support for the authorization code grant provider.add_grant( AuthorizationCodeGrant(site_adapter=CodeGrant(self.templates))) # provider.add_grant( # ImplicitGrant(site_adapter=Authentication()) # ) logger.debug(provider.authorize_path) logger.debug(provider.token_path) ## # Auth handlers auth_handlers = [ web.url(provider.authorize_path, OAuth2Handler, dict(provider=provider)), web.url(provider.token_path, OAuth2Handler, dict(provider=provider)) ] ## # Web web_handlers = [ web.url(r"/login", login.Index), web.url(r"/logout", logout.Index), web.url(r"/password/(.*)", password.Index), web.url(r"/forgot_password", password.Forgot), web.url(r"/registration", registration.Index), web.url(r'/', home.Index), web.url(r'/settings', home.User), web.url(r'/projects', projects.Projects), web.url(r'/slices/([a-z0-9\._\-]+)', slices.Slices), web.url(r'/users', users.Users), web.url(r'/users/?(' + self.urn_regex + ')', users.Users), web.url(r'/activity', activity.Index), web.url(r'/confirm/(' + self.uuid_regex + ')?', confirm.Index), web.url(r'/status', status.Index), web.url(r'/static/(.*)', web.StaticFileHandler, {'path': self.static}), web.url(r'/test', test.Index), web.url(r"/addOrganization", addOrganization.Index) ] ## # REST API rest_handlers = [ web.url(r'/api/v1/activity?([A-Za-z0-9-]+)?', ActivityHandler), web.url(r'/api/v1/activity/(' + self.uuid_regex + ')?', ActivityHandler), web.url(r'/api/v1/confirm/(' + self.uuid_regex + ')?', ConfirmHandler), web.url(r'/api/v1/requests?([A-Za-z0-9-]+)?', RequestsHandler), web.url(r'/api/v1/requests/(' + self.uuid_regex + ')?', RequestsHandler), web.url(r'/api/v1/usertoken?', UserTokenHandler), web.url(r'/api/v1/login', LoginHandler), web.url(r'/api/v1/password', PasswordHandler), web.url(r'/api/v1/password/(.*)', PasswordHandler), web.url(r'/api/v1/resources$', ResourcesHandler), web.url(r'/api/v1/resources/(' + self.urn_regex + ')?$', ResourcesHandler), web.url(r'/api/v1/resources/(' + self.urn_regex + ')?/?(leases)?$', ResourcesHandler), web.url(r'/api/v1/resources/(' + self.urn_regex + ')?/?(slices)?$', ResourcesHandler), web.url( r'/api/v1/resources/(' + self.urn_regex + ')?/?(testbeds)?$', ResourcesHandler), # leases web.url(r'/api/v1/leases$', LeasesHandler), web.url(r'/api/v1/leases/([A-Za-z0-9-]+)?', LeasesHandler), web.url(r'/api/v1/profile$', ProfileHandler), # testbeds web.url( r'/api/v1/testbeds/?(' + self.urn_regex + ')?/?(resources)?$', TestbedsHandler), web.url(r'/api/v1/testbeds/?(' + self.urn_regex + ')?/?(leases)?$', TestbedsHandler), # users web.url(r'/api/v1/users$', UsersHandler), web.url(r'/api/v1/users/(' + self.email_regex + ')$', UsersHandler), web.url( r'/api/v1/users/?(' + self.urn_regex + ')?/?(authorities|projects|slices)?$', UsersHandler), web.url(r'/api/v1/users/?(authorities|projects|slices)?$', UsersHandler), # authorities web.url(r'/api/v1/authorities$', AuthoritiesHandler), web.url( r'/api/v1/authorities/?(' + self.urn_regex + ')?/?(users|projects)?$', AuthoritiesHandler), # projects web.url( r'/api/v1/projects/?(' + self.urn_regex + ')?/?(users|slices)?$', ProjectsHandler), # slices web.url( r'/api/v1/slices/?(' + self.hrn_regex + ')?/?(users|resources)?$', SlicesHandler), web.url( r'/api/v1/slices/?(' + self.urn_regex + ')?/?(users|resources)?$', SlicesHandler), # F-Interop sessions # security based on the slice id web.url( r'/api/v1/finterop/sessions/?(' + self.urn_regex + ')?/?(start|stop)?$', FinteropSessionsHandler), web.url( r'/api/v1/finterop/sessions/?(' + self.hrn_regex + ')?/?(start|stop)?$', FinteropSessionsHandler), web.url( r'/api/v1/finterop/sessions/?([a-zA-Z0-9]+)?/?(start|stop)?$', FinteropSessionsHandler), #web.url(r'/api/v1/finterop/sessions/?([a-zA-Z0-9]+)?/resources$', ResourceRepoHandler), ] ## # Websockets API # SockJSRouter: configure Websocket WebsocketRouter = SockJSRouter(WebsocketsHandler, '/api/v1/live') ## # URLs handlers handlers = auth_handlers + web_handlers + rest_handlers + WebsocketRouter.urls settings = dict( cookie_secret=config.web["cookie_secret"], login_url="/login", token_secret=config.web["token_secret"], template_path=self.templates, static_path=self.static, #xsrf_cookies=True, debug=True) web.Application.__init__(self, handlers, **settings)