def GetToken(svc, params, rduri, type, cid, csec): clients = clientdb.ClientDB() try: # check client_id valid // invalid_client client = clients.find_client(cid) if client is None: raise AuthClientError() # check client_secret match client_id // invalid_client if not client.check_secret(csec): raise AuthClientError() if not rduri: rduri = client.get_default_redirect_uri() else: # check redirect_uri match client_id // invalid_client if not client.check_redirect_uri(rduri): raise AuthClientError() if not type: raise AuthError(rduri, 'invalid_request') # check client_id may use grant_type // unauthorized_client if not client.check_grant_type(type): raise AuthError(rduri, 'unauthorized_client') if type == 'authorization_code': if (not params.has_key('code')): raise AuthError(rduri, 'invalid_request') code = params['code'] (sessid, uid, scopes) = Auth.SessionInfoFromCode(code, cid) if (sessid == None): raise AuthError(rduri, 'invalid_grant') Auth.RemoveCode(code) elif type == "refresh_token": if not params.has_key('refresh_token'): raise AuthError(rduri, 'invalid_grant') old_refresh_token = svc.get_str(params, "refresh_token") refreshments = RefreshTokens() try: old_token = refreshments.find(old_refresh_token) if old_token is None: raise AuthError(rduri, 'invalid_grant') if old_token['client_id'] != cid: raise AuthError(rduri, 'invalid_grant') uid = old_token['uid'] scopes = old_token['scopes'] user = UserManager.LoadUserByUid(uid) session = Session(user, svc.client_address[0], scopes=scopes.split(',')) session.RecordLogin(True) sessid = session.GetID() refreshments.remove(old_refresh_token) finally: refreshments.close() else: raise AuthError(rduri, 'unsupported_grant_type') resp = {} resp['access_token'] = sessid resp['token_type'] = 'session' resp['expires_in'] = Config.SESSION_TIMEOUT_SECONDS resp['scope'] = ' '.join(scopes) if client.check_grant_type('refresh_token'): refreshments = RefreshTokens() try: refresh_token = refreshments.new(uid, cid, svc.client_address[0], scopes) finally: refreshments.close() resp['refresh_token'] = refresh_token svc.writedata(json.dumps(resp)) finally: clients.close()