def create_resource_server(app): query_token = create_query_token_func(db.session, Token) require_oauth = ResourceProtector(query_token) @app.route('/user') @require_oauth('profile') def user_profile(): user = current_token.user return jsonify(id=user.id, username=user.username) @app.route('/user/email') @require_oauth('email') def user_email(): user = current_token.user return jsonify(email=user.username + '@example.com') @app.route('/info') @require_oauth() def public_info(): return jsonify(status='ok')
from flask import json from authlib.flask.oauth2.sqla import create_query_token_func from authlib.specs.rfc7662 import IntrospectionEndpoint from .oauth2_server import db, User, Client, Token from .oauth2_server import TestCase from .oauth2_server import create_authorization_server query_token = create_query_token_func(db.session, Token) class MyIntrospectionEndpoint(IntrospectionEndpoint): def query_token(self, token, token_type_hint, client): return query_token(token, token_type_hint, client) def introspect_token(self, token): user = User.query.get(token.user_id) return { "active": not token.revoked, "client_id": token.client_id, "username": user.username, "scope": token.scope, "sub": user.get_user_id(), "aud": token.client_id, "iss": "https://server.example.com/", "exp": token.get_expires_at(), "iat": token.issued_at, } class IntrospectTokenTest(TestCase): def prepare_data(self):
db.session.delete(token) db.session.commit() query_client = create_query_client_func(db.session, OAuth2Client) authorization = AuthorizationServer(query_client=query_client) # support all grants authorization.register_grant_endpoint(AuthorizationCodeGrant) authorization.register_grant_endpoint(ImplicitGrant) authorization.register_grant_endpoint(PasswordGrant) authorization.register_grant_endpoint(ClientCredentialsGrant) authorization.register_grant_endpoint(RefreshTokenGrant) # support revocation authorization.register_revoke_token_endpoint(RevocationEndpoint) # scopes definition scopes = { 'email': 'Access to your email address.', 'connects': 'Access to your connected networks.' } # protect resource query_token = create_query_token_func(db.session, OAuth2Token) require_oauth = ResourceProtector(query_token=query_token) def init_app(app): authorization.init_app(app)