def config_oauth(app): query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all openid grants authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(require_nonce=True), ]) #authorization.register_grant(ImplicitGrant) #authorization.register_grant(OpenIDImplicitGrant) #authorization.register_grant(HybridGrant) #authorization.register_grant(grants.ClientCredentialsGrant) #authorization.register_grant(RefreshTokenGrant) #authorization.register_grant(PasswordGrant) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls()) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls)
def configure_oauth(app): authorization.init_app(app) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(RefreshTokenGrant) revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) revocation_cls = create_revocation_endpoint(db.session, OAuth2TokenModel) authorization.register_endpoint(revocation_cls) bearer_cls = create_bearer_token_validator(db.session, OAuth2TokenModel) require_oauth.register_token_validator(bearer_cls())
def configOauth2(app): authorization.init_app(app) # support all grants authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) authorization.register_client_auth_method( 'client_secret_json', authenticate_client_secret_json) # supported grant types authorization.register_grant(ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=False)]) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all openid grants authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(require_nonce=True), ]) authorization.register_grant(ImplicitGrant) authorization.register_grant(HybridGrant) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app, query_client=query_client, save_token=save_token) # support all grants authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): '''Setup the application configuration''' query_client = create_query_client_func(db, OAuth2Client) save_token = create_save_token_func(db, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(require_nonce=True), ]) authorization.register_grant(RefreshTokenGrant) authorization.register_endpoint(IntrospectionEndpoint) revocation_cls = create_revocation_endpoint(db, OAuth2Token) authorization.register_endpoint(revocation_cls) bearer_cls = create_bearer_token_validator(db, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): require_oauth = ResourceProtector() authorization = AuthorizationServer() query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all openid grants authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(require_nonce=True, **app.config['OAUTH_JWT_CONFIG']), ]) authorization.register_grant(HybridGrant) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls()) register_as_extension(app, 'authorization', authorization) register_as_extension(app, 'require_oauth', require_oauth)
def config_oauth(app): """ configure all grants we have (namely open id and oauth2) in authlib """ query_client = create_query_client_func(database.session, OAuth2Client) save_token = create_save_token_func(database.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all openid grants authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(), ]) authorization.register_grant(ImplicitGrant) authorization.register_grant(HybridGrant) # protect resource bearer_cls = create_bearer_token_validator(database.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app, url_prefix="/oauth"): authorization.init_app(app) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls()) # main app.register_blueprint(bp, url_prefix=url_prefix)
def config_oauth(app): """Initialize authorization server, and register suportted authorization grant types For more information, please refer to https://docs.authlib.org/en/latest/flask/2/authorization-server.html#server """ query_client = create_query_client_func(auth_db.session, OAuth2Client) save_token = save_token = create_save_token_func(auth_db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # Register Authorization code grant types authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(require_nonce=False), ]) # protect resource bearer_cls = create_bearer_token_validator(auth_db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
from flask import json, jsonify from authlib.integrations.flask_oauth2 import ResourceProtector, current_token from authlib.integrations.sqla_oauth2 import create_bearer_token_validator from .models import db, User, Client, Token from .oauth2_server import TestCase from .oauth2_server import create_authorization_server require_oauth = ResourceProtector() BearerTokenValidator = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(BearerTokenValidator()) def create_resource_server(app): @app.route('/user') @require_oauth('profile') def user_profile(): user = current_token.user return jsonify(id=user.id, username=user.username) @app.route('/user/email') @require_oauth('email') def user_email(): user = current_token.user return jsonify(email=user.username + '@example.com') @app.route('/info') @require_oauth() def public_info(): return jsonify(status='ok') @app.route('/operator-and')
credential.revoked = True db.session.add(credential) db.session.commit() query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization = AuthorizationServer( query_client=query_client, save_token=save_token, ) require_oauth = ResourceProtector() authorization.init_app(app) # support all grants # authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
from authlib.integrations.fastapi_oauth2 import ResourceProtector from authlib.integrations.sqla_oauth2 import create_bearer_token_validator from fastapi import Request from .models import Client, Token, User, db from .oauth2_server import TestCase, create_authorization_server require_oauth = ResourceProtector() BearerTokenValidator = create_bearer_token_validator(db, Token) require_oauth.register_token_validator(BearerTokenValidator()) def create_resource_server(app): @app.get("/user") @require_oauth(["profile"]) def user_profile(request: Request): user = request.state.token.user return {"id": user.id, "username": user.username} @app.get("/user/email") @require_oauth("email") def user_email(request: Request): pass @app.get("/info") @require_oauth() def public_info(request: Request): return {"status": "ok"} @app.get("/operator-and") @require_oauth(["profile email"])