def get_token(self, token_id, scope): """Retrieves a registered token by token ID and required scope. @type token_id: basestring @param token_id: token ID @type scope: basestring @param scope: required scopes as space separated string """ try: token = self.get_value(token_id) except KeyError: log.debug("Request for token of ID that is not registered: %s", token_id) return None, 'invalid_token' if not token.valid: log.debug("Request for invalid token of ID: %s", token_id) return None, 'invalid_token' if token.expires <= datetime.utcnow(): log.debug("Request for expired token of ID: %s", token_id) return None, 'invalid_token' # Check scope if not scopeutil.isScopeGranted(token.scope, scopeutil.scopeStringToList(scope)): log.debug("Request for token of ID: %s - token was not granted " "scope %s", token_id, scope) return None, 'insufficient_scope' return token, None
def eq_authz_basis(self, other): """Determines whether a requested client authorization is equivalent to a granted one. @type other: ClientAuthorization @param other: requested authorization @rtype: bool @return: True if the user and client ID are the same and if there are no requested scopes that are not granted, otherwise False """ return (self.user == other.user and self.client_id == other.client_id and scopeutil.isScopeGranted(self.scope, other.scope))