def parse_authz(self, query="", **kwargs):
"""
This is where we get redirect back to after authorization at the
authorization server has happened.
Couple of cases
["code"]
["code", "token"]
["code", "id_token", "token"]
["id_token"]
["id_token", "token"]
["token"]
:return: A AccessTokenResponse instance
"""
_log_info = logger.info
logger.debug("- authorization -")
if not query:
return http_util.BadRequest("Missing query")
_log_info("response: %s" % sanitize(query))
if "code" in self.consumer_config["response_type"]:
aresp, _state = self._parse_authz(query, **kwargs)
# May have token and id_token information too
if "access_token" in aresp:
atr = clean_response(aresp)
self.access_token = atr
# update the grant object
self.get_grant(state=_state).add_token(atr)
else:
atr = None
self._backup(_state)
try:
idt = aresp["id_token"]
except KeyError:
idt = None
return aresp, atr, idt
elif "token" in self.consumer_config["response_type"]: # implicit flow
_log_info("Expect Access Token Response")
atr = self.parse_response(AccessTokenResponse,
info=query,
sformat="urlencoded",
keyjar=self.keyjar,
**kwargs)
if isinstance(atr, ErrorResponse):
raise TokenError(atr.get("error"), atr)
idt = None
return None, atr, idt
else: # only id_token
aresp, _state = self._parse_authz(query, **kwargs)
try:
idt = aresp["id_token"]
except KeyError:
idt = None
return None, None, idt
def parse_authz(self, query="", **kwargs):
"""
This is where we get redirect back to after authorization at the
authorization server has happened.
:return: A AccessTokenResponse instance
"""
_log_info = logger.info
logger.debug("- authorization -")
if not query:
return http_util.BadRequest("Missing query")
_log_info("response: %s" % query)
if "code" in self.config["response_type"]:
# Might be an error response
_log_info("Expect Authorization Response")
aresp = self.parse_response(AuthorizationResponse,
info=query,
sformat="urlencoded",
keyjar=self.keyjar)
if aresp.type() == "ErrorResponse":
_log_info("ErrorResponse: %s" % aresp)
raise AuthzError(aresp.error)
_log_info("Aresp: %s" % aresp)
_state = aresp["state"]
try:
self.update(_state)
except KeyError:
raise UnknownState(_state)
self.redirect_uris = [self.sdb[_state]["redirect_uris"]]
# May have token and id_token information too
if "access_token" in aresp:
atr = clean_response(aresp)
self.access_token = atr
# update the grant object
self.get_grant(state=_state).add_token(atr)
else:
atr = None
self._backup(_state)
try:
idt = aresp["id_token"]
except KeyError:
idt = None
return aresp, atr, idt
else: # implicit flow
_log_info("Expect Access Token Response")
atr = self.parse_response(AccessTokenResponse,
info=query,
sformat="urlencoded",
keyjar=self.keyjar)
if atr.type() == "ErrorResponse":
raise TokenError(atr["error"])
idt = None
return None, atr, idt