def oauth2_token():
grant_type = request.form.get('grant_type')
if grant_type == 'authorization_code':
"""
일반 사용자가 앱에서 토큰을 획득할 때 사용
"""
client_id = request.form.get('client_id')
client_secret = request.form.get('client_secret')
redirect_uri = request.form.get('redirect_uri') # TODO
code = request.form.get('code')
try:
code = OAuth2AuthorizationCode.objects(code=code, client_id=client_id).get()
except OAuth2AuthorizationCode.DoesNotExist:
return jsonify({'error': 'invalid_request'}), 400
try:
client = ApplicationOAuth2Client.objects(id=code.client_id).get()
except ApplicationOAuth2Client.DoesNotExist:
return jsonify({'error': 'unauthorized_client'}), 400
if client_secret != client.secret_key:
return jsonify({'error': 'unauthorized_client'}), 400
token = OAuth2AccessToken.create_token('account', code.account_id, scope=code.scope)
token.client_id = client.id
token.save()
code.delete()
expires_in = token.expires_at - datetime.utcnow()
expires_in = expires_in.days * 86400 + expires_in.seconds
return jsonify({
'access_token': token.access_token,
'expires_in': expires_in,
'token_type': 'Bearer',
'refresh_token': token.refresh_token
})
elif grant_type == 'client_credentials':
"""
게이트웨이에서 토큰 획득 용으로 사용
"""
client_id = request.form.get('client_id')
client_secret = request.form.get('client_secret')
try:
gateway = CampusGateway.objects(id=client_id, secret_key=client_secret).get()
token = OAuth2AccessToken.create_token('gateway', gateway.id)
expires_in = token.expires_at - datetime.utcnow()
expires_in = expires_in.days * 86400 + expires_in.seconds
return jsonify({
'access_token': token.access_token,
'expires_in': expires_in,
'token_type': 'Bearer',
'refresh_token': token.refresh_token
})
except CampusGateway.DoesNotExist:
pass
return jsonify({'error': 'invalid_request'}), 400
elif grant_type == 'refresh_token':
return jsonify({'error': 'unsupported_response_type'}), 400
else:
return jsonify({'error': 'unsupported_grant_type'}), 400
