def validate_temporary_credentials_request(self, request): """Validate HTTP request for temporary credentials.""" # The client obtains a set of temporary credentials from the server by # making an authenticated (Section 3) HTTP "POST" request to the # Temporary Credential Request endpoint (unless the server advertises # another HTTP request method for the client to use). if request.method.upper() != self.TEMPORARY_CREDENTIALS_METHOD: raise MethodNotAllowedError() # REQUIRED parameter if not request.client_id: raise MissingRequiredParameterError('oauth_consumer_key') # REQUIRED parameter oauth_callback = request.redirect_uri if not request.redirect_uri: raise MissingRequiredParameterError('oauth_callback') # An absolute URI or # other means (the parameter value MUST be set to "oob" if oauth_callback != 'oob' and not is_valid_url(oauth_callback): raise InvalidRequestError('Invalid "oauth_callback" value') client = self._get_client(request) if not client: raise InvalidClientError() self.validate_timestamp_and_nonce(request) self.validate_oauth_signature(request) return request
def validate_service_documentation(self): """OPTIONAL. URL of a page containing human-readable information that developers might want or need to know when using the authorization server. In particular, if the authorization server does not support Dynamic Client Registration, then information on how to register clients needs to be provided in this documentation. """ value = self.get('service_documentation') if value and not is_valid_url(value): raise ValueError('"service_documentation" MUST be a URL')
def validate_op_tos_uri(self): """OPTIONAL. URL that the authorization server provides to the person registering the client to read about the authorization server's terms of service. The registration process SHOULD display this URL to the person registering the client if it is given. As described in Section 5, despite the identifier "op_tos_uri", appearing to be OpenID-specific, its usage in this specification is actually referring to a general OAuth 2.0 feature that is not specific to OpenID Connect. """ value = self.get('op_tos_uri') if value and not is_valid_url(value): raise ValueError('"op_tos_uri" MUST be a URL')
def _validate_uri(self, key, uri=None): if uri is None: uri = self.get(key) if uri and not is_valid_url(uri): raise InvalidClaimError(key)