def config_oauth(app): auth_server.init_app(app, query_client=query_client, save_token=save_token_to_db_and_redis) # support all grants auth_server.register_grant(grants.ImplicitGrant) auth_server.register_grant(grants.ClientCredentialsGrant) auth_server.register_grant(AuthorizationCodeGrant) auth_server.register_grant(RefreshTokenGrant) auth_server.redis_client = redis.Redis.from_url(app.config['REDIS_URI'], decode_responses=True) permission.deps.init_redis(auth_server.redis_client) # support revocation SQLARevocationEndpoint = create_revocation_endpoint( db.session, OAuth2Token) class RedisRevocationEndpoint(SQLARevocationEndpoint): def revoke_token(self, token): super().revoke_token(token) auth_server.redis_client.delete('token:{}'.format( token.access_token)) auth_server.register_endpoint(RedisRevocationEndpoint) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def create_resource_server(app): require_oauth = ResourceProtector() BearerTokenValidator = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(BearerTokenValidator()) @app.route('/user') @require_oauth('profile') def user_profile(): user = current_token.user return jsonify(id=user.id, username=user.username) @app.route('/user/email') @require_oauth('email') def user_email(): user = current_token.user return jsonify(email=user.username + '@example.com') @app.route('/info') @require_oauth() def public_info(): return jsonify(status='ok') @app.route('/acquire') def test_acquire(): with require_oauth.acquire('profile') as token: user = token.user return jsonify(id=user.id, username=user.username)
def setup_oauth2_resource_protector(main_app: Flask): """ Configure OAuth2 endpoints protector """ BearerTokenValidator = create_bearer_token_validator( db.session, APIAccessToken) ResourceProtector.register_token_validator(BearerTokenValidator())
def config_oauth(app): authorization.init_app(app, query_client=query_client, save_token=save_token) authorization.register_grant(PasswordGrant) revocation_cls = create_revocation_endpoint(db.session, Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) revocation_cls = create_revocation_endpoint(db.session, Token) authorization.register_endpoint(revocation_cls) bearer_cls = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(bearer_cls())
def init_app(app): server.init_app(app) # register it to grant endpoint server.register_grant(grants.ImplicitGrant) server.register_grant(AuthorizationCodeGrant) server.register_grant(grants.ClientCredentialsGrant) server.register_grant(PasswordGrant) server.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, Token) server.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) # support all grants # authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) # all grant types authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) # custom grants authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # revocations revocation_class = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_class) bearer_class = create_bearer_token_validator(db.session, OAuth2Token) # make sure to instantiate bearer object instance require_oauth.register_token_validator(bearer_class())
def config_oauth(app): query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app( app, query_client=query_client, save_token=save_token ) # support all openid grants authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(required_nonce=True), ]) authorization.register_grant(ImplicitGrant) authorization.register_grant(HybridGrant) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): """OAuth配置app""" query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def init_app(self, app, query_client=None, save_token=None): from app.extensions import db if query_client is None: query_client = create_query_client_func(db.session, OAuth2Client) if save_token is None: save_token = create_save_token_func(db.session, OAuth2Token) super().init_app(app, query_client=query_client, save_token=save_token) # support all grants self.register_grant(grants.ImplicitGrant) self.register_grant(grants.ClientCredentialsGrant) self.register_grant(AuthorizationCodeGrant) self.register_grant(PasswordGrant) self.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) self.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) OAuth2ResourceProtector.register_token_validator(bearer_cls()) self._require_oauth = OAuth2ResourceProtector()
#def query_client(client_id): # return Client.query.filter_by(client_id=client_id).first() def save_token(token, request): authCode = AuthorizationCode.query.filter_by( code=request.code, client_id=request.client.client_id).first() print(authCode) if authCode and not authCode.is_expired(): payment_agreement = PaymentAgreement.query.filter_by( user_id=authCode.user_id, client_id=authCode.client_id).first() item = Token(client_id=authCode.client_id, user_id=authCode.user_id, payment_agreement_id=payment_agreement.id, **token) db.session.add(item) db.session.commit() #Registering grants authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, Token) authorization.register_endpoint(revocation_cls) #Resourse Protector bearer_cls = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(bearer_cls())
# scopes definition scopes = { 'email': 'Access to your email address.', } class MyBearerTokenValidator(BearerTokenValidator): def authenticate_token(self, token_string): print('WAT : token_string = %s' % token_string) return OAuth2Token.query.filter_by(access_token=token_string).first() def request_invalid(self, request): return False def token_revoked(self, token): token.revoked # protect resource query_token = create_query_token_func(db.session, OAuth2Token) #require_oauth = ResourceProtector(query_token=query_token) from authlib.flask.oauth2.sqla import create_bearer_token_validator BearerTokenValidator = create_bearer_token_validator(db.session, OAuth2Token) ResourceProtector.register_token_validator(BearerTokenValidator()) require_oauth = ResourceProtector() def init_app(app): authorization.init_app(app)