def create_bearer_token_generator(self, app):
"""Create a generator function for generating ``token`` value. This
method will create a Bearer Token generator with
:class:`authlib.oauth2.rfc6750.BearerToken`. By default, it will not
generate ``refresh_token``, which can be turn on by configuration
``OAUTH2_REFRESH_TOKEN_GENERATOR=True``.
"""
access_token_generator = app.config.get(
'OAUTH2_ACCESS_TOKEN_GENERATOR', True)
if isinstance(access_token_generator, str):
access_token_generator = import_string(access_token_generator)
elif not callable(access_token_generator):
def access_token_generator(**kwargs):
return generate_token(42)
refresh_token_generator = app.config.get(
'OAUTH2_REFRESH_TOKEN_GENERATOR', False)
if isinstance(refresh_token_generator, str):
refresh_token_generator = import_string(refresh_token_generator)
elif refresh_token_generator is True:
def refresh_token_generator(**kwargs):
return generate_token(48)
elif not callable(refresh_token_generator):
refresh_token_generator = None
expires_generator = self.create_token_expires_in_generator(app)
return BearerToken(access_token_generator, refresh_token_generator,
expires_generator)
def create_bearer_token_generator(self, config):
"""Create a generator function for generating ``token`` value. This
method will create a Bearer Token generator with
:class:`authlib.oauth2.rfc6750.BearerToken`. By default, it will not
generate ``refresh_token``, which can be turn on by configuration
``OAUTH2_REFRESH_TOKEN_GENERATOR=True``.
"""
conf = config.get('OAUTH2_ACCESS_TOKEN_GENERATOR', True)
access_token_generator = create_token_generator(conf, 42)
conf = config.get('OAUTH2_REFRESH_TOKEN_GENERATOR', False)
refresh_token_generator = create_token_generator(conf, 48)
expires_generator = self.create_token_expires_in_generator(config)
return BearerToken(access_token_generator, refresh_token_generator,
expires_generator)
def create_bearer_token_generator(self):
"""Default method to create BearerToken generator."""
conf = self.config.get('access_token_generator', True)
access_token_generator = create_token_generator(conf, 42)
conf = self.config.get('refresh_token_generator', False)
refresh_token_generator = create_token_generator(conf, 48)
conf = self.config.get('token_expires_in')
expires_generator = create_token_expires_in_generator(conf)
return BearerToken(
access_token_generator=access_token_generator,
refresh_token_generator=refresh_token_generator,
expires_generator=expires_generator,
)
def create_bearer_token_generator(self, config):
"""Create a generator function for generating ``token`` value. This
method will create a Bearer Token generator with
:class:`authlib.oauth2.rfc6750.BearerToken`.
Configurable settings:
1. OAUTH2_ACCESS_TOKEN_GENERATOR: Boolean or import string, default is True.
2. OAUTH2_REFRESH_TOKEN_GENERATOR: Boolean or import string, default is False.
3. OAUTH2_TOKEN_EXPIRES_IN: Dict or import string, default is None.
By default, it will not generate ``refresh_token``, which can be turn on by
configure ``OAUTH2_REFRESH_TOKEN_GENERATOR``.
Here are some examples of the token generator::
OAUTH2_ACCESS_TOKEN_GENERATOR = 'your_project.generators.gen_token'
# and in module `your_project.generators`, you can define:
def gen_token(client, grant_type, user, scope):
# generate token according to these parameters
token = create_random_token()
return f'{client.id}-{user.id}-{token}'
Here is an example of ``OAUTH2_TOKEN_EXPIRES_IN``::
OAUTH2_TOKEN_EXPIRES_IN = {
'authorization_code': 864000,
'urn:ietf:params:oauth:grant-type:jwt-bearer': 3600,
}
"""
conf = config.get('OAUTH2_ACCESS_TOKEN_GENERATOR', True)
access_token_generator = create_token_generator(conf, 42)
conf = config.get('OAUTH2_REFRESH_TOKEN_GENERATOR', False)
refresh_token_generator = create_token_generator(conf, 48)
expires_conf = config.get('OAUTH2_TOKEN_EXPIRES_IN')
expires_generator = create_token_expires_in_generator(expires_conf)
return BearerToken(
access_token_generator,
refresh_token_generator,
expires_generator
)
def _create_bearer_token_generator(self) -> BearerToken:
access_token_generator = create_token_generator(
self.config.get('ACCESS_TOKEN_GENERATOR', True),
42,
)
refresh_token_generator = create_token_generator(
self.config.get('REFRESH_TOKEN_GENERATOR', True), 48)
expires_generator = create_token_expires_in_generator(
# {
# 'authorization_code': 864000,
# 'urn:ietf:params:oauth:grant-type:jwt-bearer': 3600,
# }
self.config.get('TOKEN_EXPIRES_IN'))
return BearerToken(access_token_generator, refresh_token_generator,
expires_generator)
from authlib.integrations.django_oauth2 import AuthorizationServer
from authlib.oauth2 import HttpRequest
from authlib.oauth2.rfc6749 import TokenMixin
from authlib.oauth2.rfc6750 import BearerToken
from authlib.oauth2.rfc8414 import AuthorizationServerMetadata
from oauth2_server.models import (
OAuth2Client,
OAuth2Token,
expires_generator,
refresh_token_generator,
access_token_generator,
)
class MyAuthorizationServer(AuthorizationServer):
def save_oauth2_token(self, token: dict, request: HttpRequest) -> TokenMixin:
return OAuth2Token.new(request.client, **token)
server: AuthorizationServer = MyAuthorizationServer(
client_model=OAuth2Client,
token_model=OAuth2Token,
generate_token=BearerToken(
access_token_generator=access_token_generator,
refresh_token_generator=refresh_token_generator,
expires_generator=expires_generator,
),
metadata=AuthorizationServerMetadata({}),
)
