def get_bearer_token(email,
password,
scopes=None,
account_server_url=None,
oauth_server_url=None,
client_id=None):
message = None
if not account_server_url:
message = 'Please define an account_server_url.'
elif not oauth_server_url:
message = 'Please define an oauth_server_url.'
elif not client_id:
message = 'Please define a client_id.'
if message:
raise ValueError(message)
if scopes is None:
scopes = ['profile']
client = core.Client(server_url=account_server_url)
session = client.login(email, password)
url = urlparse(oauth_server_url)
audience = "%s://%s/" % (url.scheme, url.netloc)
bid_assertion = session.get_identity_assertion(audience)
oauth_client = oauth.Client(server_url=oauth_server_url)
token = oauth_client.authorize_token(bid_assertion, ' '.join(scopes),
client_id)
return token
def login(self, fxa_account):
log.debug('calling login/start to generate fxa_state')
response = self.client.get('/api/v3/accounts/login/start/',
allow_redirects=True)
params = dict(urlparse.parse_qsl(response.url))
fxa_state = params['state']
log.debug('Get browser id session token')
fxa_session = helpers.get_fxa_client().login(
email=fxa_account.email, password=fxa_account.password)
oauth_client = fxa_oauth.Client(
client_id=FXA_CONFIG['client_id'],
client_secret=FXA_CONFIG['client_secret'],
server_url=FXA_CONFIG['oauth_host'])
log.debug('convert browser id session token into oauth code')
oauth_code = oauth_client.authorize_code(fxa_session, scope='profile')
# Now authenticate the user, this will verify the user on the server
response = self.client.get(
'/api/v3/accounts/authenticate/',
params={
'state': fxa_state,
'code': oauth_code,
},
name='/api/v3/accounts/authenticate/?state=:state')
def login(self, account):
log.debug('creating fxa account')
fxa_account, email_account = helpers.get_fxa_account()
log.debug('calling login/start to generate fxa_state')
response = self.client.get(reverse('accounts.login_start'),
allow_redirects=False)
params = dict(urlparse.parse_qsl(response.headers['Location']))
fxa_state = params['state']
log.debug('Get browser id session token')
fxa_session = helpers.get_fxa_client().login(
email=fxa_account.email, password=fxa_account.password)
oauth_client = fxa_oauth.Client(
client_id=FXA_CONFIG['client_id'],
client_secret=FXA_CONFIG['client_secret'],
server_url=FXA_CONFIG['oauth_host'])
log.debug('convert browser id session token into oauth code')
oauth_code = oauth_client.authorize_code(fxa_session, scope='profile')
# Now authenticate the user, this will verify the user on the
response = self.client.get(reverse('accounts.authenticate'),
params={
'state': fxa_state,
'code': oauth_code,
})
def get_bearer_token(email,
password,
scopes=None,
account_server_url=None,
oauth_server_url=None,
client_id=None,
client_secret=None,
use_pkce=False,
unblock_code=None):
message = None
if not account_server_url:
message = 'Please define an account_server_url.'
elif not oauth_server_url:
message = 'Please define an oauth_server_url.'
elif not client_id:
message = 'Please define a client_id.'
if message:
raise ValueError(message)
if scopes is None:
scopes = ['profile']
client = core.Client(server_url=account_server_url)
session = client.login(email, password, unblock_code=unblock_code)
oauth_client = oauth.Client(client_id,
client_secret,
server_url=oauth_server_url)
# XXX TODO: we should be able to automaticaly choose the most
# direct route to getting a token, based on registered client
# metadata. Unfortunately the oauth-server doesn't (yet) expose
# client properties like `canGrant` and `isPublic`.
# print metadata
# metadata = oauth_client.get_client_metadata()
scope = ' '.join(scopes)
if client_secret is None and not use_pkce:
token = oauth_client.authorize_token(session, scope)
else:
challenge = verifier = {}
if use_pkce:
(challenge, verifier) = oauth_client.generate_pkce_challenge()
code = oauth_client.authorize_code(session, scope, **challenge)
token = oauth_client.trade_code(code, **verifier)
return token
