def get_token_response(self, response_type, client_id, redirect_uri, **params): # Ensure proper response_type if response_type != "token": err = "unsupported_response_type" return self._make_redirect_error_response(redirect_uri, err) # Check for a valid client ID. is_valid_client_id = self.validate_client_id(client_id) if not is_valid_client_id: err = "unauthorized_client" return self._make_redirect_error_response(redirect_uri, err) # Check for a valid redirect URI. is_valid_redirect_uri = self.validate_redirect_uri( client_id, redirect_uri) if not is_valid_redirect_uri: return self._invalid_redirect_uri_response() # Check conditions is_valid_access = self.validate_access() scope = params.get("scope", "") are_valid_scopes = self.validate_scope(client_id, scope) # Return proper error responses on invalid conditions if not is_valid_access: err = "access_denied" return self._make_redirect_error_response(redirect_uri, err) if not are_valid_scopes: err = "invalid_scope" return self._make_redirect_error_response(redirect_uri, err) # Make sure we have enough random data in the token to have a public # prefix and a private encrypted suffix. access_token = str(self.generate_access_token()) assert len(access_token) - ACCESS_TOKEN_PREFIX_LENGTH >= 20 token_type = self.token_type expires_in = self.token_expires_in data = self._generate_data_string() self.persist_token_information( client_id=client_id, scope=scope, access_token=access_token, token_type=token_type, expires_in=expires_in, refresh_token=None, data=data, ) url = utils.build_url(redirect_uri, params) url += "#access_token=%s&token_type=%s&expires_in=%s" % ( access_token, token_type, expires_in, ) return self._make_response(headers={"Location": url}, status_code=302)
def _make_redirect_error_response(self, redirect_uri, err): """Return a HTTP 302 redirect response object containing the error. :param redirect_uri: Client redirect URI. :type redirect_uri: str :param err: OAuth error message. :type err: str :rtype: requests.Response """ params = {"error": err, "response_type": None, "client_id": None, "redirect_uri": None} redirect = utils.build_url(redirect_uri, params) return self._make_response(headers={"Location": redirect}, status_code=302)
def get_authorization_code(self, response_type, client_id, redirect_uri, **params): """Generate authorization code HTTP response. :param response_type: Desired response type. Must be exactly "code". :type response_type: str :param client_id: Client ID. :type client_id: str :param redirect_uri: Client redirect URI. :type redirect_uri: str :rtype: requests.Response """ # Ensure proper response_type if response_type != "code": err = "unsupported_response_type" return self._make_redirect_error_response(redirect_uri, err) # Check redirect URI is_valid_redirect_uri = self.validate_redirect_uri(client_id, redirect_uri) if not is_valid_redirect_uri: return self._invalid_redirect_uri_response() # Check conditions is_valid_client_id = self.validate_client_id(client_id) is_valid_access = self.validate_access() scope = params.get("scope", "") is_valid_scope = self.validate_scope(client_id, scope) # Return proper error responses on invalid conditions if not is_valid_client_id: err = "unauthorized_client" return self._make_redirect_error_response(redirect_uri, err) if not is_valid_access: err = "access_denied" return self._make_redirect_error_response(redirect_uri, err) if not is_valid_scope: err = "invalid_scope" return self._make_redirect_error_response(redirect_uri, err) # Generate authorization code code = self.generate_authorization_code() # Save information to be used to validate later requests self.persist_authorization_code(client_id=client_id, code=code, scope=scope) # Return redirection response params.update( {"code": code, "response_type": None, "client_id": None, "redirect_uri": None} ) redirect = utils.build_url(redirect_uri, params) return self._make_response(headers={"Location": redirect}, status_code=302)