def config_oauth(app):
auth_server.init_app(app,
query_client=query_client,
save_token=save_token_to_db_and_redis)
# support all grants
auth_server.register_grant(grants.ImplicitGrant)
auth_server.register_grant(grants.ClientCredentialsGrant)
auth_server.register_grant(AuthorizationCodeGrant)
auth_server.register_grant(RefreshTokenGrant)
auth_server.redis_client = redis.Redis.from_url(app.config['REDIS_URI'],
decode_responses=True)
permission.deps.init_redis(auth_server.redis_client)
# support revocation
SQLARevocationEndpoint = create_revocation_endpoint(
db.session, OAuth2Token)
class RedisRevocationEndpoint(SQLARevocationEndpoint):
def revoke_token(self, token):
super().revoke_token(token)
auth_server.redis_client.delete('token:{}'.format(
token.access_token))
auth_server.register_endpoint(RedisRevocationEndpoint)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def create_resource_server(app):
require_oauth = ResourceProtector()
BearerTokenValidator = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(BearerTokenValidator())
@app.route('/user')
@require_oauth('profile')
def user_profile():
user = current_token.user
return jsonify(id=user.id, username=user.username)
@app.route('/user/email')
@require_oauth('email')
def user_email():
user = current_token.user
return jsonify(email=user.username + '@example.com')
@app.route('/info')
@require_oauth()
def public_info():
return jsonify(status='ok')
@app.route('/acquire')
def test_acquire():
with require_oauth.acquire('profile') as token:
user = token.user
return jsonify(id=user.id, username=user.username)
def setup_oauth2_resource_protector(main_app: Flask):
"""
Configure OAuth2 endpoints protector
"""
BearerTokenValidator = create_bearer_token_validator(
db.session, APIAccessToken)
ResourceProtector.register_token_validator(BearerTokenValidator())
def config_oauth(app):
authorization.init_app(app, query_client=query_client,
save_token=save_token)
authorization.register_grant(PasswordGrant)
revocation_cls = create_revocation_endpoint(db.session, Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
revocation_cls = create_revocation_endpoint(db.session, Token)
authorization.register_endpoint(revocation_cls)
bearer_cls = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(bearer_cls())
def init_app(app):
server.init_app(app)
# register it to grant endpoint
server.register_grant(grants.ImplicitGrant)
server.register_grant(AuthorizationCodeGrant)
server.register_grant(grants.ClientCredentialsGrant)
server.register_grant(PasswordGrant)
server.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, Token)
server.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
# support all grants
# authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
# support all grants
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
authorization.init_app(app)
# all grant types
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
# custom grants
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# revocations
revocation_class = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_class)
bearer_class = create_bearer_token_validator(db.session, OAuth2Token)
# make sure to instantiate bearer object instance
require_oauth.register_token_validator(bearer_class())
def config_oauth(app):
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization.init_app(
app,
query_client=query_client,
save_token=save_token
)
# support all openid grants
authorization.register_grant(AuthorizationCodeGrant, [
OpenIDCode(required_nonce=True),
])
authorization.register_grant(ImplicitGrant)
authorization.register_grant(HybridGrant)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def config_oauth(app):
"""OAuth配置app"""
query_client = create_query_client_func(db.session, OAuth2Client)
save_token = create_save_token_func(db.session, OAuth2Token)
authorization.init_app(app,
query_client=query_client,
save_token=save_token)
# support all grants
authorization.register_grant(grants.ImplicitGrant)
authorization.register_grant(grants.ClientCredentialsGrant)
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(PasswordGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
authorization.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
require_oauth.register_token_validator(bearer_cls())
def init_app(self, app, query_client=None, save_token=None):
from app.extensions import db
if query_client is None:
query_client = create_query_client_func(db.session, OAuth2Client)
if save_token is None:
save_token = create_save_token_func(db.session, OAuth2Token)
super().init_app(app, query_client=query_client, save_token=save_token)
# support all grants
self.register_grant(grants.ImplicitGrant)
self.register_grant(grants.ClientCredentialsGrant)
self.register_grant(AuthorizationCodeGrant)
self.register_grant(PasswordGrant)
self.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
self.register_endpoint(revocation_cls)
# protect resource
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
OAuth2ResourceProtector.register_token_validator(bearer_cls())
self._require_oauth = OAuth2ResourceProtector()
#def query_client(client_id):
# return Client.query.filter_by(client_id=client_id).first()
def save_token(token, request):
authCode = AuthorizationCode.query.filter_by(
code=request.code, client_id=request.client.client_id).first()
print(authCode)
if authCode and not authCode.is_expired():
payment_agreement = PaymentAgreement.query.filter_by(
user_id=authCode.user_id, client_id=authCode.client_id).first()
item = Token(client_id=authCode.client_id,
user_id=authCode.user_id,
payment_agreement_id=payment_agreement.id,
**token)
db.session.add(item)
db.session.commit()
#Registering grants
authorization.register_grant(AuthorizationCodeGrant)
authorization.register_grant(RefreshTokenGrant)
# support revocation
revocation_cls = create_revocation_endpoint(db.session, Token)
authorization.register_endpoint(revocation_cls)
#Resourse Protector
bearer_cls = create_bearer_token_validator(db.session, Token)
require_oauth.register_token_validator(bearer_cls())
# scopes definition
scopes = {
'email': 'Access to your email address.',
}
class MyBearerTokenValidator(BearerTokenValidator):
def authenticate_token(self, token_string):
print('WAT : token_string = %s' % token_string)
return OAuth2Token.query.filter_by(access_token=token_string).first()
def request_invalid(self, request):
return False
def token_revoked(self, token):
token.revoked
# protect resource
query_token = create_query_token_func(db.session, OAuth2Token)
#require_oauth = ResourceProtector(query_token=query_token)
from authlib.flask.oauth2.sqla import create_bearer_token_validator
BearerTokenValidator = create_bearer_token_validator(db.session, OAuth2Token)
ResourceProtector.register_token_validator(BearerTokenValidator())
require_oauth = ResourceProtector()
def init_app(app):
authorization.init_app(app)
