def acquire_token(self, request, scopes=None):
"""A method to acquire current valid token with the given scope.
:param request: Django HTTP request instance
:param scopes: a list of scope values
:return: token object
"""
url = request.get_raw_uri()
req = HttpRequest(request.method, url, request.body, request.headers)
req.req = request
if isinstance(scopes, str):
scopes = [scopes]
token = self.validate_request(scopes, req)
token_authenticated.send(sender=self.__class__, token=token)
return token
def validate_request(self,
scope: Optional[Union[list, str]],
request: HttpRequest,
scope_operator: str = "AND"):
"""
This method overloads the `validate_request` method in the base `authlib.oauth2.ResourceProtector` class to
support cases where an access token may not be set directly in the request as an authorisation header but within
a user session.
This usually occurs when applications support stateful sessions via a web browser, in addition or instead of an
stateless API.
If a session is active, contains an 'access_token' value, and there is no Authorization header already set, this
method will add one for compatibility with the Resource Protector class.
"""
if session.get("access_token"
) and "Authorization" not in request.headers.keys():
headers = {
header: value
for header, value in request.headers.items()
}
headers["Authorization"] = f"Bearer {session.get('access_token')}"
request = HttpRequest(method=request.method,
uri=request.uri,
data=request.data,
headers=headers)
return super().validate_request(scope, request, scope_operator)
def acquire_token(self, scopes=None):
"""A method to acquire current valid token with the given scope.
:param scopes: a list of scope values
:return: token object
"""
request = HttpRequest(_req.method, _req.full_path, _req.data,
_req.headers)
request.req = _req
# backward compatible
if isinstance(scopes, str):
scopes = [scopes]
token = self.validate_request(scopes, request)
token_authenticated.send(self, token=token)
ctx = _app_ctx_stack.top
ctx.authlib_server_oauth2_token = token
return token
def acquire_token(self, request=None, scope=None):
"""A method to acquire current valid token with the given scope.
:param request: request object
:param scope: string or list of scope values
:return: token object
"""
http_request = HttpRequest(request.method, request.url, {},
request.headers)
token = self.validate_request(scope, http_request)
request.state.token = token
return token
def acquire_token(self, request, scope=None, operator='AND'):
"""A method to acquire current valid token with the given scope.
:param request: Django HTTP request instance
:param scope: string or list of scope values
:param operator: value of "AND" or "OR"
:return: token object
"""
url = request.get_raw_uri()
req = HttpRequest(request.method, url, request.body, request.headers)
if not callable(operator):
operator = operator.upper()
token = self.validate_request(scope, req, operator)
token_authenticated.send(sender=self.__class__, token=token)
return token
def acquire_token(self, scope=None, operator='AND'):
"""A method to acquire current valid token with the given scope.
:param scope: string or list of scope values
:param operator: value of "AND" or "OR"
:return: token object
"""
request = HttpRequest(_req.method, _req.full_path, _req.data,
_req.headers)
if not callable(operator):
operator = operator.upper()
token = self.validate_request(scope, request, operator)
token_authenticated.send(self, token=token)
ctx = _app_ctx_stack.top
ctx.authlib_server_oauth2_token = token
return token