def get_original_scopes(self, refresh_token, request, *args, **kwargs): # Obtain the token associated with the given refresh_token and # return its scopes, these will be passed on to the refreshed # access token if the client did not specify a scope during the # request. token = Token.objects(refresh_token=refresh_token).first() if token: return token.scopes
def get_original_scopes(self, refresh_token, request, *args, **kwargs): # Obtain the token associated with the given refresh_token and # return its scopes, these will be passed on to the refreshed # access token if the client did not specify a scope during the # request. token = Token.objects(refresh_token=refresh_token).first() if token: return token.scopes
def validate_bearer_token(self, token, scopes, request): # Remember to check expiration and scope membership t = Token.objects(access_token=request.access_token).first() if t: valid = (set(t.scopes) & set(scopes)) valid = valid and t.expires_at > get_utc_time() request.user = valid and t.user or None return valid return False
def validate_bearer_token(self, token, scopes, request): # Remember to check expiration and scope membership t = Token.objects(access_token=request.access_token).first() if t: valid = (set(t.scopes) & set(scopes)) valid = valid and t.expires_at > get_utc_time() request.user = valid and t.user or None return valid return False
def post(self, *args, **kwargs): grant_type = self.get_argument('grant_type', None) code = self.get_argument('code', None) redirect_uri = self.get_argument('redirect_uri', None) client_id = self.get_argument('client_id', None) scope = self.get_argument('scope', None) username = self.get_argument('username', None) password = self.get_argument('password', None) refresh_token = self.get_argument('refresh_token', None) try: msg = 'Token request failed: %s' if not grant_type: raise Exception(msg % 'missing grant_type') body = '' base_uri, uri = self.get_uri() headers = self.get_headers() # TODO body if grant_type == 'authorization_code': if not code: raise Exception(msg % 'missing code') body += 'grant_type=authorization_code&' body += 'code=%s&' % code body += 'redirect_uri=%s&' % url_escape(redirect_uri) body += 'client_id=%s&' % client_id elif grant_type == 'password': if not password or not username: raise Exception(msg % 'missing password or username') body += 'grant_type=password&' body += 'client_id=%s&' % client_id body += 'username=%s&password=%s&' % (username, password) body += 'scope=%s&' % scope if scope else '' elif grant_type == 'client_credentials': body += 'grant_type=client_credentials&' body += 'scope=%s&' % scope elif grant_type == 'refresh_token': body += 'grant_type=refresh_token&' body += 'refresh_token=%s&' % refresh_token body += 'client_id=%s&' % client_id else: raise Exception(msg % 'unknown grant_type') headers, body, status = self.endpoint.create_token_response( base_uri + '/token', 'POST', body, headers, {}) # error messages should be handlered here # body['error'], body['error_description'] # password login behaviors data = json.loads(body) token = Token.objects(access_token=data['access_token']).first() user = token.user data['username'] = user.username self.set_status(201) self.write(data) except Exception as e: reason = e.message self.raise400(reason=reason)
def validate_refresh_token(self, refresh_token, client, request, *args, **kwargs): token = Token.objects(refresh_token=refresh_token).first() if token: if client != token.client: return False scopes = client.scopes if client.scopes else client.default_scopes if not (set(token.scopes) & set(scopes)): return False request.user = token.user return True return False
def validate_refresh_token(self, refresh_token, client, request, *args, **kwargs): token = Token.objects(refresh_token=refresh_token).first() if token: if client != token.client: return False scopes = client.scopes if client.scopes else client.default_scopes if not (set(token.scopes) & set(scopes)): return False request.user = token.user return True return False
def save_bearer_token(self, token, request, *args, **kwargs): # Remember to associate it with request.scopes, request.user and # request.client. The two former will be set when you validate # the authorization code. Don't forget to save both the # access_token and the refresh_token and set expiration for the # access_token to now + expires_in seconds. Token(client=request.client, user=request.user, scopes=request.scopes, access_token=token['access_token'], refresh_token=token['refresh_token'], expires_at=get_utc_time(token['expires_in'])).save() return request.client.default_redirect_uri
def revoke_token(self, token, token_type_hint, request, *args, **kwargs): if not token_type_hint or token_type_hint == 'access_token': t = Token.objects(access_token=token) elif token_type_hint == 'refresh_token': t = Token.objects(refresh_token=token) t.delete()
def revoke_token(self, token, token_type_hint, request, *args, **kwargs): if not token_type_hint or token_type_hint == 'access_token': t = Token.objects(access_token=token) elif token_type_hint == 'refresh_token': t = Token.objects(refresh_token=token) t.delete()