Пример #1
0
 def parse_token(self, data):
     token = SocialToken(token=data["access_token"])
     token.token_secret = data.get("refresh_token", "")
     expires_in = data.get(self.expires_in_key, None)
     if expires_in:
         token.expires_at = timezone.now() + timedelta(seconds=int(expires_in))
     return token
Пример #2
0
 def parse_token(self, data):
     token = SocialToken(token=data['access_token'])
     token.token_secret = data.get('refresh_token', '')
     expires_in = data.get(self.expires_in_key, None)
     if expires_in:
         token.expires_at = timezone.now() + timedelta(seconds=int(expires_in))
     return token
Пример #3
0
    def parse_token(self, data, app=None):
        # parse token header and get relevant public key
        unverified_header, unverified_claims = jwt.process_jwt(
            data['id_token'])
        public_key = self.get_public_key(unverified_header.get('kid'))

        # verify signature, iat, exp
        header, claims = jwt.verify_jwt(data['id_token'],
                                        public_key, ['RS256'],
                                        timedelta(minutes=1),
                                        checks_optional=True)

        # Verify we are the intended audience for the token
        intended_audiences = [self.intended_aud]
        if app is not None:
            intended_audiences.append(app.client_id)
        if claims.get('aud') is not None and claims.get(
                'aud') not in intended_audiences:
            raise OAuth2Error(
                "JWT aud {} does not match intended audience {}".format(
                    claims.get('aud'), self.intended_aud))

        social_token = SocialToken(token=data['id_token'])
        social_token.expires_at = datetime.fromtimestamp(claims['iat'],
                                                         tz=timezone.utc)
        return social_token
Пример #4
0
    def post(self, request):
        serializer = OAuthTokenSerializer(data=request.data)

        non_field_error_key = getattr(
            settings, "NON_FIELD_ERRORS_KEY", "non_field_errors"
        )

        provider = self.provider(request)

        err_r = JsonResponse({non_field_error_key: {"error": "Access token invalid"}})
        if not serializer.is_valid():
            return err_r
        data = serializer.validated_data

        # Create the token
        # from allauth.socialaccount.providers.oauth2.views.OAuth2Adapter.parse_token
        token = SocialToken(token=data["access_token"])
        token.token_secret = data.get("refresh_token", "")
        token.app = provider.get_app(request)
        expires_in = data.get(self.expires_in_key, None)
        if expires_in:
            token.expires_at = timezone.now() + timedelta(seconds=int(expires_in))

        # Verify the access token works
        resp = requests.get(
            self.profile_url,
            params={"access_token": token.token, "alt": "json"},
        )
        if resp.status_code > 299:
            # We've got a problem
            return err_r
        extra_data = resp.json()
        login = provider.sociallogin_from_response(request, extra_data)
        login.lookup()
        if not login.is_existing:
            login.save(request)

        # Create SimpleJWT tokens for consumer authentication purposes
        simple_token = RefreshToken.for_user(login.user)

        def save_info_in_simple_token(_token):
            _token["provider_id"] = provider.id
            _token["provider_access_token"] = data["access_token"]
            _token["provider_refresh_token"] = token.token_secret
            return str(_token)

        return JsonResponse(
            {
                "access_token": save_info_in_simple_token(simple_token.access_token),
                "refresh_token": save_info_in_simple_token(simple_token),
            }
        )
Пример #5
0
    def parse_token(self, data):
        token = SocialToken(token=data["access_token"], )
        token.token_secret = data.get("refresh_token", "")

        expires_in = data.get(self.expires_in_key)
        if expires_in:
            token.expires_at = timezone.now() + timedelta(
                seconds=int(expires_in))

        # `user_data` is a big flat dictionary with the parsed JWT claims
        # access_tokens, and user info from the apple post.
        identity_data = self.get_verified_identity_data(data["id_token"])
        token.user_data = {**data, **identity_data}

        return token
Пример #6
0
    def parse_token(self, data):
        """
        data: access_token data from line
        """
        settings = app_settings.PROVIDERS.get(self.provider_id, {})
        if "email" in settings.get("SCOPE", ""):
            token = SocialToken(token=data["id_token"])
        else:
            token = SocialToken(token=data["access_token"])
        token.token_secret = data.get("refresh_token", "")
        expires_in = data.get(self.expires_in_key, None)
        if expires_in:
            token.expires_at = timezone.now() + timedelta(
                seconds=int(expires_in))

        return token
Пример #7
0
    def parse_token(self, data):
        token = SocialToken(token=data["access_token"])
        token.token_secret = data.get("refresh_token", "")
        public_key = self.get_public_key(data["id_token"])
        provider = self.get_provider()
        client_id = self.get_client_id(provider)

        token.user_data = jwt.decode(
            data["id_token"],
            public_key,
            algorithm="RS256",
            verify=True,
            audience=client_id,
        )
        token.user_data["first_name"] = data.get("first_name", "")
        token.user_data["last_name"] = data.get("last_name", "")

        expires_in = data.get(self.expires_in_key, None)
        if expires_in:
            token.expires_at = timezone.now() + timedelta(
                seconds=int(expires_in))
        return token