def validate_params(self): ## TODO get user from session #self.user = users.get_current_user() # if self.request.method == 'POST' and not self.user: # self.error(403) # self.response.out.write("Authentication required.") # return False self.redirect_uri = self.request.get('redirect_uri') if not self.redirect_uri: self.error(400) self.response.out.write("The parameter redirect_uri is required.") return False # TODO: validate url? if not self.request.get('response_type') in self.SUPPORTED_RESPONSE_TYPES: self.authz_error('unsupported_response_type', "The requested response type is not supported.") return False self.client = OAuth_Client.get_by_client_id(str(self.request.get('client_id'))) if not self.client: self.authz_error('invalid_client', "The client identifier provided is invalid.") return False logging.info(str(self.client.redirect_uri)) logging.info(str(self.redirect_uri)) if self.client.redirect_uri: if str(self.client.redirect_uri) != str(self.redirect_uri): self.authz_error('redirect_uri_mismatch', "The redirection URI provided does not match a pre-registered value.") return False return True
def handle(self): # TODO: MUST require transport-level security if self.request.headers.get('Authorization', '').startswith('Basic'): client_secret = self.request.headers['Authorization'].split(' ')[1] else: client_secret = self.request.get('client_secret') logging.debug('Client Secret ='+str(client_secret)) client_id = self.request.get('client_id') grant_type = self.request.get('grant_type') scope = self.request.get('scope') if not grant_type in self.SUPPORTED_GRANT_TYPES: self.render_error('unsupported_grant_type', "Grant type not supported.") return client = OAuth_Client.authenticate(client_id, client_secret) logging.debug('Client ID ='+str(client_id)) if not client: self.render_error('invalid_client', "Invalid client credentials.") return # Dispatch to one of the grant handlers below getattr(self, 'handle_%s' % grant_type)(client, scope)