def get_token(self, token_id, scope):
"""Retrieves a registered token by token ID and required scope.
@type token_id: basestring
@param token_id: token ID
@type scope: basestring
@param scope: required scopes as space separated string
"""
try:
token = self.get_value(token_id)
except KeyError:
log.debug("Request for token of ID that is not registered: %s",
token_id)
return None, 'invalid_token'
if not token.valid:
log.debug("Request for invalid token of ID: %s", token_id)
return None, 'invalid_token'
if token.expires <= datetime.utcnow():
log.debug("Request for expired token of ID: %s", token_id)
return None, 'invalid_token'
# Check scope
if not scopeutil.isScopeGranted(token.scope,
scopeutil.scopeStringToList(scope)):
log.debug("Request for token of ID: %s - token was not granted "
"scope %s", token_id, scope)
return None, 'insufficient_scope'
return token, None
def __init__(self, token_id, request, grant, token_type, lifetime):
self.token_id = token_id
self.token_type = token_type
self.grant = grant
self.scope = scopeutil.scopeStringToList(grant.scope_str)
self.timestamp = datetime.now()
self.lifetime = lifetime
self.expires = self.timestamp + timedelta(days=0, seconds=lifetime)
self.valid = True
def from_token_request(cls, token_type, grant, lifetime):
'''Create an instance from a token request. This applies to the
Authorization Code Grant flow
'''
obj = cls(token_type, lifetime)
obj.token_type = token_type
obj.grant = grant
obj.scope = scopeutil.scopeStringToList(grant.scope_str)
return obj
def __init__(self, user, client_id, scope, is_authorized):
self.user = user
self.client_id = client_id
self.scope = scopeutil.scopeStringToList(scope)
self.is_authorized = is_authorized
