def create_service_token(client, user): """Generate and return a bearer token for service calls Partners need a mechanism for automated, authorized API access. This function returns a bearer token for subsequent authorized calls. NB - as this opens a back door, it's only offered to users with the single role 'service'. """ if not current_app.config.get('TESTING') and ( len(user.roles) > 1 or user.roles[0].name != ROLE.SERVICE.value): raise ValueError("only service users can create service tokens") # Hacking a backdoor into the OAuth protocol to generate a valid token # Mock the request and validation needed to pass from oauthlib.oauth2.rfc6749.tokens import BearerToken fake_request = Mock() fake_request.state, fake_request.extra_credentials = None, None fake_request.client = client fake_request.user = user fake_request.scopes = ['email'] request_validator = Mock() request_validator.save_bearer_token = save_token bt = BearerToken(request_validator=request_validator) bt.expires_in = int(timedelta(days=365).total_seconds()) # one year bt.create_token(fake_request) # Token should now exist as only token for said user - return it return Token.query.filter_by(user_id=user.id).first()
def create_service_token(client, user): """Generate and return a bearer token for service calls Partners need a mechanism for automated, authorized API access. This function returns a bearer token for subsequent authorized calls. NB - as this opens a back door, it's only offered to users with the single role 'service'. """ if not current_app.config.get('TESTING') and ( len(user.roles) > 1 or user.roles[0].name != ROLE.SERVICE.value): raise ValueError("only service users can create service tokens") # Hacking a backdoor into the OAuth protocol to generate a valid token # Mock the request and validation needed to pass from oauthlib.oauth2.rfc6749.tokens import BearerToken fake_request = Mock() fake_request.state, fake_request.extra_credentials = None, None fake_request.client = client fake_request.user = user fake_request.scopes = ['email'] request_validator = Mock() request_validator.save_bearer_token = save_token bt = BearerToken(request_validator=request_validator) bt.expires_in = int(timedelta(days=365).total_seconds()) # one year bt.create_token(fake_request) # Token should now exist as only token for said user - return it return Token.query.filter_by(user_id=user.id).first()
def create_access_token(self, request, user, scope, client): """ Create and return a new access token. """ _days = 24 * 60 * 60 token_generator = BearerToken( expires_in=settings.OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS * _days, request_validator=oauth2_settings.OAUTH2_VALIDATOR_CLASS(), ) self._populate_create_access_token_request(request, user, scope, client) return token_generator.create_token(request, refresh_token=True)
def create_access_token(self, request, user, scope, client): """ Create and return a new access token. """ _days = 24 * 60 * 60 token_generator = BearerToken( expires_in=settings.OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS * _days, request_validator=oauth2_settings.OAUTH2_VALIDATOR_CLASS(), ) self._populate_create_access_token_request(request, user, scope, client) return token_generator.create_token(request, refresh_token=True)
def create_dot_access_token(request, user, client, expires_in=None, scopes=None): """ Create and return a new (persisted) access token, including a refresh token. The token is returned in the form of a Dict: { u'access_token': u'some string', u'refresh_token': u'another string', u'token_type': u'Bearer', u'expires_in': 36000, u'scope': u'profile email', }, """ expires_in = _get_expires_in_value(expires_in) token_generator = BearerToken( expires_in=expires_in, request_validator=dot_settings.OAUTH2_VALIDATOR_CLASS(), ) _populate_create_access_token_request(request, user, client, scopes) return token_generator.create_token(request, refresh_token=True)
def create_dot_access_token(request, user, client, expires_in=None, scopes=None): """ Create and return a new (persisted) access token, including a refresh token. The token is returned in the form of a Dict: { u'access_token': u'some string', u'refresh_token': u'another string', u'token_type': u'Bearer', u'expires_in': 36000, u'scope': u'profile email', }, """ expires_in = _get_expires_in_value(expires_in) token_generator = BearerToken( expires_in=expires_in, request_validator=dot_settings.OAUTH2_VALIDATOR_CLASS(), ) _populate_create_access_token_request(request, user, client, scopes) return token_generator.create_token(request, refresh_token=True)
def create_access_token(self, user, oauth_client): class RequestValidator(object): def save_bearer_token(self, token, request): print token return Token.set_for_oauth2(token, request) validator = RequestValidator() bearer_token_generator = BearerToken(request_validator=validator, expires_in=3600) class RequestMock(object): scopes = ['admin'] state = '123' extra_credentials = None def __init__(self, user, client): self.user = user self.client = client request = RequestMock(user=user, client=oauth_client) token = bearer_token_generator.create_token(request, refresh_token=True) return token['access_token']