def persona_login(request): assertion = request.POST.get('assertion', '') audience = request.build_absolute_uri('/') resp = requests.post('https://verifier.login.persona.org/verify', { 'assertion': assertion, 'audience': audience }) if resp.json['status'] != 'okay': return render_authentication_error(request) email = resp.json['email'] user = User(email=email) extra_data = resp.json account = SocialAccount(uid=email, provider=PersonaProvider.id, extra_data=extra_data, user=user) # TBD: Persona e-mail addresses are verified, so we could check if # a matching local user account already exists with an identical # verified e-mail address and short-circuit the social login. Then # again, this holds for all social providers that guarantee # verified e-mail addresses, so if at all, short-circuiting should # probably not be handled here... login = SocialLogin(account) login.state = SocialLogin.state_from_request(request) return complete_social_login(request, login)
def get_access_token(self, code): params = {'client_id': self.consumer_key, 'redirect_uri': self.callback_url, 'grant_type': 'authorization_code', 'client_secret': self.consumer_secret, 'scope': self.scope, 'code': code} params = dict(params.items() + self.extra_access_token_post_params.items()) url = self.access_token_url # TODO: Proper exception handling resp = requests.post(url, params, True) access_token = None if resp.status_code == 200: if resp.headers['content-type'].split(';')[0] == 'application/json': data = resp.json else: data = dict(urlparse.parse_qsl(resp.content)) access_token = data.get('access_token') refresh_token = data.get('refresh_token', None) if not access_token: raise OAuth2Error('Error retrieving access token: %s' % resp.content) return access_token, refresh_token
def refresh_token(self): account = self.account app = SocialApp.objects.get_current(self.account.get_provider().id) tokens = SocialToken.objects.filter(app=app, account=account).order_by('-id') if tokens: token = tokens[0] response = requests.post('https://accounts.google.com/o/oauth2/token', { 'client_id': app.key, 'client_secret': app.secret, 'refresh_token': token.token_secret, 'grant_type': 'refresh_token' }) if 'access_token' in response.json: token.token = response.json['access_token'] token.save()
def get_access_token(self, code): params = {'client_id': self.consumer_key, 'redirect_uri': self.callback_url, 'grant_type': 'authorization_code', 'client_secret': self.consumer_secret, 'scope': self.scope, 'code': code} url = self.access_token_url # TODO: Proper exception handling resp = requests.post(url, params) access_token = None if resp.status_code == 200: if resp.headers['content-type'].split(';')[0] == 'application/json': data = resp.json else: data = dict(urlparse.parse_qsl(resp.content)) access_token = data.get('access_token') if not access_token: raise OAuth2Error('Error retrieving access token: %s' % resp.content) return access_token
def get_access_token(self, code): client = httplib2.Http() params = {'client_id': self.consumer_key, 'redirect_uri': self.callback_url, 'grant_type': 'authorization_code', 'client_secret': self.consumer_secret, 'scope': self.scope, 'code': code} url = self.access_token_url # TODO: Proper exception handling resp = requests.post(url, params) access_token = None if resp.status_code == 200: if resp.headers['content-type'] == 'application/json': data = resp.json else: data = dict(urlparse.parse_qsl(resp.content)) access_token = data.get('access_token') if not access_token: raise OAuth2Error('Error retrieving access token: %s' % resp.content) return access_token