def create_authorization_server(app): query_client = create_query_client_func(db.session, Client) server = AuthorizationServer(app, query_client) @app.route('/oauth/authorize', methods=['GET', 'POST']) def authorize(): if request.method == 'GET': try: server.validate_authorization_request() return 'ok' except OAuth2Error as error: return error.error user_id = request.form.get('user_id') if user_id: grant_user = User.query.get(int(user_id)) else: grant_user = None return server.create_authorization_response(grant_user) @app.route('/oauth/token', methods=['GET', 'POST']) def issue_token(): return server.create_token_response() @app.route('/oauth/revoke', methods=['POST']) def revoke_token(): return server.create_revocation_response() return server
def init_oauth(app): """OAuth配置app""" # 认证服务器的配置 query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) # 注册 code 授权 authorization.register_grant(PasswordGrant) # 注册密码授权 authorization.register_grant(RefreshTokenGrant) # 注册 refresh token 授权 # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # 资源服务器的配置 # protect resource # only bearer token is supported currently require_oauth.register_token_validator(MyBearerTokenValidator())
def create_authorization_server(app): query_client = create_query_client_func(db.session, Client) save_token = create_save_token_func(db.session, Token) def exists_nonce(nonce, req): exists = AuthorizationCode.query.filter_by(client_id=req.client_id, nonce=nonce).first() return bool(exists) server = AuthorizationServer( app, query_client=query_client, save_token=save_token, ) server.register_hook('exists_nonce', exists_nonce) @app.route('/oauth/authorize', methods=['GET', 'POST']) def authorize(): if request.method == 'GET': user_id = request.args.get('user_id') if user_id: end_user = User.query.get(int(user_id)) else: end_user = None try: grant = server.validate_consent_request(end_user=end_user) return grant.prompt or 'ok' except OAuth2Error as error: return error.error user_id = request.form.get('user_id') if user_id: grant_user = User.query.get(int(user_id)) else: grant_user = None return server.create_authorization_response(grant_user=grant_user) @app.route('/oauth/token', methods=['GET', 'POST']) def issue_token(): return server.create_token_response() @app.route('/oauth/revoke', methods=['POST']) def revoke_token(): return server.create_endpoint_response('revocation') @app.route('/oauth/introspect', methods=['POST']) def introspect_token(): return server.create_endpoint_response('introspection') return server
def create_authorization_server(app, lazy=False): query_client = create_query_client_func(db.session, Client) save_token = create_save_token_func(db.session, Token) if lazy: server = AuthorizationServer() server.init_app(app, query_client, save_token) else: server = AuthorizationServer(app, query_client, save_token) server.register_hook('exists_nonce', exists_nonce) @app.route('/oauth/authorize', methods=['GET', 'POST']) def authorize(): if request.method == 'GET': user_id = request.args.get('user_id') if user_id: end_user = User.query.get(int(user_id)) else: end_user = None try: grant = server.validate_consent_request(end_user=end_user) return grant.prompt or 'ok' except OAuth2Error as error: return url_encode(error.get_body()) user_id = request.form.get('user_id') if user_id: grant_user = User.query.get(int(user_id)) else: grant_user = None return server.create_authorization_response(grant_user=grant_user) @app.route('/oauth/token', methods=['GET', 'POST']) def issue_token(): return server.create_token_response() @app.route('/oauth/revoke', methods=['POST']) def revoke_token(): return server.create_endpoint_response('revocation') @app.route('/oauth/introspect', methods=['POST']) def introspect_token(): return server.create_endpoint_response('introspection') return server
def config_oauth(app): query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app( app, query_client=query_client, save_token=save_token ) # support all openid grants authorization.register_grant(AuthorizationCodeGrant, [ OpenIDCode(required_nonce=True), ]) authorization.register_grant(ImplicitGrant) authorization.register_grant(HybridGrant) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def init_app(self, app, query_client=None, save_token=None): from app.extensions import db if query_client is None: query_client = create_query_client_func(db.session, OAuth2Client) if save_token is None: save_token = create_save_token_func(db.session, OAuth2Token) super().init_app(app, query_client=query_client, save_token=save_token) # support all grants self.register_grant(grants.ImplicitGrant) self.register_grant(grants.ClientCredentialsGrant) self.register_grant(AuthorizationCodeGrant) self.register_grant(PasswordGrant) self.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) self.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) OAuth2ResourceProtector.register_token_validator(bearer_cls()) self._require_oauth = OAuth2ResourceProtector()
user = User.query.filter_by(username=username).first() if user.check_password(password): return user class RefreshTokenGrant(grants.RefreshTokenGrant): def authenticate_refresh_token(self, refresh_token): token = OAuth2Token.query.filter_by(refresh_token=refresh_token).first() if token and not token.revoked and not token.is_refresh_token_expired(): return token def authenticate_user(self, credential): return User.query.get(credential.user_id) query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization = AuthorizationServer( query_client=query_client, save_token=save_token, ) require_oauth = ResourceProtector() def config_oauth(app): authorization.init_app(app) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant)
def authenticate_user(self, authorization_code): return User.query.filter_by(id=authorization_code.user_id).first() class RefreshTokenGrant(grants.RefreshTokenGrant): def authenticate_refresh_token(self, refresh_token): item = Token.query.filter_by(refresh_token=refresh_token).first() if item and not item.is_refresh_token_expired(): return item def authenticate_user(self, credential): return User.query.filter_by(id=credential.user_id).first() query_client = create_query_client_func(db.session, Client) #def query_client(client_id): # return Client.query.filter_by(client_id=client_id).first() def save_token(token, request): authCode = AuthorizationCode.query.filter_by( code=request.code, client_id=request.client.client_id).first() print(authCode) if authCode and not authCode.is_expired(): payment_agreement = PaymentAgreement.query.filter_by( user_id=authCode.user_id, client_id=authCode.client_id).first() item = Token(client_id=authCode.client_id, user_id=authCode.user_id,
user = User.query.filter_by(username=username).first() if user.check_password(password): return user class RefreshTokenGrant(grants.RefreshTokenGrant): def authenticate_refresh_token(self, refresh_token): item = OAuth2Token.query.filter_by(refresh_token=refresh_token).first() if item and not item.is_refresh_token_expired(): return item def authenticate_user(self, credential): return User.query.get(credential.user_id) query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization = AuthorizationServer( query_client=query_client, save_token=save_token, ) require_oauth = ResourceProtector() def config_oauth(app): authorization.init_app(app) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant)