def config_oauth(app): auth_server.init_app(app, query_client=query_client, save_token=save_token_to_db_and_redis) # support all grants auth_server.register_grant(grants.ImplicitGrant) auth_server.register_grant(grants.ClientCredentialsGrant) auth_server.register_grant(AuthorizationCodeGrant) auth_server.register_grant(RefreshTokenGrant) auth_server.redis_client = redis.Redis.from_url(app.config['REDIS_URI'], decode_responses=True) permission.deps.init_redis(auth_server.redis_client) # support revocation SQLARevocationEndpoint = create_revocation_endpoint( db.session, OAuth2Token) class RedisRevocationEndpoint(SQLARevocationEndpoint): def revoke_token(self, token): super().revoke_token(token) auth_server.redis_client.delete('token:{}'.format( token.access_token)) auth_server.register_endpoint(RedisRevocationEndpoint) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def init_oauth(app): """OAuth配置app""" # 认证服务器的配置 query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) # 注册 code 授权 authorization.register_grant(PasswordGrant) # 注册密码授权 authorization.register_grant(RefreshTokenGrant) # 注册 refresh token 授权 # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # 资源服务器的配置 # protect resource # only bearer token is supported currently require_oauth.register_token_validator(MyBearerTokenValidator())
def config_oauth(app): authorization.init_app(app, query_client=query_client, save_token=save_token) authorization.register_grant(PasswordGrant) revocation_cls = create_revocation_endpoint(db.session, Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) revocation_cls = create_revocation_endpoint(db.session, Token) authorization.register_endpoint(revocation_cls) bearer_cls = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(bearer_cls())
def init_app(app): server.init_app(app) # register it to grant endpoint server.register_grant(grants.ImplicitGrant) server.register_grant(AuthorizationCodeGrant) server.register_grant(grants.ClientCredentialsGrant) server.register_grant(PasswordGrant) server.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, Token) server.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) # support all grants # authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def config_oauth(app): authorization.init_app(app) # all grant types authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) # custom grants authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # revocations revocation_class = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_class) bearer_class = create_bearer_token_validator(db.session, OAuth2Token) # make sure to instantiate bearer object instance require_oauth.register_token_validator(bearer_class())
def config_oauth(app): """OAuth配置app""" query_client = create_query_client_func(db.session, OAuth2Client) save_token = create_save_token_func(db.session, OAuth2Token) authorization.init_app(app, query_client=query_client, save_token=save_token) # support all grants authorization.register_grant(grants.ImplicitGrant) authorization.register_grant(grants.ClientCredentialsGrant) authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(PasswordGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) authorization.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) require_oauth.register_token_validator(bearer_cls())
def init_app(self, app, query_client=None, save_token=None): from app.extensions import db if query_client is None: query_client = create_query_client_func(db.session, OAuth2Client) if save_token is None: save_token = create_save_token_func(db.session, OAuth2Token) super().init_app(app, query_client=query_client, save_token=save_token) # support all grants self.register_grant(grants.ImplicitGrant) self.register_grant(grants.ClientCredentialsGrant) self.register_grant(AuthorizationCodeGrant) self.register_grant(PasswordGrant) self.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) self.register_endpoint(revocation_cls) # protect resource bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) OAuth2ResourceProtector.register_token_validator(bearer_cls()) self._require_oauth = OAuth2ResourceProtector()
from flask import json from authlib.flask.oauth2.sqla import create_revocation_endpoint from .oauth2_server import db, User, Client, Token from .oauth2_server import TestCase from .oauth2_server import create_authorization_server RevocationEndpoint = create_revocation_endpoint(db.session, Token) class RevokeTokenTest(TestCase): def prepare_data(self): server = create_authorization_server(self.app) server.register_endpoint(RevocationEndpoint) user = User(username='******') db.session.add(user) db.session.commit() client = Client( user_id=user.id, client_id='revoke-client', client_secret='revoke-secret', redirect_uri='http://localhost/authorized', scope='profile', ) db.session.add(client) db.session.commit() def create_token(self): token = Token( user_id=1, client_id='revoke-client',
#def query_client(client_id): # return Client.query.filter_by(client_id=client_id).first() def save_token(token, request): authCode = AuthorizationCode.query.filter_by( code=request.code, client_id=request.client.client_id).first() print(authCode) if authCode and not authCode.is_expired(): payment_agreement = PaymentAgreement.query.filter_by( user_id=authCode.user_id, client_id=authCode.client_id).first() item = Token(client_id=authCode.client_id, user_id=authCode.user_id, payment_agreement_id=payment_agreement.id, **token) db.session.add(item) db.session.commit() #Registering grants authorization.register_grant(AuthorizationCodeGrant) authorization.register_grant(RefreshTokenGrant) # support revocation revocation_cls = create_revocation_endpoint(db.session, Token) authorization.register_endpoint(revocation_cls) #Resourse Protector bearer_cls = create_bearer_token_validator(db.session, Token) require_oauth.register_token_validator(bearer_cls())