def create_authorization_response(self, grant_user): state = self.request.state if grant_user: self.request.user = grant_user client = self.request.client token = self.generate_token(client, self.GRANT_TYPE, user=grant_user, scope=self.request.scope, include_refresh_token=False) if self.request.response_type == 'id_token': token = { 'expires_in': token['expires_in'], 'scope': token['scope'], } token = self.process_token(token, self.request) else: log.debug('Grant token {!r} to {!r}'.format(token, client)) self.server.save_token(token, self.request) token = self.process_token(token, self.request) params = [(k, token[k]) for k in token] if state: params.append(('state', state)) else: error = AccessDeniedError(state=state) params = error.get_body() # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes return create_response_mode_response( redirect_uri=self.redirect_uri, params=params, response_mode=self.request.response_mode, )
def create_authorization_response(self, grant_user): """ Overrides method from authlib---authlib has some peculiarities here such as trying to access ``token["scope"]`` from the token response which is not following OIDC. This should be creating a response in accordance with the spec here: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse """ state = self.request.state if grant_user: self.request.user = grant_user client = self.request.client include_access_token = self.request.response_type == "id_token token" token_response = self.generate_token( client, self.GRANT_TYPE, include_access_token=include_access_token, user=grant_user, scope=self.request.scope, ) params = [(k, token_response[k]) for k in token_response] if state: params.append(("state", state)) else: error = AccessDeniedError(state=state) params = error.get_body() # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes return create_response_mode_response( redirect_uri=self.redirect_uri, params=params, response_mode=self.request.response_mode, )
def create_authorization_response(self, grant_user): state = self.request.state if grant_user: self.request.user = grant_user client = self.request.client token = self.generate_token(client, self.GRANT_TYPE, scope=self.request.scope, include_refresh_token=False) if self.request.response_type == 'id_token': token = { 'expires_in': token['expires_in'], 'scope': token['scope'], } token = self.process_token(token, self.request) else: log.debug('Grant token {!r} to {!r}'.format(token, client)) self.server.save_token(token, self.request) token = self.process_token(token, self.request) params = [(k, token[k]) for k in token] if state: params.append(('state', state)) else: error = AccessDeniedError(state=state) params = error.get_body() uri = add_params_to_uri(self.redirect_uri, params, fragment=True) headers = [('Location', uri)] return 302, '', headers
def create_authorization_response(self, grant_user): state = self.request.state if grant_user: params = self._create_granted_params(grant_user) if state: params.append(('state', state)) else: error = AccessDeniedError(state=state) params = error.get_body() # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes return create_response_mode_response( redirect_uri=self.redirect_uri, params=params, response_mode=self.request.data.get('response_mode'), )
def create_authorization_response(self, grant_user): state = self.request.state if grant_user: self.request.user = grant_user client = self.request.client code = self.create_authorization_code(client, grant_user, self.request) params = [('code', code)] token = self.generate_token(client, 'implicit', scope=self.request.scope, include_refresh_token=False) response_types = self.request.response_type.split() if 'token' in response_types: log.debug('Grant token {!r} to {!r}'.format(token, client)) self.server.save_token(token, self.request) if 'id_token' in response_types: token = self.process_implicit_token( token, self.request, code) else: # response_type is "code id_token" token = { 'expires_in': token['expires_in'], 'scope': token['scope'] } token = self.process_implicit_token(token, self.request, code) params.extend([(k, token[k]) for k in token]) if state: params.append(('state', state)) else: error = AccessDeniedError(state=state) params = error.get_body() # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes fragment = True response_mode = self.request.response_mode if response_mode and response_mode == 'query': fragment = False uri = add_params_to_uri(self.redirect_uri, params, fragment=fragment) headers = [('Location', uri)] return 302, '', headers
def create_authorization_response(self, grant_user): state = self.request.state if grant_user: params = self._create_granted_params(grant_user) if state: params.append(('state', state)) else: error = AccessDeniedError(state=state) params = error.get_body() # http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes fragment = True response_mode = self.request.response_mode if response_mode and response_mode == 'query': fragment = False uri = add_params_to_uri(self.redirect_uri, params, fragment=fragment) headers = [('Location', uri)] return 302, '', headers