def create_authorization_response(self, grant_user):
state = self.request.state
if grant_user:
self.request.user = grant_user
client = self.request.client
token = self.generate_token(client,
self.GRANT_TYPE,
user=grant_user,
scope=self.request.scope,
include_refresh_token=False)
if self.request.response_type == 'id_token':
token = {
'expires_in': token['expires_in'],
'scope': token['scope'],
}
token = self.process_token(token, self.request)
else:
log.debug('Grant token {!r} to {!r}'.format(token, client))
self.server.save_token(token, self.request)
token = self.process_token(token, self.request)
params = [(k, token[k]) for k in token]
if state:
params.append(('state', state))
else:
error = AccessDeniedError(state=state)
params = error.get_body()
# http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
return create_response_mode_response(
redirect_uri=self.redirect_uri,
params=params,
response_mode=self.request.response_mode,
)
def create_authorization_response(self, grant_user):
"""
Overrides method from authlib---authlib has some peculiarities here such as
trying to access ``token["scope"]`` from the token response which is not
following OIDC. This should be creating a response in accordance with the spec
here:
https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse
"""
state = self.request.state
if grant_user:
self.request.user = grant_user
client = self.request.client
include_access_token = self.request.response_type == "id_token token"
token_response = self.generate_token(
client,
self.GRANT_TYPE,
include_access_token=include_access_token,
user=grant_user,
scope=self.request.scope,
)
params = [(k, token_response[k]) for k in token_response]
if state:
params.append(("state", state))
else:
error = AccessDeniedError(state=state)
params = error.get_body()
# http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
return create_response_mode_response(
redirect_uri=self.redirect_uri,
params=params,
response_mode=self.request.response_mode,
)
def create_authorization_response(self, grant_user):
state = self.request.state
if grant_user:
self.request.user = grant_user
client = self.request.client
token = self.generate_token(client,
self.GRANT_TYPE,
scope=self.request.scope,
include_refresh_token=False)
if self.request.response_type == 'id_token':
token = {
'expires_in': token['expires_in'],
'scope': token['scope'],
}
token = self.process_token(token, self.request)
else:
log.debug('Grant token {!r} to {!r}'.format(token, client))
self.server.save_token(token, self.request)
token = self.process_token(token, self.request)
params = [(k, token[k]) for k in token]
if state:
params.append(('state', state))
else:
error = AccessDeniedError(state=state)
params = error.get_body()
uri = add_params_to_uri(self.redirect_uri, params, fragment=True)
headers = [('Location', uri)]
return 302, '', headers
def create_authorization_response(self, grant_user):
state = self.request.state
if grant_user:
params = self._create_granted_params(grant_user)
if state:
params.append(('state', state))
else:
error = AccessDeniedError(state=state)
params = error.get_body()
# http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
return create_response_mode_response(
redirect_uri=self.redirect_uri,
params=params,
response_mode=self.request.data.get('response_mode'),
)
def create_authorization_response(self, grant_user):
state = self.request.state
if grant_user:
self.request.user = grant_user
client = self.request.client
code = self.create_authorization_code(client, grant_user,
self.request)
params = [('code', code)]
token = self.generate_token(client,
'implicit',
scope=self.request.scope,
include_refresh_token=False)
response_types = self.request.response_type.split()
if 'token' in response_types:
log.debug('Grant token {!r} to {!r}'.format(token, client))
self.server.save_token(token, self.request)
if 'id_token' in response_types:
token = self.process_implicit_token(
token, self.request, code)
else:
# response_type is "code id_token"
token = {
'expires_in': token['expires_in'],
'scope': token['scope']
}
token = self.process_implicit_token(token, self.request, code)
params.extend([(k, token[k]) for k in token])
if state:
params.append(('state', state))
else:
error = AccessDeniedError(state=state)
params = error.get_body()
# http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
fragment = True
response_mode = self.request.response_mode
if response_mode and response_mode == 'query':
fragment = False
uri = add_params_to_uri(self.redirect_uri, params, fragment=fragment)
headers = [('Location', uri)]
return 302, '', headers
def create_authorization_response(self, grant_user):
state = self.request.state
if grant_user:
params = self._create_granted_params(grant_user)
if state:
params.append(('state', state))
else:
error = AccessDeniedError(state=state)
params = error.get_body()
# http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
fragment = True
response_mode = self.request.response_mode
if response_mode and response_mode == 'query':
fragment = False
uri = add_params_to_uri(self.redirect_uri, params, fragment=fragment)
headers = [('Location', uri)]
return 302, '', headers