示例#1
0
def get_bearer_token(email,
                     password,
                     scopes=None,
                     account_server_url=None,
                     oauth_server_url=None,
                     client_id=None):

    message = None

    if not account_server_url:
        message = 'Please define an account_server_url.'

    elif not oauth_server_url:
        message = 'Please define an oauth_server_url.'

    elif not client_id:
        message = 'Please define a client_id.'

    if message:
        raise ValueError(message)

    if scopes is None:
        scopes = ['profile']

    client = core.Client(server_url=account_server_url)
    session = client.login(email, password)

    url = urlparse(oauth_server_url)
    audience = "%s://%s/" % (url.scheme, url.netloc)

    bid_assertion = session.get_identity_assertion(audience)
    oauth_client = oauth.Client(server_url=oauth_server_url)
    token = oauth_client.authorize_token(bid_assertion, ' '.join(scopes),
                                         client_id)
    return token
示例#2
0
    def login(self, fxa_account):
        log.debug('calling login/start to generate fxa_state')
        response = self.client.get('/api/v3/accounts/login/start/',
                                   allow_redirects=True)

        params = dict(urlparse.parse_qsl(response.url))
        fxa_state = params['state']

        log.debug('Get browser id session token')
        fxa_session = helpers.get_fxa_client().login(
            email=fxa_account.email, password=fxa_account.password)

        oauth_client = fxa_oauth.Client(
            client_id=FXA_CONFIG['client_id'],
            client_secret=FXA_CONFIG['client_secret'],
            server_url=FXA_CONFIG['oauth_host'])

        log.debug('convert browser id session token into oauth code')
        oauth_code = oauth_client.authorize_code(fxa_session, scope='profile')

        # Now authenticate the user, this will verify the user on the server
        response = self.client.get(
            '/api/v3/accounts/authenticate/',
            params={
                'state': fxa_state,
                'code': oauth_code,
            },
            name='/api/v3/accounts/authenticate/?state=:state')
示例#3
0
    def login(self, account):
        log.debug('creating fxa account')
        fxa_account, email_account = helpers.get_fxa_account()

        log.debug('calling login/start to generate fxa_state')
        response = self.client.get(reverse('accounts.login_start'),
                                   allow_redirects=False)

        params = dict(urlparse.parse_qsl(response.headers['Location']))
        fxa_state = params['state']

        log.debug('Get browser id session token')
        fxa_session = helpers.get_fxa_client().login(
            email=fxa_account.email, password=fxa_account.password)

        oauth_client = fxa_oauth.Client(
            client_id=FXA_CONFIG['client_id'],
            client_secret=FXA_CONFIG['client_secret'],
            server_url=FXA_CONFIG['oauth_host'])

        log.debug('convert browser id session token into oauth code')
        oauth_code = oauth_client.authorize_code(fxa_session, scope='profile')

        # Now authenticate the user, this will verify the user on the
        response = self.client.get(reverse('accounts.authenticate'),
                                   params={
                                       'state': fxa_state,
                                       'code': oauth_code,
                                   })
示例#4
0
def get_bearer_token(email,
                     password,
                     scopes=None,
                     account_server_url=None,
                     oauth_server_url=None,
                     client_id=None,
                     client_secret=None,
                     use_pkce=False,
                     unblock_code=None):

    message = None

    if not account_server_url:
        message = 'Please define an account_server_url.'

    elif not oauth_server_url:
        message = 'Please define an oauth_server_url.'

    elif not client_id:
        message = 'Please define a client_id.'

    if message:
        raise ValueError(message)

    if scopes is None:
        scopes = ['profile']

    client = core.Client(server_url=account_server_url)
    session = client.login(email, password, unblock_code=unblock_code)

    oauth_client = oauth.Client(client_id,
                                client_secret,
                                server_url=oauth_server_url)

    # XXX TODO: we should be able to automaticaly choose the most
    # direct route to getting a token, based on registered client
    # metadata.  Unfortunately the oauth-server doesn't (yet) expose
    # client properties like `canGrant` and `isPublic`.
    # print metadata
    # metadata = oauth_client.get_client_metadata()

    scope = ' '.join(scopes)
    if client_secret is None and not use_pkce:
        token = oauth_client.authorize_token(session, scope)
    else:
        challenge = verifier = {}
        if use_pkce:
            (challenge, verifier) = oauth_client.generate_pkce_challenge()
        code = oauth_client.authorize_code(session, scope, **challenge)
        token = oauth_client.trade_code(code, **verifier)

    return token