def issueAuthorizationCode(self, client_id, username, scope, userinfo, redirect_uri, userinfocode): token_security_check = generate_random_secure_string() expires_in = 600 token = { "type": "Authorization", "security_check": token_security_check, "client_id": client_id, "username": username, "scope": json.dumps(scope), "expires_at": int(time.time()) + expires_in, "userinfocode": userinfocode, "redirect_uri": redirect_uri, } token_id = self.new_unique_data("token", token) # The returned token is the token ID with appended to it the security # check value. # The token ID is used to lookup the token in the database, and the # security check value is used to make the string slightly more # random token = "%s_%s" % (token_id, token_security_check) return token
def issueToken(self, client_id, username, scope, issue_refresh, userinfocode): token_security_check = generate_random_secure_string() expires_in = 3600 token = { "type": "Bearer", "security_check": token_security_check, "client_id": client_id, "username": username, "scope": json.dumps(scope), "expires_at": int(time.time()) + expires_in, "issued_at": int(time.time()), "refreshable": False, "userinfocode": userinfocode, } if issue_refresh: token["refreshable"] = True # TODO: Figure out time for this token["refreshable_until"] = None token["refresh_security_check"] = generate_random_secure_string(128) token_id = self.new_unique_data("token", token) # The refresh token also has a prefix of R_ to make it distinguishable if issue_refresh: refresh_token = "R_%s_%s" % (token_id, token["refresh_security_check"]) else: refresh_token = None # The returned token is the token ID with appended to it the security # check value. # The token ID is used to lookup the token in the database, and the # security check value is used to make the string slightly more # random token = "%s_%s" % (token_id, token_security_check) return {"token_id": token_id, "access_token": token, "refresh_token": refresh_token, "expires_in": expires_in}
def refreshToken(self, refresh_token, client_id): token = self.lookupToken(refresh_token, "Refresh", True) if not token: return None if not constant_time_string_comparison(token["client_id"], client_id): return None if token["type"] != "Bearer": # Only Bearer tokens are supported return None if not token["refreshable"]: return None if token["refreshable_until"] and token["refreshable_until"] >= int(time.time()): return None token_security_check = generate_random_secure_string() refresh_security_check = generate_random_secure_string(128) expires_in = 3600 # TODO: Figure out values for this refreshable_until = None token["security_check"] = token_security_check token["refresh_security_check"] = refresh_security_check token["expires_at"] = int(time.time()) + expires_in token["refreshable_until"] = refreshable_until self.update_token(token) token = "%s_%s" % (token["token_id"], token_security_check) refresh_token = "R_%s_%s" % (token["token_id"], refresh_security_check) return {"access_token": token, "refresh_token": refresh_token, "expires_in": expires_in}
def generate_secret(self, force=False): if 'client_secret' not in self.client_info or force: self.client_info['client_secret'] = \ generate_random_secure_string() self.client_info['client_secret_expires_at'] = 0 # FIXME: Expire? self.client_info['client_id_issued_at'] = int(time.time())