def prepare_token_request(grant_type, body='', **kwargs): """Prepare the access token request. The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format in the HTTP request entity-body: grant_type REQUIRED. Value MUST be set to "authorization_code". code REQUIRED. The authorization code received from the authorization server. redirect_uri REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in `Section 4.1.1`_, and their values MUST be identical. grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb .. _`Section 4.1.1`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-4.1.1 """ params = [('grant_type', grant_type)] if 'scope' in kwargs: kwargs['scope'] = scope_to_string(kwargs['scope']) for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) return add_params_to_qs(body, params)
def prepare_token_request(grant_type, body='', **kwargs): """Prepare the access token request. The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format in the HTTP request entity-body: grant_type REQUIRED. Value MUST be set to "authorization_code". code REQUIRED. The authorization code received from the authorization server. redirect_uri REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in `Section 4.1.1`_, and their values MUST be identical. grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb .. _`Section 4.1.1`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-4.1.1 """ params = [('grant_type', grant_type)] if 'scope' in kwargs: kwargs['scope'] = list_to_scope(kwargs['scope']) for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) return add_params_to_qs(body, params)
def prepare_token_revocation_request(url, token, token_type_hint="access_token", callback=None, body="", **kwargs): """Prepare a token revocation request. The client constructs the request by including the following parameters using the "application/x-www-form-urlencoded" format in the HTTP request entity-body: :param token: REQUIRED. The token that the client wants to get revoked. :param token_type_hint: OPTIONAL. A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. If the server is unable to locate the token using the given hint, it MUST extend its search across all of its supported token types. An authorization server MAY ignore this parameter, particularly if it is able to detect the token type automatically. This specification defines two values for `token_type_hint`: * access_token: An access token as defined in [RFC6749], `Section 1.4`_ * refresh_token: A refresh token as defined in [RFC6749], `Section 1.5`_ Specific implementations, profiles, and extensions of this specification MAY define other values for this parameter using the registry defined in `Section 4.1.2`_. .. _`Section 1.4`: https://tools.ietf.org/html/rfc6749#section-1.4 .. _`Section 1.5`: https://tools.ietf.org/html/rfc6749#section-1.5 .. _`Section 4.1.2`: https://tools.ietf.org/html/rfc7009#section-4.1.2 """ if not is_secure_transport(url): raise InsecureTransportError() params = [("token", token)] if token_type_hint: params.append(("token_type_hint", token_type_hint)) for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) headers = {"Content-Type": "application/x-www-form-urlencoded"} if callback: params.append(("callback", callback)) return add_params_to_uri(url, params), headers, body else: return url, headers, add_params_to_qs(body, params)
def list_to_scope(scope): """Convert a list of scopes to a space separated string.""" if isinstance(scope, unicode_type) or scope is None: return scope elif isinstance(scope, (set, tuple, list)): return " ".join([unicode_type(s) for s in scope]) else: raise ValueError("Invalid scope (%s), must be string, tuple, set, or list." % scope)
def scope_to_list(scope): """Convert a space separated string to a list of scopes.""" if isinstance(scope, (tuple, list, set)): return [unicode_type(s) for s in scope] elif scope is None: return None else: return scope.strip().split(" ")
def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, scope=None, state=None, **kwargs): """Prepare the authorization grant request URI. The client constructs the request URI by adding the following parameters to the query component of the authorization endpoint URI using the ``application/x-www-form-urlencoded`` format as defined by [`W3C.REC-html401-19991224`_]: :param response_type: To indicate which OAuth 2 grant/flow is required, "code" and "token". :param client_id: The client identifier as described in `Section 2.2`_. :param redirect_uri: The client provided URI to redirect back to after authorization as described in `Section 3.1.2`_. :param scope: The scope of the access request as described by `Section 3.3`_. :param state: An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery as described in `Section 10.12`_. :param kwargs: Extra arguments to embed in the grant/authorization URL. An example of an authorization code grant authorization URL: .. code-block:: http GET /authorize?response_type=code&client_id=s6BhdRkqt3&state=xyz &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb HTTP/1.1 Host: server.example.com .. _`W3C.REC-html401-19991224`: http://tools.ietf.org/html/rfc6749#ref-W3C.REC-html401-19991224 .. _`Section 2.2`: http://tools.ietf.org/html/rfc6749#section-2.2 .. _`Section 3.1.2`: http://tools.ietf.org/html/rfc6749#section-3.1.2 .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12 """ if not uri.startswith('https://'): raise InsecureTransportError() params = [(('response_type', response_type)), (('client_id', client_id))] if redirect_uri: params.append(('redirect_uri', redirect_uri)) if scope: params.append(('scope', list_to_scope(scope))) if state: params.append(('state', state)) for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) return add_params_to_uri(uri, params)
def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, scope=None, state=None, **kwargs): """Prepare the authorization grant request URI. The client constructs the request URI by adding the following parameters to the query component of the authorization endpoint URI using the "application/x-www-form-urlencoded" format as defined by [W3C.REC-html401-19991224]: response_type REQUIRED. Value MUST be set to "code". client_id REQUIRED. The client identifier as described in `Section 2.2`_. redirect_uri OPTIONAL. As described in `Section 3.1.2`_. scope OPTIONAL. The scope of the access request as described by `Section 3.3`_. state RECOMMENDED. An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery as described in `Section 10.12`_. GET /authorize?response_type=code&client_id=s6BhdRkqt3&state=xyz &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb HTTP/1.1 Host: server.example.com .. _`W3C.REC-html401-19991224`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#ref-W3C.REC-html401-19991224 .. _`Section 2.2`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-2.2 .. _`Section 3.1.2`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-3.1.2 .. _`Section 3.3`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-3.3 .. _`section 10.12`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-10.12 """ if not uri.startswith('https://'): raise InsecureTransportError() params = [(('response_type', response_type)), (('client_id', client_id))] if redirect_uri: params.append(('redirect_uri', redirect_uri)) if scope: params.append(('scope', list_to_scope(scope))) if state: params.append(('state', state)) for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) return add_params_to_uri(uri, params)
def prepare_token_revocation_request(url, token, token_type_hint="access_token", callback=None, body='', **kwargs): """Prepare a token revocation request. The client constructs the request by including the following parameters using the "application/x-www-form-urlencoded" format in the HTTP request entity-body: :param token: REQUIRED. The token that the client wants to get revoked. :param token_type_hint: OPTIONAL. A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. If the server is unable to locate the token using the given hint, it MUST extend its search across all of its supported token types. An authorization server MAY ignore this parameter, particularly if it is able to detect the token type automatically. This specification defines two values for `token_type_hint`: * access_token: An access token as defined in [RFC6749], `Section 1.4`_ * refresh_token: A refresh token as defined in [RFC6749], `Section 1.5`_ Specific implementations, profiles, and extensions of this specification MAY define other values for this parameter using the registry defined in `Section 4.1.2`_. .. _`Section 1.4`: https://tools.ietf.org/html/rfc6749#section-1.4 .. _`Section 1.5`: https://tools.ietf.org/html/rfc6749#section-1.5 .. _`Section 4.1.2`: https://tools.ietf.org/html/rfc7009#section-4.1.2 """ if not is_secure_transport(url): raise InsecureTransportError() params = [('token', token)] if token_type_hint: params.append(('token_type_hint', token_type_hint)) for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) headers = {'Content-Type': 'application/x-www-form-urlencoded'} if callback: params.append(('callback', callback)) return add_params_to_uri(url, params), headers, body else: return url, headers, add_params_to_qs(body, params)
def prepare_token_request(grant_type, body='', **kwargs): """Prepare the access token request. The client makes a request to the token endpoint by adding the following parameters using the ``application/x-www-form-urlencoded`` format in the HTTP request entity-body: :param grant_type: To indicate grant type being used, i.e. "password", "authorization_code" or "client_credentials". :param body: Existing request body to embed parameters in. :param code: If using authorization code grant, pass the previously obtained authorization code as the ``code`` argument. :param redirect_uri: If the "redirect_uri" parameter was included in the authorization request as described in `Section 4.1.1`_, and their values MUST be identical. :param kwargs: Extra arguments to embed in the request body. An example of an authorization code token request body: .. code-block:: http grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb .. _`Section 4.1.1`: http://tools.ietf.org/html/rfc6749#section-4.1.1 """ params = [('grant_type', grant_type)] if 'scope' in kwargs: kwargs['scope'] = list_to_scope(kwargs['scope']) for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) return add_params_to_qs(body, params)
def generate_age(issue_time): """Generate a age parameter for MAC authentication draft 00.""" td = datetime.datetime.now() - issue_time age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 return unicode_type(age)
def generate_age(issue_time): """Generate a age parameter for MAC authentication draft 00.""" td = datetime.datetime.now() - issue_time age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10 ** 6) / 10 ** 6 return unicode_type(age)
def prepare_token_request(grant_type, body="", include_client_id=True, **kwargs): """Prepare the access token request. The client makes a request to the token endpoint by adding the following parameters using the ``application/x-www-form-urlencoded`` format in the HTTP request entity-body: :param grant_type: To indicate grant type being used, i.e. "password", "authorization_code" or "client_credentials". :param body: Existing request body (URL encoded string) to embed parameters into. This may contain extra parameters. Default ''. :param include_client_id: `True` (default) to send the `client_id` in the body of the upstream request. This is required if the client is not authenticating with the authorization server as described in `Section 3.2.1`_. :type include_client_id: Boolean :param client_id: Unicode client identifier. Will only appear if `include_client_id` is True. * :param client_secret: Unicode client secret. Will only appear if set to a value that is not `None`. Invoking this function with an empty string will send an empty `client_secret` value to the server. * :param code: If using authorization_code grant, pass the previously obtained authorization code as the ``code`` argument. * :param redirect_uri: If the "redirect_uri" parameter was included in the authorization request as described in `Section 4.1.1`_, and their values MUST be identical. * :param kwargs: Extra arguments to embed in the request body. Parameters marked with a `*` above are not explicit arguments in the function signature, but are specially documented arguments for items appearing in the generic `**kwargs` keyworded input. An example of an authorization code token request body: .. code-block:: http grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb .. _`Section 4.1.1`: https://tools.ietf.org/html/rfc6749#section-4.1.1 """ params = [("grant_type", grant_type)] if "scope" in kwargs: kwargs["scope"] = list_to_scope(kwargs["scope"]) # pull the `client_id` out of the kwargs. client_id = kwargs.pop("client_id", None) if include_client_id: if client_id is not None: params.append((unicode_type("client_id"), client_id)) # the kwargs iteration below only supports including boolean truth (truthy) # values, but some servers may require an empty string for `client_secret` client_secret = kwargs.pop("client_secret", None) if client_secret is not None: params.append((unicode_type("client_secret"), client_secret)) # this handles: `code`, `redirect_uri`, and other undocumented params for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) return add_params_to_qs(body, params)
def set_verifier(self, verifier): self.session._client.client.verifier = unicode_type(verifier)
def prepare_token_request(grant_type, body='', include_client_id=True, **kwargs): """Prepare the access token request. The client makes a request to the token endpoint by adding the following parameters using the ``application/x-www-form-urlencoded`` format in the HTTP request entity-body: :param grant_type: To indicate grant type being used, i.e. "password", "authorization_code" or "client_credentials". :param body: Existing request body (URL encoded string) to embed parameters into. This may contain extra parameters. Default ''. :param include_client_id: `True` (default) to send the `client_id` in the body of the upstream request. This is required if the client is not authenticating with the authorization server as described in `Section 3.2.1`_. :type include_client_id: Boolean :param client_id: Unicode client identifier. Will only appear if `include_client_id` is True. * :param client_secret: Unicode client secret. Will only appear if set to a value that is not `None`. Invoking this function with an empty string will send an empty `client_secret` value to the server. * :param code: If using authorization_code grant, pass the previously obtained authorization code as the ``code`` argument. * :param redirect_uri: If the "redirect_uri" parameter was included in the authorization request as described in `Section 4.1.1`_, and their values MUST be identical. * :param kwargs: Extra arguments to embed in the request body. Parameters marked with a `*` above are not explicit arguments in the function signature, but are specially documented arguments for items appearing in the generic `**kwargs` keyworded input. An example of an authorization code token request body: .. code-block:: http grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb .. _`Section 4.1.1`: https://tools.ietf.org/html/rfc6749#section-4.1.1 """ params = [('grant_type', grant_type)] if 'scope' in kwargs: kwargs['scope'] = list_to_scope(kwargs['scope']) # pull the `client_id` out of the kwargs. client_id = kwargs.pop('client_id', None) if include_client_id: if client_id is not None: params.append((unicode_type('client_id'), client_id)) # the kwargs iteration below only supports including boolean truth (truthy) # values, but some servers may require an empty string for `client_secret` client_secret = kwargs.pop('client_secret', None) if client_secret is not None: params.append((unicode_type('client_secret'), client_secret)) # this handles: `code`, `redirect_uri`, and other undocumented params for k in kwargs: if kwargs[k]: params.append((unicode_type(k), kwargs[k])) return add_params_to_qs(body, params)