def check_token_endpoint(request): """ This endpoint is out of the oAuth 2.0 specification, however it's needed in order to support total desacoplation of the oAuth server and the resource servers. When an application (a.k.a. client) impersons the user in order to access to the user's resources, the resource server needs to check if the token provided is valid and check if it was issued to the user. """ access_token = request.params.get("access_token") username = request.params.get("username") scope = request.params.get("scope", None) if username is None: return OAuth2ErrorHandler.error_invalid_request("Required parameter username not found in the request") elif access_token is None: return OAuth2ErrorHandler.error_invalid_request("Required parameter access_token not found in the request") elif len(access_token) != ACCESS_TOKEN_LENGTH: return OAuth2ErrorHandler.error_invalid_request("Required parameter not valid found in the request") storage = request.registry.osiris_store token_info = storage.retrieve(token=access_token) if token_info: if token_info.get("scope") == scope and token_info.get("username") == username: return HTTPOk() else: return HTTPUnauthorized() return HTTPUnauthorized()
def token_endpoint(request): """ The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly). """ expires_in = request.registry.settings.get("osiris.tokenexpiry", 0) grant_type = request.params.get("grant_type") # Authorization Code Grant if grant_type == "authorization_code": return OAuth2ErrorHandler.error_unsupported_grant_type() # Implicit Grant elif grant_type == "implicit": return OAuth2ErrorHandler.error_unsupported_grant_type() # Client Credentials elif grant_type == "client_credentials": return OAuth2ErrorHandler.error_unsupported_grant_type() # Client Credentials Grant elif grant_type == "password": scope = request.params.get("scope", None) # Optional username = request.params.get("username", None) password = request.params.get("password", None) if username is None: return OAuth2ErrorHandler.error_invalid_request("Required parameter username not found in the request") elif password is None: return OAuth2ErrorHandler.error_invalid_request("Required parameter password not found in the request") else: return password_authorization(request, username, password, scope, expires_in) else: return OAuth2ErrorHandler.error_unsupported_grant_type()
def token_endpoint(request): """ The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly). """ expires_in = request.registry.settings.get('osiris.tokenexpiry', 0) grant_type = request.params.get('grant_type') # Authorization Code Grant if grant_type == 'authorization_code': return OAuth2ErrorHandler.error_unsupported_grant_type() # Implicit Grant elif grant_type == 'implicit': return OAuth2ErrorHandler.error_unsupported_grant_type() # Client Credentials elif grant_type == 'client_credentials': return OAuth2ErrorHandler.error_unsupported_grant_type() # Client Credentials Grant elif grant_type == 'password': scope = request.params.get('scope', '') # Optional username = request.params.get('username', None) password = request.params.get('password', None) if username is None: return OAuth2ErrorHandler.error_invalid_request('Required paramer "username" not found in the request') elif password is None: return OAuth2ErrorHandler.error_invalid_request('Required paramer "password" not found in the request') else: return password_authorization(request, username, password, scope, expires_in) else: return OAuth2ErrorHandler.error_unsupported_grant_type()
def check_token_endpoint(request): """ This endpoint is out of the oAuth 2.0 specification, however it's needed in order to support total desacoplation of the oAuth server and the resource servers. When an application (a.k.a. client) impersons the user in order to access to the user's resources, the resource server needs to check if the token provided is valid and check if it was issued to the user. """ access_token = request.params.get('access_token') username = urllib.unquote(request.params.get('username')) scope = request.params.get('scope', None) if scope is not None: scope = urllib.unquote_plus(scope) if username is None: return OAuth2ErrorHandler.error_invalid_request( 'Required parameter username not found in the request') elif access_token is None: return OAuth2ErrorHandler.error_invalid_request( 'Required parameter access_token not found in the request') elif len(access_token) != ACCESS_TOKEN_LENGTH: return OAuth2ErrorHandler.error_invalid_request( 'Required parameter not valid found in the request') storage = request.registry.osiris_store token_info = storage.retrieve(token=access_token) if token_info: if token_info.get('scope') == scope and token_info.get( 'username') == username: return HTTPOk() else: return HTTPUnauthorized() return HTTPUnauthorized()
def check_token_endpoint(request): """ This endpoint is out of the oAuth 2.0 specification, however it's needed in order to support total desacoplation of the oAuth server and the resource servers. When an application (a.k.a. client) impersons the user in order to access to the user's resources, the resource server needs to check if the token provided is valid and check if it was issued to the user. """ access_token = request.params.get('access_token') username = request.params.get('username') if username is None: return OAuth2ErrorHandler.error_invalid_request( 'Required paramer "username" not found in the request') elif access_token is None: return OAuth2ErrorHandler.error_invalid_request( 'Required paramer "access_token" not found in the request') storage = request.registry.osiris_store token_info = storage.retrieve(access_token) if token_info: if token_info.get('username') == username: return HTTPOk() return HTTPUnauthorized()
def token_endpoint(request): """ The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly). """ expires_in = request.registry.settings.get('osiris.tokenexpiry', 0) grant_type = request.params.get('grant_type') # Authorization Code Grant if grant_type == 'authorization_code': return OAuth2ErrorHandler.error_unsupported_grant_type() # Implicit Grant elif grant_type == 'implicit': return OAuth2ErrorHandler.error_unsupported_grant_type() # Client Credentials elif grant_type == 'client_credentials': return OAuth2ErrorHandler.error_unsupported_grant_type() # Client Credentials Grant elif grant_type == 'password': scope = request.params.get('scope', None) # Optional username = urllib.unquote(request.params.get('username', None)) password = urllib.unquote(request.params.get('password', None)) if username is None: return OAuth2ErrorHandler.error_invalid_request( 'Required parameter username not found in the request') elif password is None: return OAuth2ErrorHandler.error_invalid_request( 'Required parameter password not found in the request') else: return password_authorization(request, username, password, scope, expires_in) else: return OAuth2ErrorHandler.error_unsupported_grant_type()
def check_token_endpoint(request): """ This endpoint is out of the oAuth 2.0 specification, however it's needed in order to support total desacoplation of the oAuth server and the resource servers. When an application (a.k.a. client) impersons the user in order to access to the user's resources, the resource server needs to check if the token provided is valid and check if it was issued to the user. """ access_token = request.params.get('access_token') username = request.params.get('username') if username is None: return OAuth2ErrorHandler.error_invalid_request('Required paramer "username" not found in the request') elif access_token is None: return OAuth2ErrorHandler.error_invalid_request('Required paramer "access_token" not found in the request') storage = request.registry.osiris_store token_info = storage.retrieve(access_token) if token_info: if token_info.get('username') == username: return HTTPOk() return HTTPUnauthorized()