def GET_refresh_token(self, *args, **kwargs): # pylint: disable=unused-argument """Generate a refresh token given a username""" username = request.GET['username'] try: account = Account._by_name(username) except NotFound: account = register(username, uuid4().hex, '127.0.0.1') # subscribe the user now because reddit does not have consistency across # its APIs on what it considers the user to be subscribed to if not account.has_subscribed: Subreddit.subscribe_defaults(account) account.has_subscribed = True account._commit() client_id = g.secrets['generate_refresh_token_client_id'] client = OAuth2Client.get_token(client_id) scope = OAuth2Scope(OAuth2Scope.FULL_ACCESS) user_id = account._id36 refresh_token = OAuth2RefreshToken._new( client_id=client._id, user_id=user_id, scope=scope, ) access_token = OAuth2AccessToken._new( client_id=client._id, user_id=user_id, scope=scope, device_id='device', ) return json.dumps(OAuth2AccessController._make_new_token_response(access_token, refresh_token))
def _access_token_code(self, code, redirect_uri): if not code: c.errors.add("NO_TEXT", field="code") if c.errors: return self.api_wrapper(self._check_for_errors()) access_token = None refresh_token = None auth_token = OAuth2AuthorizationCode.use_token(code, c.oauth2_client._id, redirect_uri) if auth_token: if auth_token.refreshable: refresh_token = OAuth2RefreshToken._new( auth_token.client_id, auth_token.user_id, auth_token.scope) g.stats.simple_event( 'oauth2.access_token_code.refresh_token_create') access_token = OAuth2AccessToken._new( auth_token.client_id, auth_token.user_id, auth_token.scope, refresh_token._id if refresh_token else "") g.stats.simple_event( 'oauth2.access_token_code.access_token_create') resp = self._make_token_dict(access_token, refresh_token) return self.api_wrapper(resp)
def _access_token_code(self, code, redirect_uri): if not code: c.errors.add("NO_TEXT", field="code") if c.errors: return self.api_wrapper(self._check_for_errors()) access_token = None refresh_token = None auth_token = OAuth2AuthorizationCode.use_token( code, c.oauth2_client._id, redirect_uri) if auth_token: if auth_token.refreshable: refresh_token = OAuth2RefreshToken._new( auth_token.client_id, auth_token.user_id, auth_token.scope) g.stats.simple_event( 'oauth2.access_token_code.refresh_token_create') access_token = OAuth2AccessToken._new( auth_token.client_id, auth_token.user_id, auth_token.scope, refresh_token._id if refresh_token else "") g.stats.simple_event( 'oauth2.access_token_code.access_token_create') resp = self._make_token_dict(access_token, refresh_token) return self.api_wrapper(resp)
def _access_token_code(self, code, redirect_uri): if not code: c.errors.add("NO_TEXT", field="code") if c.errors: return self.api_wrapper(self._check_for_errors()) access_token = None refresh_token = None client = c.oauth2_client auth_token = OAuth2AuthorizationCode.use_token(code, client._id, redirect_uri) if auth_token: if auth_token.refreshable: refresh_token = OAuth2RefreshToken._new( client_id=auth_token.client_id, user_id=auth_token.user_id, scope=auth_token.scope, ) g.stats.simple_event( 'oauth2.access_token_code.refresh_token_create') device_id = get_device_id(client) access_token = OAuth2AccessToken._new( client_id=auth_token.client_id, user_id=auth_token.user_id, scope=auth_token.scope, refresh_token=refresh_token._id if refresh_token else "", device_id=device_id, ) g.stats.simple_event( 'oauth2.access_token_code.access_token_create') resp = self._make_new_token_response(access_token, refresh_token) return self.api_wrapper(resp)
def POST_access_token(self, grant_type, code, refresh_token, redirect_uri): """ Exchange an [OAuth 2.0](http://oauth.net/2/) authorization code or refresh token (from [/api/v1/authorize](#api_method_authorize)) for an access token. On success, returns a URL-encoded dictionary containing **access_token**, **token_type**, **expires_in**, and **scope**. If an authorization code for a permanent grant was given, a **refresh_token** will be included. If there is a problem, an **error** parameter will be returned instead. Must be called using SSL, and must contain a HTTP `Authorization:` header which contains the application's client identifier as the username and client secret as the password. (The client id and secret are visible on the [app preferences page](/prefs/apps).) Per the OAuth specification, **grant_type** must be ``authorization_code`` for the initial access token or ``refresh_token`` for renewing the access token. In either case, **redirect_uri** must exactly match the value that was used in the call to [/api/v1/authorize](#api_method_authorize) that created this grant. """ resp = {} if not (code or refresh_token): c.errors.add("NO_TEXT", field=("code", "refresh_token")) if not c.errors: access_token = None if grant_type == "authorization_code": auth_token = OAuth2AuthorizationCode.use_token( code, c.oauth2_client._id, redirect_uri) if auth_token: if auth_token.refreshable: refresh_token = OAuth2RefreshToken._new( auth_token.client_id, auth_token.user_id, auth_token.scope) access_token = OAuth2AccessToken._new( auth_token.client_id, auth_token.user_id, auth_token.scope, refresh_token._id if refresh_token else None) elif grant_type == "refresh_token" and refresh_token: access_token = OAuth2AccessToken._new( refresh_token.client_id, refresh_token.user_id, refresh_token.scope, refresh_token=refresh_token._id) if access_token: resp["access_token"] = access_token._id resp["token_type"] = access_token.token_type resp["expires_in"] = int(access_token._ttl) if access_token._ttl else None resp["scope"] = access_token.scope if refresh_token: resp["refresh_token"] = refresh_token._id else: resp["error"] = "invalid_grant" else: if (errors.INVALID_OPTION, "grant_type") in c.errors: resp["error"] = "unsupported_grant_type" elif (errors.INVALID_OPTION, "scope") in c.errors: resp["error"] = "invalid_scope" else: resp["error"] = "invalid_request" return self.api_wrapper(resp)
def POST_access_token(self, grant_type, code, refresh_token, redirect_uri): """ Exchange an [OAuth 2.0](http://oauth.net/2/) authorization code or refresh token (from [/api/v1/authorize](#api_method_authorize)) for an access token. On success, returns a URL-encoded dictionary containing **access_token**, **token_type**, **expires_in**, and **scope**. If an authorization code for a permanent grant was given, a **refresh_token** will be included. If there is a problem, an **error** parameter will be returned instead. Must be called using SSL, and must contain a HTTP `Authorization:` header which contains the application's client identifier as the username and client secret as the password. (The client id and secret are visible on the [app preferences page](/prefs/apps).) Per the OAuth specification, **grant_type** must be ``authorization_code`` for the initial access token or ``refresh_token`` for renewing the access token. In either case, **redirect_uri** must exactly match the value that was used in the call to [/api/v1/authorize](#api_method_authorize) that created this grant. """ resp = {} if not (code or refresh_token): c.errors.add("NO_TEXT", field=("code", "refresh_token")) if not c.errors: access_token = None if grant_type == "authorization_code": auth_token = OAuth2AuthorizationCode.use_token( code, c.oauth2_client._id, redirect_uri) if auth_token: if auth_token.refreshable: refresh_token = OAuth2RefreshToken._new( auth_token.client_id, auth_token.user_id, auth_token.scope) access_token = OAuth2AccessToken._new( auth_token.client_id, auth_token.user_id, auth_token.scope, refresh_token._id if refresh_token else None) elif grant_type == "refresh_token" and refresh_token: access_token = OAuth2AccessToken._new( refresh_token.client_id, refresh_token.user_id, refresh_token.scope, refresh_token=refresh_token._id) if access_token: resp["access_token"] = access_token._id resp["token_type"] = access_token.token_type resp["expires_in"] = int( access_token._ttl) if access_token._ttl else None resp["scope"] = access_token.scope if refresh_token: resp["refresh_token"] = refresh_token._id else: resp["error"] = "invalid_grant" else: if (errors.INVALID_OPTION, "grant_type") in c.errors: resp["error"] = "unsupported_grant_type" elif (errors.INVALID_OPTION, "scope") in c.errors: resp["error"] = "invalid_scope" else: resp["error"] = "invalid_request" return self.api_wrapper(resp)