def token_endpoint(request): validator = RequestValidator() server = Server(validator) uri, http_method, body, headers = extract_params(request) server_response = server.create_token_response( uri, http_method, body, headers, {}, ) return create_response(*server_response)
def verify_request(request, scopes): validator = RequestValidator() server = Server(validator) uri, http_method, body, headers = extract_params(request) valid, r = server.verify_request( uri, http_method, body, headers, scopes, ) if not valid: raise HTTPUnauthorized() return r.user
def _create_request_validator(self, scopes=None): rv = RequestValidator(default_scopes=scopes) request = Request('https://server.example.com/') return rv, request
def __init__(self, request): self.request = request self.validator = RequestValidator() self.server = Server(self.validator)
class AuthorizationEndpoint(object): def __init__(self, request): self.request = request self.validator = RequestValidator() self.server = Server(self.validator) @view_config(route_name='oauth2_authorization_endpoint', renderer='templates/application_authorization.pt', permission='add-authorized-app', request_method='GET') def get(self): uri, http_method, body, headers = extract_params(self.request) try: scopes, credentials = self.server.validate_authorization_request( uri, http_method, body, headers, ) app = self.validator.get_client(credentials['client_id']) try: auth_app = Session.query(AuthorizedApplication).filter( AuthorizedApplication.user == self.request.user, AuthorizedApplication.scope == scopes, AuthorizedApplication.redirect_uri == credentials['redirect_uri'], AuthorizedApplication.response_type == credentials['response_type'], AuthorizedApplication.application == app, ).one() except NoResultFound: auth_app = None if auth_app is not None: credentials['user'] = self.request.user server_response = self.server.create_authorization_response( uri, http_method, body, headers, scopes, credentials, ) return create_response(*server_response) else: authorship_information = app.user.email pretty_scopes = self.validator.get_pretty_scopes(scopes) return { 'response_type': credentials['response_type'], 'client_id': credentials['client_id'], 'redirect_uri': credentials['redirect_uri'], 'state': credentials['state'], 'scope': ' '.join(scopes), 'app': app, 'scopes': pretty_scopes, 'authorship_information': authorship_information, } except FatalClientError as e: return response_from_error(e) except OAuth2Error as e: return HTTPFound(e.in_uri(e.redirect_uri)) @view_config(route_name='oauth2_authorization_endpoint', permission='add-authorized-app', request_method='POST') def post(self): uri, http_method, body, headers = extract_params(self.request) redirect_uri = self.request.POST.get('redirect_uri') if 'submit' in self.request.POST: scope = self.request.POST.get('scope', '') scopes = scope.split() credentials = { 'client_id': self.request.POST.get('client_id'), 'redirect_uri': redirect_uri, 'response_type': self.request.POST.get('response_type'), 'state': self.request.POST.get('state'), 'user': self.request.user, } try: server_response = self.server.create_authorization_response( uri, http_method, body, headers, scopes, credentials, ) app = Session.query(Application).filter( Application.id == credentials['client_id'], ).one() try: auth_app = Session.query(AuthorizedApplication).filter( AuthorizedApplication.user == self.request.user, AuthorizedApplication.application == app, ).one() except NoResultFound: auth_app = AuthorizedApplication( user=self.request.user, application=app, ) auth_app.redirect_uri = credentials['redirect_uri'] auth_app.response_type = credentials['response_type'] auth_app.scope = scopes Session.add(auth_app) return create_response(*server_response) except FatalClientError as e: return response_from_error(e) elif 'cancel' in self.request.POST: e = AccessDeniedError() return HTTPFound(e.in_uri(redirect_uri))