| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227 |
- # -*- coding: utf-8 -*-
- """
- oauthlib.oauth2.rfc6749
- ~~~~~~~~~~~~~~~~~~~~~~~
- This module is an implementation of various logic needed
- for consuming and providing OAuth 2.0 RFC6749.
- """
- from __future__ import absolute_import, unicode_literals
- from ..grant_types import OpenIDConnectAuthCode
- from ..tokens import BearerToken
- from ..grant_types import AuthorizationCodeGrant
- from ..grant_types import ImplicitGrant
- from ..grant_types import ResourceOwnerPasswordCredentialsGrant
- from ..grant_types import ClientCredentialsGrant
- from ..grant_types import RefreshTokenGrant
- from ..grant_types import OpenIDConnectImplicit
- from ..grant_types import AuthCodeGrantDispatcher
- from .authorization import AuthorizationEndpoint
- from .token import TokenEndpoint
- from .resource import ResourceEndpoint
- from .revocation import RevocationEndpoint
- class Server(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint,
- RevocationEndpoint):
- """An all-in-one endpoint featuring all four major grant types."""
- def __init__(self, request_validator, token_expires_in=None,
- token_generator=None, refresh_token_generator=None,
- *args, **kwargs):
- """Construct a new all-grants-in-one server.
- :param request_validator: An implementation of
- oauthlib.oauth2.RequestValidator.
- :param token_expires_in: An int or a function to generate a token
- expiration offset (in seconds) given a
- oauthlib.common.Request object.
- :param token_generator: A function to generate a token from a request.
- :param refresh_token_generator: A function to generate a token from a
- request for the refresh token.
- :param kwargs: Extra parameters to pass to authorization-,
- token-, resource-, and revocation-endpoint constructors.
- """
- auth_grant = AuthorizationCodeGrant(request_validator)
- implicit_grant = ImplicitGrant(request_validator)
- password_grant = ResourceOwnerPasswordCredentialsGrant(
- request_validator)
- credentials_grant = ClientCredentialsGrant(request_validator)
- refresh_grant = RefreshTokenGrant(request_validator)
- openid_connect_auth = OpenIDConnectAuthCode(request_validator)
- openid_connect_implicit = OpenIDConnectImplicit(request_validator)
- bearer = BearerToken(request_validator, token_generator,
- token_expires_in, refresh_token_generator)
- auth_grant_choice = AuthCodeGrantDispatcher( default_auth_grant=auth_grant, oidc_auth_grant=openid_connect_auth)
- # See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations for valid combinations
- # internally our AuthorizationEndpoint will ensure they can appear in any order for any valid combination
- AuthorizationEndpoint.__init__(self, default_response_type='code',
- response_types={
- 'code': auth_grant_choice,
- 'token': implicit_grant,
- 'id_token': openid_connect_implicit,
- 'id_token token': openid_connect_implicit,
- 'code token': openid_connect_auth,
- 'code id_token': openid_connect_auth,
- 'code token id_token': openid_connect_auth,
- 'none': auth_grant
- },
- default_token_type=bearer)
- TokenEndpoint.__init__(self, default_grant_type='authorization_code',
- grant_types={
- 'authorization_code': auth_grant,
- 'password': password_grant,
- 'client_credentials': credentials_grant,
- 'refresh_token': refresh_grant,
- 'openid' : openid_connect_auth
- },
- default_token_type=bearer)
- ResourceEndpoint.__init__(self, default_token='Bearer',
- token_types={'Bearer': bearer})
- RevocationEndpoint.__init__(self, request_validator)
- class WebApplicationServer(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint,
- RevocationEndpoint):
- """An all-in-one endpoint featuring Authorization code grant and Bearer tokens."""
- def __init__(self, request_validator, token_generator=None,
- token_expires_in=None, refresh_token_generator=None, **kwargs):
- """Construct a new web application server.
- :param request_validator: An implementation of
- oauthlib.oauth2.RequestValidator.
- :param token_expires_in: An int or a function to generate a token
- expiration offset (in seconds) given a
- oauthlib.common.Request object.
- :param token_generator: A function to generate a token from a request.
- :param refresh_token_generator: A function to generate a token from a
- request for the refresh token.
- :param kwargs: Extra parameters to pass to authorization-,
- token-, resource-, and revocation-endpoint constructors.
- """
- auth_grant = AuthorizationCodeGrant(request_validator)
- refresh_grant = RefreshTokenGrant(request_validator)
- bearer = BearerToken(request_validator, token_generator,
- token_expires_in, refresh_token_generator)
- AuthorizationEndpoint.__init__(self, default_response_type='code',
- response_types={'code': auth_grant},
- default_token_type=bearer)
- TokenEndpoint.__init__(self, default_grant_type='authorization_code',
- grant_types={
- 'authorization_code': auth_grant,
- 'refresh_token': refresh_grant,
- },
- default_token_type=bearer)
- ResourceEndpoint.__init__(self, default_token='Bearer',
- token_types={'Bearer': bearer})
- RevocationEndpoint.__init__(self, request_validator)
- class MobileApplicationServer(AuthorizationEndpoint, ResourceEndpoint,
- RevocationEndpoint):
- """An all-in-one endpoint featuring Implicit code grant and Bearer tokens."""
- def __init__(self, request_validator, token_generator=None,
- token_expires_in=None, refresh_token_generator=None, **kwargs):
- """Construct a new implicit grant server.
- :param request_validator: An implementation of
- oauthlib.oauth2.RequestValidator.
- :param token_expires_in: An int or a function to generate a token
- expiration offset (in seconds) given a
- oauthlib.common.Request object.
- :param token_generator: A function to generate a token from a request.
- :param refresh_token_generator: A function to generate a token from a
- request for the refresh token.
- :param kwargs: Extra parameters to pass to authorization-,
- token-, resource-, and revocation-endpoint constructors.
- """
- implicit_grant = ImplicitGrant(request_validator)
- bearer = BearerToken(request_validator, token_generator,
- token_expires_in, refresh_token_generator)
- AuthorizationEndpoint.__init__(self, default_response_type='token',
- response_types={
- 'token': implicit_grant},
- default_token_type=bearer)
- ResourceEndpoint.__init__(self, default_token='Bearer',
- token_types={'Bearer': bearer})
- RevocationEndpoint.__init__(self, request_validator,
- supported_token_types=['access_token'])
- class LegacyApplicationServer(TokenEndpoint, ResourceEndpoint,
- RevocationEndpoint):
- """An all-in-one endpoint featuring Resource Owner Password Credentials grant and Bearer tokens."""
- def __init__(self, request_validator, token_generator=None,
- token_expires_in=None, refresh_token_generator=None, **kwargs):
- """Construct a resource owner password credentials grant server.
- :param request_validator: An implementation of
- oauthlib.oauth2.RequestValidator.
- :param token_expires_in: An int or a function to generate a token
- expiration offset (in seconds) given a
- oauthlib.common.Request object.
- :param token_generator: A function to generate a token from a request.
- :param refresh_token_generator: A function to generate a token from a
- request for the refresh token.
- :param kwargs: Extra parameters to pass to authorization-,
- token-, resource-, and revocation-endpoint constructors.
- """
- password_grant = ResourceOwnerPasswordCredentialsGrant(
- request_validator)
- refresh_grant = RefreshTokenGrant(request_validator)
- bearer = BearerToken(request_validator, token_generator,
- token_expires_in, refresh_token_generator)
- TokenEndpoint.__init__(self, default_grant_type='password',
- grant_types={
- 'password': password_grant,
- 'refresh_token': refresh_grant,
- },
- default_token_type=bearer)
- ResourceEndpoint.__init__(self, default_token='Bearer',
- token_types={'Bearer': bearer})
- RevocationEndpoint.__init__(self, request_validator)
- class BackendApplicationServer(TokenEndpoint, ResourceEndpoint,
- RevocationEndpoint):
- """An all-in-one endpoint featuring Client Credentials grant and Bearer tokens."""
- def __init__(self, request_validator, token_generator=None,
- token_expires_in=None, refresh_token_generator=None, **kwargs):
- """Construct a client credentials grant server.
- :param request_validator: An implementation of
- oauthlib.oauth2.RequestValidator.
- :param token_expires_in: An int or a function to generate a token
- expiration offset (in seconds) given a
- oauthlib.common.Request object.
- :param token_generator: A function to generate a token from a request.
- :param refresh_token_generator: A function to generate a token from a
- request for the refresh token.
- :param kwargs: Extra parameters to pass to authorization-,
- token-, resource-, and revocation-endpoint constructors.
- """
- credentials_grant = ClientCredentialsGrant(request_validator)
- bearer = BearerToken(request_validator, token_generator,
- token_expires_in, refresh_token_generator)
- TokenEndpoint.__init__(self, default_grant_type='client_credentials',
- grant_types={
- 'client_credentials': credentials_grant},
- default_token_type=bearer)
- ResourceEndpoint.__init__(self, default_token='Bearer',
- token_types={'Bearer': bearer})
- RevocationEndpoint.__init__(self, request_validator,
- supported_token_types=['access_token'])
|
