Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Introduced RefreshTokenGrant #82

Closed
wants to merge 8 commits into from

2 participants

@Chez

I have introduced a RefreshTokenGrant in grant_types.py. I am using this as a replacement for the AuthorisationCodeGrant when the consumer sends a refresh token request. If you are handling this a different way server side could you point that out as it is not obvious.

Cheers

@ib-lundgren
Collaborator

Awesome! I was planning on creating a grant for this but forgot to document it anywhere. Well spotted and great initiative. Can't look over it now but will try and find some time this week.

@Chez

No worries, it's a basic version of the AuthorisationCodeGrant :)

@ib-lundgren
Collaborator

Just an update, you are not forgotten and I'll patch your PR in at some point this week =)

@ib-lundgren
Collaborator

I broke a fair bit off your PR with my recent update so I copied it in manually and adjusted a few things to match my updates. I like that you started to break out redirect validation from the request validator and hope to get around to doing that for both auth code and implicit tomorrow.

I added you to authors, let me know if you'd rather not be listed.

@Chez
@Chez
@ib-lundgren
Collaborator
@Chez
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 28, 2012
  1. @Chez
  2. @Chez

    changed RefreshTokenGrant error for failing validate_refresh_token to…

    Chez authored
    … InvalidRequestError as per the Oauth2 spec 5.2
Commits on Dec 1, 2012
  1. @Chez
  2. @Chez
Commits on Dec 2, 2012
  1. @Chez
Commits on Dec 3, 2012
  1. @Chez
Commits on Dec 7, 2012
  1. @Chez
Commits on Dec 12, 2012
  1. @Chez
This page is out of date. Refresh to see the latest.
View
2  oauthlib/oauth2/draft25/__init__.py
@@ -621,7 +621,7 @@ def default_token(self):
def create_token_response(self, uri, http_method='GET', body=None, headers=None):
"""Extract grant_type and route to the designated handler."""
request = Request(uri, http_method=http_method, body=body, headers=headers)
- query_params = params_from_uri(self.request.uri)
+ query_params = params_from_uri(request.uri)
body_params = self.request.decoded_body
# Prioritize grant_type defined as body param over those in uri.
View
73 oauthlib/oauth2/draft25/grant_types.py
@@ -33,7 +33,7 @@ def validate_request(self, request, response_types=None):
if not request.response_type in response_types:
raise errors.UnsupportedResponseTypeError(state=request.state)
- self.validate_request_scopes(request)
+ self.validate_request_scope(request)
if getattr(request, 'redirect_uri', None):
if not is_absolute_uri(request.redirect_uri):
@@ -49,18 +49,18 @@ def validate_request(self, request, response_types=None):
return True
- def validate_request_scopes(self, request):
+ def validate_request_scope(self, request):
request.state = getattr(request, 'state', None)
- if request.scopes:
- if not self.validate_scopes(request.client_id, request.scopes):
+ if request.scope:
+ if not self.validate_scope(request.client_id, request.scope):
raise errors.InvalidScopeError(state=request.state)
else:
- request.scopes = self.get_default_scopes(request.client_id)
+ request.scope = self.get_default_scope(request.client_id)
def validate_client(self, client, *args, **kwargs):
raise NotImplementedError('Subclasses must implement this method.')
- def validate_scopes(self, client, scopes):
+ def validate_scope(self, client, scope):
raise NotImplementedError('Subclasses must implement this method.')
def validate_user(self, username, password, client=None):
@@ -72,7 +72,7 @@ def validate_redirect_uri(self, client, redirect_uri):
def get_default_redirect_uri(self, client):
raise NotImplementedError('Subclasses must implement this method.')
- def get_default_scopes(self, client):
+ def get_default_scope(self, client):
raise NotImplementedError('Subclasses must implement this method.')
@@ -88,7 +88,7 @@ def create_token_response(self, request, token_handler):
class AuthorizationCodeGrant(GrantTypeBase):
@property
- def scopes(self):
+ def scope(self):
return ('default',)
@property
@@ -155,9 +155,62 @@ def validate_token_request(self, request):
if not self.request_validator.validate_code(request.client, request.code):
raise errors.InvalidGrantError()
+ # validate_redirect_uri must be provided by the
+ # subclass validator and Check that the redirect uri is the same
+ # as the one passed in with Authorisation end point.
+ redirect_uri = getattr(request, 'redirect_uri', None)
+ if not self.request_validator.validate_redirect_uri(request.client, redirect_uri):
+ raise errors.InvalidRequestError()
+
# TODO: validate scopes
+class RefreshTokenGrant(GrantTypeBase):
+
+ @property
+ def scope(self):
+ return ('default',)
+
+ @property
+ def error_uri(self):
+ return '/oauth_error'
+
+ def __init__(self, request_validator=None):
+ self.request_validator = request_validator or RequestValidator()
+
+ def create_token_response(self, request, token_handler):
+ """
+ Validate the refresh token grant and the actual refresh token.
+
+ The client MUST use the refresh token provided on issue of the
+ access token.
+ """
+ try:
+ self.validate_token_request(request)
+ except errors.OAuth2Error as e:
+ return e.json
+ return json.dumps(token_handler(request, refresh_token=True))
+
+ def validate_token_request(self, request):
+
+ if getattr(request, 'grant_type', '') != 'refresh_token':
+ raise errors.UnsupportedGrantTypeError()
+
+ if not getattr(request, 'refresh_token', None):
+ raise errors.InvalidRequestError(
+ description='Missing refresh token parameter.')
+
+ # TODO: document diff client & client_id, former is authenticated
+ # outside spec, i.e. http basic
+ if (not hasattr(request, 'client') or
+ not self.request_validator.validate_client(request.client, request.grant_type)):
+ raise errors.UnauthorizedClientError()
+
+ # validate_refresh_token must be provided by the subclass request_validator.
+ if not self.request_validator.validate_refresh_token(request.client, request.refresh_token):
+ raise errors.InvalidRequestError()
+
+
class ImplicitGrant(GrantTypeBase):
"""`Implicit Grant`_
@@ -374,7 +427,7 @@ def validate_token_request(self, request):
request.password, client=client):
raise errors.InvalidGrantError('Invalid credentials given.')
- self.request_validator.validate_request_scopes(request)
+ self.request_validator.validate_request_scope(request)
class ClientCredentialsGrant(GrantTypeBase):
@@ -440,4 +493,4 @@ def validate_token_request(self, request):
if not request.grant_type == 'client_credentials':
raise errors.UnsupportedGrantTypeError()
- self.request_validator.validate_request_scopes(request)
+ self.request_validator.validate_request_scope(request)
View
4 oauthlib/oauth2/draft25/tokens.py
@@ -182,8 +182,8 @@ def __call__(self, request, refresh_token=False):
'expires_in': self.expires_in,
'token_type': 'Bearer',
}
- if request.scopes is not None:
- token['scope'] = ' '.join(request.scopes)
+ if request.scope is not None:
+ token['scope'] = ' '.join(request.scope)
if request.state is not None:
token['state'] = request.state
Something went wrong with that request. Please try again.