From 535846580285635d03a103fc2c6d8c95be57c6f9 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Mon, 4 Aug 2014 18:35:02 +0800 Subject: [PATCH 01/12] Update client.rst Small grammatical error. --- docs/client.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/client.rst b/docs/client.rst index 4186109c..dba6b87f 100644 --- a/docs/client.rst +++ b/docs/client.rst @@ -7,7 +7,7 @@ the imports:: from flask_oauthlib.client import OAuth .. attention:: If you are testing the provider and the client locally, do not - start they listening on the same address because they will + make them start listening on the same address because they will override the `session` of each other leading to strange bugs. eg: start the provider listening on `127.0.0.1:4000` and client listening on `localhost:4000` to avoid this problem. From 7df260660008b13ff5d8a3ad40ba09a6146db37c Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Mon, 4 Aug 2014 18:38:35 +0800 Subject: [PATCH 02/12] Fixing a small grammatical error in client.rst --- docs/client.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/client.rst b/docs/client.rst index dba6b87f..8328f9da 100644 --- a/docs/client.rst +++ b/docs/client.rst @@ -7,7 +7,7 @@ the imports:: from flask_oauthlib.client import OAuth .. attention:: If you are testing the provider and the client locally, do not - make them start listening on the same address because they will + make them start listening on the same address because they will override the `session` of each other leading to strange bugs. eg: start the provider listening on `127.0.0.1:4000` and client listening on `localhost:4000` to avoid this problem. From 2565119798a0cadd33df49c1ec03e3aba3843637 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Tue, 5 Aug 2014 19:28:49 +0800 Subject: [PATCH 03/12] Update oauth2.rst --- docs/oauth2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index 50dd7edf..44a329ea 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -34,7 +34,7 @@ Client (Application) A client is the app which want to use the resource of a user. It is suggested that the client is registered by a user on your site, but it is not required. -The client should contain at least these information: +The client should contain at least these details: - client_id: A random string - client_secret: A random string From d5b90672e196088df65860059d5796d588439068 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Wed, 6 Aug 2014 11:54:51 +0800 Subject: [PATCH 04/12] Update oauth2.rst --- docs/oauth2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index 44a329ea..66d959ec 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -219,7 +219,7 @@ config: Implements ---------- -The implementings of authorization flow needs two handlers, one is authorize +The implementation of authorization flow needs two handlers, one is authorize handler for user to confirm the grant, the other is token handler for client to exchange/refresh access token. From d337f8009eb86b82fe847c5557e32b0163b8c492 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Wed, 6 Aug 2014 11:56:44 +0800 Subject: [PATCH 05/12] Update oauth2.rst --- docs/oauth2.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index 66d959ec..b5103822 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -216,12 +216,12 @@ config: ================================== ========================================== -Implements ----------- +Implementation +-------------- -The implementation of authorization flow needs two handlers, one is authorize -handler for user to confirm the grant, the other is token handler for client -to exchange/refresh access token. +The implementation of authorization flow needs two handlers, one is the authorization +handler for the user to confirm the grant, the other is the token handler for the client +to exchange/refresh access tokens. Before the implementing of authorize and token handler, we need to set up some getters and setter to communicate with the database. From 39ad4609563b2fda6012a94db6ec8a61007cc521 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Wed, 6 Aug 2014 11:57:23 +0800 Subject: [PATCH 06/12] Update oauth2.rst --- docs/oauth2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index b5103822..c78980b8 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -224,7 +224,7 @@ handler for the user to confirm the grant, the other is the token handler for th to exchange/refresh access tokens. Before the implementing of authorize and token handler, we need to set up some -getters and setter to communicate with the database. +getters and setters to communicate with the database. Client getter ````````````` From b19132350a09d94ae0692884dcb6f9ee2285cd16 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Wed, 6 Aug 2014 12:08:38 +0800 Subject: [PATCH 07/12] Update oauth2.rst --- docs/oauth2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index c78980b8..ea7743fc 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -269,7 +269,7 @@ implemented with decorators:: In the sample code, there is a ``get_current_user`` method, that will return the current user object, you should implement it yourself. -The ``request`` object is defined by ``OAuthlib``, you can get at least these +The ``request`` object is defined by ``OAuthlib``, you can get at least this much information: - client: client model object From b415c2613604871cb1658130943794715ecb8033 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Wed, 6 Aug 2014 12:10:00 +0800 Subject: [PATCH 08/12] Update oauth2.rst --- docs/oauth2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index ea7743fc..0f27a54f 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -284,7 +284,7 @@ information: Token getter and setter ``````````````````````` -Token getter and setters are required. They are used in the authorization flow +Token getter and setter are required. They are used in the authorization flow and accessing resource flow. Implemented with decorators:: @oauth.tokengetter From b65b90e7955da85879340fbd44e7869c0b50ece4 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Wed, 6 Aug 2014 12:11:02 +0800 Subject: [PATCH 09/12] Update oauth2.rst --- docs/oauth2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index 0f27a54f..e5ce514e 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -285,7 +285,7 @@ Token getter and setter ``````````````````````` Token getter and setter are required. They are used in the authorization flow -and accessing resource flow. Implemented with decorators:: +and accessing resource flow. They are implemented with decorators as follows:: @oauth.tokengetter def load_token(access_token=None, refresh_token=None): From 1a0adce09f7abcd7b5f4f00daf706d1ca7d7ec02 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Wed, 6 Aug 2014 12:57:59 +0800 Subject: [PATCH 10/12] Update oauth2.rst --- docs/oauth2.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index e5ce514e..ced17493 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -340,7 +340,7 @@ The ``request`` is an object like the one in grant setter. User getter ``````````` -User getter is optional. It is only required if you need password credential +User getter is optional. It is only required if you need password-based credential authorization:: @oauth.usergetter @@ -378,8 +378,8 @@ kwargs are: - redirect_uri: redirect_uri parameter - response_type: response_type parameter -The POST request needs to return a bool value that tells whether user grantted -the access or not. +The POST request needs to return a bool value that tells whether user granted +access or not. There is a ``@require_login`` decorator in the sample code, you should implement it yourself. @@ -388,7 +388,7 @@ implement it yourself. Token handler ````````````` -Token handler is a decorator for exchange/refresh access token. You don't need +Token handler is a decorator for exchanging/refreshing access token. You don't need to do much:: @app.route('/oauth/token') @@ -425,7 +425,7 @@ Subclass way ```````````` If you are not satisfied with the decorator way of getters and setters, you can -implements them in the subclass way:: +implement them in the subclass way:: class MyProvider(OAuth2Provider): def _clientgetter(self, client_id): @@ -453,7 +453,7 @@ Protect the resource of a user with ``require_oauth`` decorator now:: user = User.query.filter_by(username=username).first() return jsonify(email=user.email, username=user.username) -The decorator accepts a list of scopes, only the clients with the given scopes +The decorator accepts a list of scopes and only the clients with the given scopes can access the defined resources. .. versionchanged:: 0.5.0 From 77628e9f1e58ebe75d6bb7fcef36bb7dae8b8cc0 Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Wed, 6 Aug 2014 13:01:21 +0800 Subject: [PATCH 11/12] Update oauth2.rst --- docs/oauth2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index ced17493..e45ed7b7 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -34,7 +34,7 @@ Client (Application) A client is the app which want to use the resource of a user. It is suggested that the client is registered by a user on your site, but it is not required. -The client should contain at least these details: +The client should contain at least these properties: - client_id: A random string - client_secret: A random string From 3e75a4c387733f8f539114b4910680fc34fb251f Mon Sep 17 00:00:00 2001 From: Arnav Kumar Date: Thu, 7 Aug 2014 12:04:34 +0800 Subject: [PATCH 12/12] Update oauth2.rst --- docs/oauth2.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oauth2.rst b/docs/oauth2.rst index e45ed7b7..09fa122a 100644 --- a/docs/oauth2.rst +++ b/docs/oauth2.rst @@ -340,7 +340,7 @@ The ``request`` is an object like the one in grant setter. User getter ``````````` -User getter is optional. It is only required if you need password-based credential +User getter is optional. It is only required if you need password credential authorization:: @oauth.usergetter