-
-
Notifications
You must be signed in to change notification settings - Fork 480
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
148 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
================= | ||
Custom Grant type | ||
================= | ||
|
||
Writing a custom grant type can be useful to implement a specification | ||
which is in an early draft, or implement a grant provided by a | ||
specific OAuth2.0 Authorization Server documentation but not provided | ||
by oauthlib. For information, any grant types with a clear | ||
specification can be integrated in oauthlib, just make a PR for that ! | ||
See :doc:`how to contribute here </contributing>`. | ||
|
||
Please find how to create a new grant and use it in an endpoint: | ||
|
||
.. contents:: Tutorial Contents | ||
:depth: 3 | ||
|
||
|
||
1. Define your Grant Type | ||
------------------------- | ||
The heart of your code is done by subclassing | ||
:py:class:`GrantTypeBase`. If you want to use it in the Authorize | ||
endpoint, you will have to implement | ||
:py:meth:`create_authorization_response`, if you want to use the Token | ||
endpoint, implement :py:meth:`create_token_response`. You can also | ||
implement both. | ||
|
||
2. Implement the grant | ||
---------------------- | ||
Inside the method's implementation, you will have to: | ||
|
||
* add validations of the request (syntax, parameters, ...) | ||
* call and orchestrate one or multiple Request Validators calls | ||
* generate and return HTTP response | ||
|
||
You can define new Request Validator methods if needed, or reuse the | ||
existing ones. | ||
|
||
3. Associate it with Endpoints | ||
------------------------------ | ||
Then, once implemented, you have to instanciate the grant object and | ||
bind it to your endpoint. Either :py:class:`AuthorizationEndpoint`, | ||
:py:class:`TokenEndpoint` or both. | ||
|
||
4. Example | ||
---------- | ||
This example shows how to add a simple extension to the `Token endpoint`: | ||
|
||
* creation of a new class ``MyCustomGrant``, and implement ``create_token_response``. | ||
* do basics and custom request validations, then call a custom method | ||
of `Request Validator` to extend the interface for the implementor. | ||
* instanciate the new grant, and bind it with an existing ``Server``. | ||
|
||
.. code-block:: python | ||
grant_name = 'urn:ietf:params:oauth:grant-type:my-custom-grant' | ||
class MyCustomGrant(GrantTypeBase): | ||
def create_token_response(self, request, token_handler): | ||
if not request.grant_type == grant_name: | ||
raise errors.UnsupportedGrantTypeError(request=request) | ||
# implement your custom validation checks | ||
# .. | ||
self.request_validator.your_custom_check(request) | ||
token = token_handler.create_token(request) | ||
return self._get_default_headers(), json.dumps(token), 200 | ||
def setup_oauthlib(): | ||
my_custom_grant = MyCustomGrant() | ||
server = Server(request_validator) | ||
server.grant_types[grant_name] = my_custom_grant | ||
You can find concrete examples directly in the code source of existing | ||
grants and existing servers. See Grant Types in | ||
:py:mod:`oauthlib.oauth2.rfc749.grant_types`, and Servers in | ||
:py:mod:`oauthlib.oauth2.rfc749.endpoints.pre_configured` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,15 @@ | ||
Custom Validators | ||
----------------- | ||
|
||
.. autoclass:: oauthlib.oauth2.rfc6749.grant_types.base.ValidatorsContainer | ||
The Custom validators are useful when you want to change a particular | ||
behavior of an existing grant. That is often needed because of the | ||
diversity of the identity softwares and to let the oauthlib framework to be | ||
flexible as possible. | ||
|
||
However, if you are looking into writing a custom grant type, please | ||
refer to the :doc:`Custom Grant Type </oauth2/grants/custom_grant>` | ||
instead. | ||
|
||
.. autoclass:: | ||
oauthlib.oauth2.rfc6749.grant_types.base.ValidatorsContainer | ||
:members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
Refresh Token Grant | ||
------------------------ | ||
|
||
.. autoclass:: oauthlib.oauth2.RefreshTokenGrant | ||
:members: | ||
:inherited-members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters