288 lines
11 KiB
Python
288 lines
11 KiB
Python
"""
|
|
oauthlib.oauth2.rfc6749.endpoints.pre_configured
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
This module is an implementation of various endpoints needed
|
|
for providing OAuth 2.0 RFC6749 servers.
|
|
"""
|
|
|
|
from ..grant_types import (
|
|
AuthorizationCodeGrant,
|
|
ClientCredentialsGrant,
|
|
ImplicitGrant,
|
|
RefreshTokenGrant,
|
|
ResourceOwnerPasswordCredentialsGrant,
|
|
)
|
|
from ..tokens import BearerToken
|
|
from .authorization import AuthorizationEndpoint
|
|
from .introspect import IntrospectEndpoint
|
|
from .resource import ResourceEndpoint
|
|
from .revocation import RevocationEndpoint
|
|
from .token import TokenEndpoint
|
|
from oauthlib.oauth2.rfc8628.grant_types import DeviceCodeGrant
|
|
|
|
|
|
class Server(
|
|
AuthorizationEndpoint, IntrospectEndpoint, TokenEndpoint, ResourceEndpoint, RevocationEndpoint
|
|
):
|
|
"""
|
|
An all-in-one endpoint featuring all four major grant types
|
|
and extension grants.
|
|
"""
|
|
|
|
def __init__(
|
|
self,
|
|
request_validator,
|
|
token_expires_in=None,
|
|
token_generator=None,
|
|
refresh_token_generator=None,
|
|
*args,
|
|
**kwargs,
|
|
):
|
|
"""Construct a new all-grants-in-one server.
|
|
|
|
:param request_validator: An implementation of
|
|
oauthlib.oauth2.RequestValidator.
|
|
:param token_expires_in: An int or a function to generate a token
|
|
expiration offset (in seconds) given a
|
|
oauthlib.common.Request object.
|
|
:param token_generator: A function to generate a token from a request.
|
|
:param refresh_token_generator: A function to generate a token from a
|
|
request for the refresh token.
|
|
:param kwargs: Extra parameters to pass to authorization-,
|
|
token-, resource-, and revocation-endpoint constructors.
|
|
"""
|
|
self.auth_grant = AuthorizationCodeGrant(request_validator)
|
|
self.implicit_grant = ImplicitGrant(request_validator)
|
|
self.password_grant = ResourceOwnerPasswordCredentialsGrant(request_validator)
|
|
self.credentials_grant = ClientCredentialsGrant(request_validator)
|
|
self.refresh_grant = RefreshTokenGrant(request_validator)
|
|
self.device_code_grant = DeviceCodeGrant(request_validator, **kwargs)
|
|
|
|
self.bearer = BearerToken(
|
|
request_validator, token_generator, token_expires_in, refresh_token_generator
|
|
)
|
|
|
|
AuthorizationEndpoint.__init__(
|
|
self,
|
|
default_response_type="code",
|
|
response_types={
|
|
"code": self.auth_grant,
|
|
"token": self.implicit_grant,
|
|
"none": self.auth_grant,
|
|
},
|
|
default_token_type=self.bearer,
|
|
)
|
|
|
|
TokenEndpoint.__init__(
|
|
self,
|
|
default_grant_type="authorization_code",
|
|
grant_types={
|
|
"authorization_code": self.auth_grant,
|
|
"password": self.password_grant,
|
|
"client_credentials": self.credentials_grant,
|
|
"refresh_token": self.refresh_grant,
|
|
"urn:ietf:params:oauth:grant-type:device_code": self.device_code_grant,
|
|
},
|
|
default_token_type=self.bearer,
|
|
)
|
|
ResourceEndpoint.__init__(
|
|
self, default_token="Bearer", token_types={"Bearer": self.bearer}
|
|
)
|
|
RevocationEndpoint.__init__(self, request_validator)
|
|
IntrospectEndpoint.__init__(self, request_validator)
|
|
|
|
|
|
class WebApplicationServer(
|
|
AuthorizationEndpoint, IntrospectEndpoint, TokenEndpoint, ResourceEndpoint, RevocationEndpoint
|
|
):
|
|
"""An all-in-one endpoint featuring Authorization code grant and Bearer tokens."""
|
|
|
|
def __init__(
|
|
self,
|
|
request_validator,
|
|
token_generator=None,
|
|
token_expires_in=None,
|
|
refresh_token_generator=None,
|
|
**kwargs,
|
|
):
|
|
"""Construct a new web application server.
|
|
|
|
:param request_validator: An implementation of
|
|
oauthlib.oauth2.RequestValidator.
|
|
:param token_expires_in: An int or a function to generate a token
|
|
expiration offset (in seconds) given a
|
|
oauthlib.common.Request object.
|
|
:param token_generator: A function to generate a token from a request.
|
|
:param refresh_token_generator: A function to generate a token from a
|
|
request for the refresh token.
|
|
:param kwargs: Extra parameters to pass to authorization-,
|
|
token-, resource-, and revocation-endpoint constructors.
|
|
"""
|
|
self.auth_grant = AuthorizationCodeGrant(request_validator)
|
|
self.refresh_grant = RefreshTokenGrant(request_validator)
|
|
self.bearer = BearerToken(
|
|
request_validator, token_generator, token_expires_in, refresh_token_generator
|
|
)
|
|
AuthorizationEndpoint.__init__(
|
|
self,
|
|
default_response_type="code",
|
|
response_types={"code": self.auth_grant},
|
|
default_token_type=self.bearer,
|
|
)
|
|
TokenEndpoint.__init__(
|
|
self,
|
|
default_grant_type="authorization_code",
|
|
grant_types={
|
|
"authorization_code": self.auth_grant,
|
|
"refresh_token": self.refresh_grant,
|
|
},
|
|
default_token_type=self.bearer,
|
|
)
|
|
ResourceEndpoint.__init__(
|
|
self, default_token="Bearer", token_types={"Bearer": self.bearer}
|
|
)
|
|
RevocationEndpoint.__init__(self, request_validator)
|
|
IntrospectEndpoint.__init__(self, request_validator)
|
|
|
|
|
|
class MobileApplicationServer(
|
|
AuthorizationEndpoint, IntrospectEndpoint, ResourceEndpoint, RevocationEndpoint
|
|
):
|
|
"""An all-in-one endpoint featuring Implicit code grant and Bearer tokens."""
|
|
|
|
def __init__(
|
|
self,
|
|
request_validator,
|
|
token_generator=None,
|
|
token_expires_in=None,
|
|
refresh_token_generator=None,
|
|
**kwargs,
|
|
):
|
|
"""Construct a new implicit grant server.
|
|
|
|
:param request_validator: An implementation of
|
|
oauthlib.oauth2.RequestValidator.
|
|
:param token_expires_in: An int or a function to generate a token
|
|
expiration offset (in seconds) given a
|
|
oauthlib.common.Request object.
|
|
:param token_generator: A function to generate a token from a request.
|
|
:param refresh_token_generator: A function to generate a token from a
|
|
request for the refresh token.
|
|
:param kwargs: Extra parameters to pass to authorization-,
|
|
token-, resource-, and revocation-endpoint constructors.
|
|
"""
|
|
self.implicit_grant = ImplicitGrant(request_validator)
|
|
self.bearer = BearerToken(
|
|
request_validator, token_generator, token_expires_in, refresh_token_generator
|
|
)
|
|
AuthorizationEndpoint.__init__(
|
|
self,
|
|
default_response_type="token",
|
|
response_types={"token": self.implicit_grant},
|
|
default_token_type=self.bearer,
|
|
)
|
|
ResourceEndpoint.__init__(
|
|
self, default_token="Bearer", token_types={"Bearer": self.bearer}
|
|
)
|
|
RevocationEndpoint.__init__(
|
|
self, request_validator, supported_token_types=["access_token"]
|
|
)
|
|
IntrospectEndpoint.__init__(
|
|
self, request_validator, supported_token_types=["access_token"]
|
|
)
|
|
|
|
|
|
class LegacyApplicationServer(
|
|
TokenEndpoint, IntrospectEndpoint, ResourceEndpoint, RevocationEndpoint
|
|
):
|
|
"""An all-in-one endpoint featuring Resource Owner Password Credentials grant and Bearer tokens."""
|
|
|
|
def __init__(
|
|
self,
|
|
request_validator,
|
|
token_generator=None,
|
|
token_expires_in=None,
|
|
refresh_token_generator=None,
|
|
**kwargs,
|
|
):
|
|
"""Construct a resource owner password credentials grant server.
|
|
|
|
:param request_validator: An implementation of
|
|
oauthlib.oauth2.RequestValidator.
|
|
:param token_expires_in: An int or a function to generate a token
|
|
expiration offset (in seconds) given a
|
|
oauthlib.common.Request object.
|
|
:param token_generator: A function to generate a token from a request.
|
|
:param refresh_token_generator: A function to generate a token from a
|
|
request for the refresh token.
|
|
:param kwargs: Extra parameters to pass to authorization-,
|
|
token-, resource-, and revocation-endpoint constructors.
|
|
"""
|
|
self.password_grant = ResourceOwnerPasswordCredentialsGrant(request_validator)
|
|
self.refresh_grant = RefreshTokenGrant(request_validator)
|
|
self.bearer = BearerToken(
|
|
request_validator, token_generator, token_expires_in, refresh_token_generator
|
|
)
|
|
TokenEndpoint.__init__(
|
|
self,
|
|
default_grant_type="password",
|
|
grant_types={
|
|
"password": self.password_grant,
|
|
"refresh_token": self.refresh_grant,
|
|
},
|
|
default_token_type=self.bearer,
|
|
)
|
|
ResourceEndpoint.__init__(
|
|
self, default_token="Bearer", token_types={"Bearer": self.bearer}
|
|
)
|
|
RevocationEndpoint.__init__(self, request_validator)
|
|
IntrospectEndpoint.__init__(self, request_validator)
|
|
|
|
|
|
class BackendApplicationServer(
|
|
TokenEndpoint, IntrospectEndpoint, ResourceEndpoint, RevocationEndpoint
|
|
):
|
|
"""An all-in-one endpoint featuring Client Credentials grant and Bearer tokens."""
|
|
|
|
def __init__(
|
|
self,
|
|
request_validator,
|
|
token_generator=None,
|
|
token_expires_in=None,
|
|
refresh_token_generator=None,
|
|
**kwargs,
|
|
):
|
|
"""Construct a client credentials grant server.
|
|
|
|
:param request_validator: An implementation of
|
|
oauthlib.oauth2.RequestValidator.
|
|
:param token_expires_in: An int or a function to generate a token
|
|
expiration offset (in seconds) given a
|
|
oauthlib.common.Request object.
|
|
:param token_generator: A function to generate a token from a request.
|
|
:param refresh_token_generator: A function to generate a token from a
|
|
request for the refresh token.
|
|
:param kwargs: Extra parameters to pass to authorization-,
|
|
token-, resource-, and revocation-endpoint constructors.
|
|
"""
|
|
self.credentials_grant = ClientCredentialsGrant(request_validator)
|
|
self.bearer = BearerToken(
|
|
request_validator, token_generator, token_expires_in, refresh_token_generator
|
|
)
|
|
TokenEndpoint.__init__(
|
|
self,
|
|
default_grant_type="client_credentials",
|
|
grant_types={"client_credentials": self.credentials_grant},
|
|
default_token_type=self.bearer,
|
|
)
|
|
ResourceEndpoint.__init__(
|
|
self, default_token="Bearer", token_types={"Bearer": self.bearer}
|
|
)
|
|
RevocationEndpoint.__init__(
|
|
self, request_validator, supported_token_types=["access_token"]
|
|
)
|
|
IntrospectEndpoint.__init__(
|
|
self, request_validator, supported_token_types=["access_token"]
|
|
)
|