gvsig-scripting / org.gvsig.scripting / trunk / org.gvsig.scripting / org.gvsig.scripting.app / org.gvsig.scripting.app.mainplugin / src / main / resources-plugin / scripting / lib / oauthlib / oauth2 / rfc6749 / clients / legacy_application.py @ 564
History | View | Annotate | Download (3.26 KB)
| 1 |
# -*- coding: utf-8 -*-
|
|---|---|
| 2 |
"""
|
| 3 |
oauthlib.oauth2.rfc6749
|
| 4 |
~~~~~~~~~~~~~~~~~~~~~~~
|
| 5 |
|
| 6 |
This module is an implementation of various logic needed
|
| 7 |
for consuming and providing OAuth 2.0 RFC6749.
|
| 8 |
"""
|
| 9 |
from __future__ import absolute_import, unicode_literals |
| 10 |
|
| 11 |
from .base import Client |
| 12 |
from ..parameters import prepare_token_request |
| 13 |
from ..parameters import parse_token_response |
| 14 |
|
| 15 |
|
| 16 |
class LegacyApplicationClient(Client): |
| 17 |
|
| 18 |
"""A public client using the resource owner password and username directly.
|
| 19 |
|
| 20 |
The resource owner password credentials grant type is suitable in
|
| 21 |
cases where the resource owner has a trust relationship with the
|
| 22 |
client, such as the device operating system or a highly privileged
|
| 23 |
application. The authorization server should take special care when
|
| 24 |
enabling this grant type, and only allow it when other flows are not
|
| 25 |
viable.
|
| 26 |
|
| 27 |
The grant type is suitable for clients capable of obtaining the
|
| 28 |
resource owner's credentials (username and password, typically using
|
| 29 |
an interactive form). It is also used to migrate existing clients
|
| 30 |
using direct authentication schemes such as HTTP Basic or Digest
|
| 31 |
authentication to OAuth by converting the stored credentials to an
|
| 32 |
access token.
|
| 33 |
|
| 34 |
The method through which the client obtains the resource owner
|
| 35 |
credentials is beyond the scope of this specification. The client
|
| 36 |
MUST discard the credentials once an access token has been obtained.
|
| 37 |
"""
|
| 38 |
|
| 39 |
def __init__(self, client_id, **kwargs): |
| 40 |
super(LegacyApplicationClient, self).__init__(client_id, **kwargs) |
| 41 |
|
| 42 |
def prepare_request_body(self, username, password, body='', scope=None, **kwargs): |
| 43 |
"""Add the resource owner password and username to the request body.
|
| 44 |
|
| 45 |
The client makes a request to the token endpoint by adding the
|
| 46 |
following parameters using the "application/x-www-form-urlencoded"
|
| 47 |
format per `Appendix B`_ in the HTTP request entity-body:
|
| 48 |
|
| 49 |
:param username: The resource owner username.
|
| 50 |
:param password: The resource owner password.
|
| 51 |
:param scope: The scope of the access request as described by
|
| 52 |
`Section 3.3`_.
|
| 53 |
:param kwargs: Extra credentials to include in the token request.
|
| 54 |
|
| 55 |
If the client type is confidential or the client was issued client
|
| 56 |
credentials (or assigned other authentication requirements), the
|
| 57 |
client MUST authenticate with the authorization server as described
|
| 58 |
in `Section 3.2.1`_.
|
| 59 |
|
| 60 |
The prepared body will include all provided credentials as well as
|
| 61 |
the ``grant_type`` parameter set to ``password``::
|
| 62 |
|
| 63 |
>>> from oauthlib.oauth2 import LegacyApplicationClient
|
| 64 |
>>> client = LegacyApplicationClient('your_id')
|
| 65 |
>>> client.prepare_request_body(username='foo', password='bar', scope=['hello', 'world'])
|
| 66 |
'grant_type=password&username=foo&scope=hello+world&password=bar'
|
| 67 |
|
| 68 |
.. _`Appendix B`: http://tools.ietf.org/html/rfc6749#appendix-B
|
| 69 |
.. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3
|
| 70 |
.. _`Section 3.2.1`: http://tools.ietf.org/html/rfc6749#section-3.2.1
|
| 71 |
"""
|
| 72 |
return prepare_token_request('password', body=body, username=username, |
| 73 |
password=password, scope=scope, **kwargs) |