pyramid-oauthlib 1.0.0

使用概述

配置

def includeme(config):
    """Integration with OAuthLib is as smooth as possible."""
    from oauthlib.oauth2 import BearerToken, AuthorizationCodeGrant

    # Validator callback functions are passed Pyramid request objects so
    # you can access your request properties, database sessions, etc.
    # The request object is populated with accessors for the properties
    # referred to in the OAuthLib docs and used by its built in types.
    validator = MyRequestValidator()

    # Register response types to create grants.
    config.add_response_type('oauthlib.oauth2.AuthorizationCodeGrant',
                             name='code',
                             request_validator=validator)

    # Register grant types to validate token requests.
    config.add_grant_type('oauthlib.oauth2.AuthorizationCodeGrant',
                          name='authorization_code',
                          request_validator=validator)

    # Register the token types to use at token endpoints.
    # The second parameter to all registrations may be left out to set it
    # as default to use when no corresponding request parameter specifies
    # the grant, response or token type. Be aware that the built in types
    # will fail if a matching request parameter is missing, though.
    config.add_token_type('oauthlib.oauth2.BearerToken',
                          request_validator=validator)

令牌响应

def access_token(request):
    """Core functionality is available directly from the request.

    Responses from OAuthLib are wrapped in a response object of type
    :class:`pyramid.response.Response` so they can be returned directly
    from views.
    """
    userid = request.authenticated_userid
    if userid is not None:
        credentials = dict(userId=userid)
    else:
        credentials = None

    return request.create_token_response(credentials=credentials)

自定义授权类型

from oauthlib.oauth2 import ClientCredentialsGrant, InvalidClientError
from pyramid.authentication import BadCSRFToken
from pyramid.session import check_csrf_token

class SessionGrant(ClientCredentialsGrant):

    """A combined authentication and authorization session assertion grant.

    When the Authorization Server and the Token Service are the same server
    this grant type uses a single assertion, the CSRF token, for client
    authentication and an authorization grant.[1] This works particularly
    well with :class:`pyramid.authentication.SessionAuthenticationPolicy`.

    [1] http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-3
    """

    def validate_token_request(self, request):
        try:
            check_csrf_token(request, token='assertion')
        except BadCSRFToken:
            raise InvalidClientError(request=request)

        # An object with the confidential client_id and client_secret.
        request.client = LOCAL_CLIENT

        if request.client is None:
            raise InvalidClientError(request=request)

        request.client_id = request.client_id or request.client.client_id


def includeme(config):
    config.add_grant_type(SessionGrant, 'assertion')

许可证

Pyramid OAuthLib 在 2-Clause BSD License 下发布，有时也称为“简化版BSD许可证”或“FreeBSD许可证”。更多许可证信息可以在包含的 LICENSE.txt 文件中找到。

重大更改

• 停止支持Pyramid 1.3及以下版本。

功能

• Pyramid 1.10支持。

功能

• 便于集成 OAuth 流的请求方法。

• 用于与 OAuthLib 模块集成的请求参数。

• 注册新的授权、响应和令牌类型，(可选) 使用点分命名解析。

• 可查询的配置。

• 完整的单元测试覆盖率

本版本中缺少

• 支持撤销。