Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/oauthlib/openid/connect/core/grant_types/hybrid.py: 39%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

28 statements  

1""" 

2oauthlib.openid.connect.core.grant_types 

3~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

4""" 

5import logging 

6 

7from oauthlib.oauth2.rfc6749.errors import InvalidRequestError 

8from oauthlib.oauth2.rfc6749.grant_types.authorization_code import ( 

9 AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant, 

10) 

11 

12from ..request_validator import RequestValidator 

13from .base import GrantTypeBase 

14 

15log = logging.getLogger(__name__) 

16 

17 

18class HybridGrant(GrantTypeBase): 

19 

20 def __init__(self, request_validator=None, **kwargs): 

21 self.request_validator = request_validator or RequestValidator() 

22 

23 self.proxy_target = OAuth2AuthorizationCodeGrant( 

24 request_validator=request_validator, **kwargs) 

25 # All hybrid response types should be fragment-encoded. 

26 self.proxy_target.default_response_mode = "fragment" 

27 self.register_response_type('code id_token') 

28 self.register_response_type('code token') 

29 self.register_response_type('code id_token token') 

30 self.custom_validators.post_auth.append( 

31 self.openid_authorization_validator) 

32 # Hybrid flows can return the id_token from the authorization 

33 # endpoint as part of the 'code' response 

34 self.register_code_modifier(self.add_token) 

35 self.register_code_modifier(self.add_id_token) 

36 self.register_token_modifier(self.add_id_token) 

37 

38 def add_id_token(self, token, token_handler, request): 

39 return super().add_id_token(token, token_handler, request, nonce=request.nonce) 

40 

41 def openid_authorization_validator(self, request): 

42 """Additional validation when following the Authorization Code flow. 

43 """ 

44 request_info = super().openid_authorization_validator(request) 

45 if not request_info: # returns immediately if OAuth2.0 

46 return request_info 

47 

48 # REQUIRED if the Response Type of the request is `code 

49 # id_token` or `code id_token token` and OPTIONAL when the 

50 # Response Type of the request is `code token`. It is a string 

51 # value used to associate a Client session with an ID Token, 

52 # and to mitigate replay attacks. The value is passed through 

53 # unmodified from the Authentication Request to the ID 

54 # Token. Sufficient entropy MUST be present in the `nonce` 

55 # values used to prevent attackers from guessing values. For 

56 # implementation notes, see Section 15.5.2. 

57 if request.response_type in ["code id_token", "code id_token token"] and not request.nonce: 

58 raise InvalidRequestError( 

59 request=request, 

60 description='Request is missing mandatory nonce parameter.' 

61 ) 

62 return request_info