Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1"""
2oauthlib.openid.connect.core.grant_types
3~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4"""
5import logging
7from oauthlib.oauth2.rfc6749.errors import InvalidRequestError
8from oauthlib.oauth2.rfc6749.grant_types.implicit import (
9 ImplicitGrant as OAuth2ImplicitGrant,
10)
12from .base import GrantTypeBase
14log = logging.getLogger(__name__)
17class ImplicitGrant(GrantTypeBase):
19 def __init__(self, request_validator=None, **kwargs):
20 self.proxy_target = OAuth2ImplicitGrant(
21 request_validator=request_validator, **kwargs)
22 self.register_response_type('id_token')
23 self.register_response_type('id_token token')
24 self.custom_validators.post_auth.append(
25 self.openid_authorization_validator)
26 self.register_token_modifier(self.add_id_token)
28 def add_id_token(self, token, token_handler, request):
29 if 'state' not in token and request.state:
30 token['state'] = request.state
31 return super().add_id_token(token, token_handler, request, nonce=request.nonce)
33 def openid_authorization_validator(self, request):
34 """Additional validation when following the implicit flow.
35 """
36 request_info = super().openid_authorization_validator(request)
37 if not request_info: # returns immediately if OAuth2.0
38 return request_info
40 # REQUIRED. String value used to associate a Client session with an ID
41 # Token, and to mitigate replay attacks. The value is passed through
42 # unmodified from the Authentication Request to the ID Token.
43 # Sufficient entropy MUST be present in the nonce values used to
44 # prevent attackers from guessing values. For implementation notes, see
45 # Section 15.5.2.
46 if not request.nonce:
47 raise InvalidRequestError(
48 request=request,
49 description='Request is missing mandatory nonce parameter.'
50 )
51 return request_info