Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/oauthlib/oauth2/rfc6749/clients/mobile_application.py: 50%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

14 statements  

1# -*- coding: utf-8 -*- 

2""" 

3oauthlib.oauth2.rfc6749 

4~~~~~~~~~~~~~~~~~~~~~~~ 

5 

6This module is an implementation of various logic needed 

7for consuming and providing OAuth 2.0 RFC6749. 

8""" 

9from ..parameters import parse_implicit_response, prepare_grant_uri 

10from .base import Client 

11 

12 

13class MobileApplicationClient(Client): 

14 

15 """A public client utilizing the implicit code grant workflow. 

16 

17 A user-agent-based application is a public client in which the 

18 client code is downloaded from a web server and executes within a 

19 user-agent (e.g. web browser) on the device used by the resource 

20 owner. Protocol data and credentials are easily accessible (and 

21 often visible) to the resource owner. Since such applications 

22 reside within the user-agent, they can make seamless use of the 

23 user-agent capabilities when requesting authorization. 

24 

25 The implicit grant type is used to obtain access tokens (it does not 

26 support the issuance of refresh tokens) and is optimized for public 

27 clients known to operate a particular redirection URI. These clients 

28 are typically implemented in a browser using a scripting language 

29 such as JavaScript. 

30 

31 As a redirection-based flow, the client must be capable of 

32 interacting with the resource owner's user-agent (typically a web 

33 browser) and capable of receiving incoming requests (via redirection) 

34 from the authorization server. 

35 

36 Unlike the authorization code grant type in which the client makes 

37 separate requests for authorization and access token, the client 

38 receives the access token as the result of the authorization request. 

39 

40 The implicit grant type does not include client authentication, and 

41 relies on the presence of the resource owner and the registration of 

42 the redirection URI. Because the access token is encoded into the 

43 redirection URI, it may be exposed to the resource owner and other 

44 applications residing on the same device. 

45 """ 

46 

47 response_type = 'token' 

48 

49 def prepare_request_uri(self, uri, redirect_uri=None, scope=None, 

50 state=None, **kwargs): 

51 """Prepare the implicit grant request URI. 

52 

53 The client constructs the request URI by adding the following 

54 parameters to the query component of the authorization endpoint URI 

55 using the "application/x-www-form-urlencoded" format, per `Appendix B`_: 

56 

57 :param redirect_uri: OPTIONAL. The redirect URI must be an absolute URI 

58 and it should have been registered with the OAuth 

59 provider prior to use. As described in `Section 3.1.2`_. 

60 

61 :param scope: OPTIONAL. The scope of the access request as described by 

62 Section 3.3`_. These may be any string but are commonly 

63 URIs or various categories such as ``videos`` or ``documents``. 

64 

65 :param state: RECOMMENDED. An opaque value used by the client to maintain 

66 state between the request and callback. The authorization 

67 server includes this value when redirecting the user-agent back 

68 to the client. The parameter SHOULD be used for preventing 

69 cross-site request forgery as described in `Section 10.12`_. 

70 

71 :param kwargs: Extra arguments to include in the request URI. 

72 

73 In addition to supplied parameters, OAuthLib will append the ``client_id`` 

74 that was provided in the constructor as well as the mandatory ``response_type`` 

75 argument, set to ``token``:: 

76 

77 >>> from oauthlib.oauth2 import MobileApplicationClient 

78 >>> client = MobileApplicationClient('your_id') 

79 >>> client.prepare_request_uri('https://example.com') 

80 'https://example.com?client_id=your_id&response_type=token' 

81 >>> client.prepare_request_uri('https://example.com', redirect_uri='https://a.b/callback') 

82 'https://example.com?client_id=your_id&response_type=token&redirect_uri=https%3A%2F%2Fa.b%2Fcallback' 

83 >>> client.prepare_request_uri('https://example.com', scope=['profile', 'pictures']) 

84 'https://example.com?client_id=your_id&response_type=token&scope=profile+pictures' 

85 >>> client.prepare_request_uri('https://example.com', foo='bar') 

86 'https://example.com?client_id=your_id&response_type=token&foo=bar' 

87 

88 .. _`Appendix B`: https://tools.ietf.org/html/rfc6749#appendix-B 

89 .. _`Section 2.2`: https://tools.ietf.org/html/rfc6749#section-2.2 

90 .. _`Section 3.1.2`: https://tools.ietf.org/html/rfc6749#section-3.1.2 

91 .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 

92 .. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12 

93 """ 

94 scope = self.scope if scope is None else scope 

95 return prepare_grant_uri(uri, self.client_id, self.response_type, 

96 redirect_uri=redirect_uri, state=state, scope=scope, **kwargs) 

97 

98 def parse_request_uri_response(self, uri, state=None, scope=None): 

99 """Parse the response URI fragment. 

100 

101 If the resource owner grants the access request, the authorization 

102 server issues an access token and delivers it to the client by adding 

103 the following parameters to the fragment component of the redirection 

104 URI using the "application/x-www-form-urlencoded" format: 

105 

106 :param uri: The callback URI that resulted from the user being redirected 

107 back from the provider to you, the client. 

108 :param state: The state provided in the authorization request. 

109 :param scope: The scopes provided in the authorization request. 

110 :return: Dictionary of token parameters. 

111 :raises: OAuth2Error if response is invalid. 

112 

113 A successful response should always contain 

114 

115 **access_token** 

116 The access token issued by the authorization server. Often 

117 a random string. 

118 

119 **token_type** 

120 The type of the token issued as described in `Section 7.1`_. 

121 Commonly ``Bearer``. 

122 

123 **state** 

124 If you provided the state parameter in the authorization phase, then 

125 the provider is required to include that exact state value in the 

126 response. 

127 

128 While it is not mandated it is recommended that the provider include 

129 

130 **expires_in** 

131 The lifetime in seconds of the access token. For 

132 example, the value "3600" denotes that the access token will 

133 expire in one hour from the time the response was generated. 

134 If omitted, the authorization server SHOULD provide the 

135 expiration time via other means or document the default value. 

136 

137 **scope** 

138 Providers may supply this in all responses but are required to only 

139 if it has changed since the authorization request. 

140 

141 A few example responses can be seen below:: 

142 

143 >>> response_uri = 'https://example.com/callback#access_token=sdlfkj452&state=ss345asyht&token_type=Bearer&scope=hello+world' 

144 >>> from oauthlib.oauth2 import MobileApplicationClient 

145 >>> client = MobileApplicationClient('your_id') 

146 >>> client.parse_request_uri_response(response_uri) 

147 { 

148 'access_token': 'sdlfkj452', 

149 'token_type': 'Bearer', 

150 'state': 'ss345asyht', 

151 'scope': [u'hello', u'world'] 

152 } 

153 >>> client.parse_request_uri_response(response_uri, state='other') 

154 Traceback (most recent call last): 

155 File "<stdin>", line 1, in <module> 

156 File "oauthlib/oauth2/rfc6749/__init__.py", line 598, in parse_request_uri_response 

157 **scope** 

158 File "oauthlib/oauth2/rfc6749/parameters.py", line 197, in parse_implicit_response 

159 raise ValueError("Mismatching or missing state in params.") 

160 ValueError: Mismatching or missing state in params. 

161 >>> def alert_scope_changed(message, old, new): 

162 ... print(message, old, new) 

163 ... 

164 >>> oauthlib.signals.scope_changed.connect(alert_scope_changed) 

165 >>> client.parse_request_body_response(response_body, scope=['other']) 

166 ('Scope has changed from "other" to "hello world".', ['other'], ['hello', 'world']) 

167 

168 .. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1 

169 .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 

170 """ 

171 scope = self.scope if scope is None else scope 

172 self.token = parse_implicit_response(uri, state=state, scope=scope) 

173 self.populate_token_attributes(self.token) 

174 return self.token