Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/oauthlib/oauth2/rfc6749/endpoints/authorization.py: 50%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

40 statements  

1""" 

2oauthlib.oauth2.rfc6749 

3~~~~~~~~~~~~~~~~~~~~~~~ 

4 

5This module is an implementation of various logic needed 

6for consuming and providing OAuth 2.0 RFC6749. 

7""" 

8import logging 

9 

10from oauthlib.common import Request 

11from oauthlib.oauth2.rfc6749 import utils 

12 

13from .base import BaseEndpoint, catch_errors_and_unavailability 

14 

15log = logging.getLogger(__name__) 

16 

17 

18class AuthorizationEndpoint(BaseEndpoint): 

19 

20 """Authorization endpoint - used by the client to obtain authorization 

21 from the resource owner via user-agent redirection. 

22 

23 The authorization endpoint is used to interact with the resource 

24 owner and obtain an authorization grant. The authorization server 

25 MUST first verify the identity of the resource owner. The way in 

26 which the authorization server authenticates the resource owner (e.g. 

27 username and password login, session cookies) is beyond the scope of 

28 this specification. 

29 

30 The endpoint URI MAY include an "application/x-www-form-urlencoded" 

31 formatted (per `Appendix B`_) query component, 

32 which MUST be retained when adding additional query parameters. The 

33 endpoint URI MUST NOT include a fragment component:: 

34 

35 https://example.com/path?query=component # OK 

36 https://example.com/path?query=component#fragment # Not OK 

37 

38 Since requests to the authorization endpoint result in user 

39 authentication and the transmission of clear-text credentials (in the 

40 HTTP response), the authorization server MUST require the use of TLS 

41 as described in Section 1.6 when sending requests to the 

42 authorization endpoint:: 

43 

44 # We will deny any request which URI schema is not with https 

45 

46 The authorization server MUST support the use of the HTTP "GET" 

47 method [RFC2616] for the authorization endpoint, and MAY support the 

48 use of the "POST" method as well:: 

49 

50 # HTTP method is currently not enforced 

51 

52 Parameters sent without a value MUST be treated as if they were 

53 omitted from the request. The authorization server MUST ignore 

54 unrecognized request parameters. Request and response parameters 

55 MUST NOT be included more than once:: 

56 

57 # Enforced through the design of oauthlib.common.Request 

58 

59 .. _`Appendix B`: https://tools.ietf.org/html/rfc6749#appendix-B 

60 """ 

61 

62 def __init__(self, default_response_type, default_token_type, 

63 response_types): 

64 BaseEndpoint.__init__(self) 

65 self._response_types = response_types 

66 self._default_response_type = default_response_type 

67 self._default_token_type = default_token_type 

68 

69 @property 

70 def response_types(self): 

71 return self._response_types 

72 

73 @property 

74 def default_response_type(self): 

75 return self._default_response_type 

76 

77 @property 

78 def default_response_type_handler(self): 

79 return self.response_types.get(self.default_response_type) 

80 

81 @property 

82 def default_token_type(self): 

83 return self._default_token_type 

84 

85 @catch_errors_and_unavailability 

86 def create_authorization_response(self, uri, http_method='GET', body=None, 

87 headers=None, scopes=None, credentials=None): 

88 """Extract response_type and route to the designated handler.""" 

89 request = Request( 

90 uri, http_method=http_method, body=body, headers=headers) 

91 request.scopes = scopes 

92 # TODO: decide whether this should be a required argument 

93 request.user = None # TODO: explain this in docs 

94 for k, v in (credentials or {}).items(): 

95 setattr(request, k, v) 

96 response_type_handler = self.response_types.get( 

97 request.response_type, self.default_response_type_handler) 

98 log.debug('Dispatching response_type %s request to %r.', 

99 request.response_type, response_type_handler) 

100 return response_type_handler.create_authorization_response( 

101 request, self.default_token_type) 

102 

103 @catch_errors_and_unavailability 

104 def validate_authorization_request(self, uri, http_method='GET', body=None, 

105 headers=None): 

106 """Extract response_type and route to the designated handler.""" 

107 request = Request( 

108 uri, http_method=http_method, body=body, headers=headers) 

109 

110 request.scopes = utils.scope_to_list(request.scope) 

111 

112 response_type_handler = self.response_types.get( 

113 request.response_type, self.default_response_type_handler) 

114 return response_type_handler.validate_authorization_request(request)