auth: Add resource server and /user endpoint

Add a resource server with the validator for the bearer token to protect the
resources endpoints.

Add a protected `/user` endpoint that returns the user details for valid
tokens.

* gn3/auth/authentication/oauth2/resource_server.py: new file
* gn3/auth/authentication/oauth2/views.py: add /user endpoint

1 files changed, 13 insertions, 1 deletions

diff --git a/gn3/auth/authentication/oauth2/views.py b/gn3/auth/authentication/oauth2/views.py
index 58fa6d4..0947aa2 100644
--- a/gn3/auth/authentication/oauth2/views.py
+++ b/gn3/auth/authentication/oauth2/views.py
@@ -1,8 +1,9 @@
 """Endpoints for the oauth2 server"""
 import uuid
 
-from flask import Blueprint, current_app as app
+from flask import jsonify, Blueprint, current_app as app
 
+from .resource_server import require_oauth
 from .endpoints.revocation import RevocationEndpoint
 from .endpoints.introspection import IntrospectionEndpoint
 
@@ -40,3 +41,14 @@ def introspect_token():
     """Provide introspection information for the token."""
     return app.config["OAUTH2_SERVER"].create_endpoint_response(
         IntrospectionEndpoint.ENDPOINT_NAME)
+
+@oauth2.route("/user")
+@require_oauth("profile")
+def user_details():
+    with require_oauth.acquire("profile") as token:
+        user = token.user
+        return jsonify({
+            "user_id": user.user_id,
+            "email": user.email,
+            "name": user.name
+        })