aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authentication
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth/authentication')
-rw-r--r--gn3/auth/authentication/oauth2/resource_server.py19
-rw-r--r--gn3/auth/authentication/oauth2/views.py14
2 files changed, 32 insertions, 1 deletions
diff --git a/gn3/auth/authentication/oauth2/resource_server.py b/gn3/auth/authentication/oauth2/resource_server.py
new file mode 100644
index 0000000..885cbd8
--- /dev/null
+++ b/gn3/auth/authentication/oauth2/resource_server.py
@@ -0,0 +1,19 @@
+"""Protect the resources endpoints"""
+
+from flask import current_app as app
+from authlib.oauth2.rfc6750 import BearerTokenValidator as _BearerTokenValidator
+from authlib.integrations.flask_oauth2 import ResourceProtector, current_token
+
+from gn3.auth import db
+from gn3.auth.authentication.oauth2.models.oauth2token import token_by_access_token
+
+class BearerTokenValidator(_BearerTokenValidator):
+ """Extends `authlib.oauth2.rfc6750.BearerTokenValidator`"""
+ def authenticate_token(self, token_string: str):
+ with db.connection(app.config["AUTH_DB"]) as conn:
+ return token_by_access_token(conn, token_string).maybe(
+ None, lambda tok: tok)
+
+require_oauth = ResourceProtector()
+
+require_oauth.register_token_validator(BearerTokenValidator())
diff --git a/gn3/auth/authentication/oauth2/views.py b/gn3/auth/authentication/oauth2/views.py
index 58fa6d4..0947aa2 100644
--- a/gn3/auth/authentication/oauth2/views.py
+++ b/gn3/auth/authentication/oauth2/views.py
@@ -1,8 +1,9 @@
"""Endpoints for the oauth2 server"""
import uuid
-from flask import Blueprint, current_app as app
+from flask import jsonify, Blueprint, current_app as app
+from .resource_server import require_oauth
from .endpoints.revocation import RevocationEndpoint
from .endpoints.introspection import IntrospectionEndpoint
@@ -40,3 +41,14 @@ def introspect_token():
"""Provide introspection information for the token."""
return app.config["OAUTH2_SERVER"].create_endpoint_response(
IntrospectionEndpoint.ENDPOINT_NAME)
+
+@oauth2.route("/user")
+@require_oauth("profile")
+def user_details():
+ with require_oauth.acquire("profile") as token:
+ user = token.user
+ return jsonify({
+ "user_id": user.user_id,
+ "email": user.email,
+ "name": user.name
+ })