From 5526f0316c2714d30e47a90f81e0ff686a29042f Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 8 May 2023 16:31:38 +0300
Subject: auth: Implement "Authorization Code Flow"

Implement the "Authorization Code Flow" for the authentication of users.

* gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py: query and
  save the authorisation code.
* gn3/auth/authentication/oauth2/models/authorization_code.py: Implement the
  `AuthorisationCode` model
* gn3/auth/authentication/oauth2/models/oauth2client.py: Fix typo
* gn3/auth/authentication/oauth2/server.py: Register the
  `AuthorisationCodeGrant` grant with the server.
* gn3/auth/authentication/oauth2/views.py: Implement `/authorise` endpoint
* gn3/templates/base.html: New HTML Templates of authorisation UI
* gn3/templates/common-macros.html: New HTML Templates of authorisation UI
* gn3/templates/oauth2/authorise-user.html: New HTML Templates of
  authorisation UI
* main.py: Allow both "code" and "token" response types.
---
 gn3/auth/authentication/oauth2/server.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'gn3/auth/authentication/oauth2/server.py')

diff --git a/gn3/auth/authentication/oauth2/server.py b/gn3/auth/authentication/oauth2/server.py
index 73c9340..e9946b4 100644
--- a/gn3/auth/authentication/oauth2/server.py
+++ b/gn3/auth/authentication/oauth2/server.py
@@ -5,8 +5,7 @@ from typing import Callable
 
 from flask import Flask, current_app
 from authlib.integrations.flask_oauth2 import AuthorizationServer
-# from authlib.integrations.sqla_oauth2 import (
-#     create_save_token_func, create_query_client_func)
+# from authlib.oauth2.rfc7636 import CodeChallenge
 
 from gn3.auth import db
 
@@ -14,7 +13,7 @@ from .models.oauth2client import client
 from .models.oauth2token import OAuth2Token, save_token
 
 from .grants.password_grant import PasswordGrant
-# from .grants.authorisation_code_grant import AuthorisationCodeGrant
+from .grants.authorisation_code_grant import AuthorisationCodeGrant
 
 from .endpoints.revocation import RevocationEndpoint
 from .endpoints.introspection import IntrospectionEndpoint
@@ -49,7 +48,11 @@ def setup_oauth2_server(app: Flask) -> None:
     """Set's up the oauth2 server for the flask application."""
     server = AuthorizationServer()
     server.register_grant(PasswordGrant)
-    # server.register_grant(AuthorisationCodeGrant)
+
+    # Figure out a common `code_verifier` for GN2 and GN3 and set
+    # server.register_grant(AuthorisationCodeGrant, [CodeChallenge(required=False)])
+    # below
+    server.register_grant(AuthorisationCodeGrant)
 
     # register endpoints
     server.register_endpoint(RevocationEndpoint)
-- 
cgit v1.2.3