diff options
author | Frederick Muriuki Muriithi | 2023-08-04 10:10:28 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2023-08-04 10:20:09 +0300 |
commit | 8b7c598407a5fea9a3d78473e72df87606998cd4 (patch) | |
tree | 8526433a17eca6b511feb082a0574f9b15cb9469 /gn_auth/auth/authentication/oauth2/server.py | |
parent | f7fcbbcc014686ac597b783a8dcb38b43024b9d6 (diff) | |
download | gn-auth-8b7c598407a5fea9a3d78473e72df87606998cd4.tar.gz |
Copy over files from GN3 repository.
Diffstat (limited to 'gn_auth/auth/authentication/oauth2/server.py')
-rw-r--r-- | gn_auth/auth/authentication/oauth2/server.py | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py new file mode 100644 index 0000000..7d7113a --- /dev/null +++ b/gn_auth/auth/authentication/oauth2/server.py @@ -0,0 +1,72 @@ +"""Initialise the OAuth2 Server""" +import uuid +import datetime +from typing import Callable + +from flask import Flask, current_app +from authlib.oauth2.rfc6749.errors import InvalidClientError +from authlib.integrations.flask_oauth2 import AuthorizationServer +# from authlib.oauth2.rfc7636 import CodeChallenge + +from gn3.auth import db + +from .models.oauth2client import client +from .models.oauth2token import OAuth2Token, save_token + +from .grants.password_grant import PasswordGrant +from .grants.authorisation_code_grant import AuthorisationCodeGrant + +from .endpoints.revocation import RevocationEndpoint +from .endpoints.introspection import IntrospectionEndpoint + +def create_query_client_func() -> Callable: + """Create the function that loads the client.""" + def __query_client__(client_id: uuid.UUID): + # use current_app rather than passing the db_uri to avoid issues + # when config changes, e.g. while testing. + with db.connection(current_app.config["AUTH_DB"]) as conn: + the_client = client(conn, client_id).maybe( + None, lambda clt: clt) # type: ignore[misc] + if bool(the_client): + return the_client + raise InvalidClientError( + "No client found for the given CLIENT_ID and CLIENT_SECRET.") + + return __query_client__ + +def create_save_token_func(token_model: type) -> Callable: + """Create the function that saves the token.""" + def __save_token__(token, request): + with db.connection(current_app.config["AUTH_DB"]) as conn: + save_token( + conn, token_model( + token_id=uuid.uuid4(), client=request.client, + user=request.user, + **{ + "refresh_token": None, "revoked": False, + "issued_at": datetime.datetime.now(), + **token + })) + + return __save_token__ + +def setup_oauth2_server(app: Flask) -> None: + """Set's up the oauth2 server for the flask application.""" + server = AuthorizationServer() + server.register_grant(PasswordGrant) + + # Figure out a common `code_verifier` for GN2 and GN3 and set + # server.register_grant(AuthorisationCodeGrant, [CodeChallenge(required=False)]) + # below + server.register_grant(AuthorisationCodeGrant) + + # register endpoints + server.register_endpoint(RevocationEndpoint) + server.register_endpoint(IntrospectionEndpoint) + + # init server + server.init_app( + app, + query_client=create_query_client_func(), + save_token=create_save_token_func(OAuth2Token)) + app.config["OAUTH2_SERVER"] = server |