OAuthSv¶
-
class
clink.service.
OAuthSv
(authdb_sv, acc_sv, auth_conf)[source]¶ Limited OAuth2 implementation
Parameters: -
mktoken_pwd
(name, password)[source]¶ Create an token from account name and password
Parameters: Return type: Raises:
-
mktoken_rtoken
(rtoken)[source]¶ Create an token from refresh token
Parameters: rtoken (str) –
Return type: Raises:
-
authen
(access_token)[source]¶ Authenticate access token
Parameters: access_token (str) –
Return type: Raises:
-
authen_req
(req)[source]¶ Authenticate HTTP request
Parameters: req (Request) – Rtype mongo.objectid.ObjectId: Raises: Http400Error –
-
Notes¶
It doesn’t support all of OAuth2 specification, here are supported features:
- RFC 6749, section 4.3 - Resource Owner Password Credentials Grant
- RFC 6749, section 6 - Refreshing an Access Token
- RFC 7519 - JSON Web Token
Other specifications isn’t supported because it’s complicated without browsers. For example, mobile device need polls auth server to gets token instead of gets it from auth provider directly.
Use this limited OAuth specification, you can’t perform external login with other OAuth Providers, you can only use name-password to get token and refresh that token. However, it work in simply on all of platform.
It also ignore authorization ‘scope’. Authorization is perform by query database, not by information in access_token.
Example¶
from clink.service import OAuthSv, MongoSv, AuthDbSv, AccSv, \
AuthConf, MongoConf
mongo_conf = MongoConf('mongodb://localhost', 'book-db')
mongo_sv = MongoSv(mongo_conf)
root_pwd = 'root-pwd'
root_email = 'root@email.com'
root_email_pwd = 'root-email-pwd'
root_email_server = 'smtp.email.com'
root_email_server_port = 587
auth_conf = AuthConf(
root_pwd, root_email, root_email_pwd, root_email_server,
root_email_server_port, 'jwt-key'
)
authdb_sv = AuthDbSv(mongo_sv)
acc_sv = AccSv(authdb_sv, auth_conf)
oauth_sv = OAuthSv(authdb_sv, acc_sv, auth_conf)
token = oauth_sv.mktoken_pwd('root', root_pwd)
for k, v in token.items():
str_v = str(v)
print('%s: %s...' % (k, str_v[0:32]))
$ python oauth_sv.py
Testing¶
$ python oauth_sv.py
token_type: Bearer...
refresh_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUx...
expires_in: 1495561355.3989384...
access_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUx...