OAuthSv¶

class clink.service.OAuthSv(authdb_sv, acc_sv, auth_conf)[source]¶

Limited OAuth2 implementation

Parameters:	authdb_sv (AuthDbSv) – acc_sv (AccSv) – auth_conf (AuthConf) –

mktoken_pwd(name, password)[source]¶

Create an token from account name and password

Parameters:	name (str) – password (str) –
Return type:	dict
Raises:	NonExistError –

mktoken_rtoken(rtoken)[source]¶

Create an token from refresh token

Parameters:	rtoken (str) –
Return type:	dict
Raises:	TypeError – ExpiredError –

authen(access_token)[source]¶

Authenticate access token

Parameters:	access_token (str) –
Return type:	bson.objectid.ObjectId
Raises:	FormatError – ExpiredError –

authen_req(req)[source]¶

Authenticate HTTP request

Rtype mongo.objectid.ObjectId:
Parameters:	req (Request) –

Raises:	Http400Error –

Notes¶

It doesn’t support all of OAuth2 specification, here are supported features:

RFC 6749, section 4.3 - Resource Owner Password Credentials Grant
RFC 6749, section 6 - Refreshing an Access Token
RFC 7519 - JSON Web Token

Other specifications isn’t supported because it’s complicated without browsers. For example, mobile device need polls auth server to gets token instead of gets it from auth provider directly.

Use this limited OAuth specification, you can’t perform external login with other OAuth Providers, you can only use name-password to get token and refresh that token. However, it work in simply on all of platform.

It also ignore authorization ‘scope’. Authorization is perform by query database, not by information in access_token.

Example¶

oauth_sv.py¶

from clink.service import OAuthSv, MongoSv, AuthDbSv, AccSv, \
                          AuthConf, MongoConf


mongo_conf = MongoConf('mongodb://localhost', 'book-db')
mongo_sv = MongoSv(mongo_conf)

root_pwd = 'root-pwd'
root_email = 'root@email.com'
root_email_pwd = 'root-email-pwd'
root_email_server = 'smtp.email.com'
root_email_server_port = 587
auth_conf = AuthConf(
    root_pwd, root_email, root_email_pwd, root_email_server,
    root_email_server_port, 'jwt-key'
)

authdb_sv = AuthDbSv(mongo_sv)
acc_sv = AccSv(authdb_sv, auth_conf)
oauth_sv = OAuthSv(authdb_sv, acc_sv, auth_conf)

token = oauth_sv.mktoken_pwd('root', root_pwd)
for k, v in token.items():
    str_v = str(v)
    print('%s: %s...' % (k, str_v[0:32]))

$ python oauth_sv.py

Testing¶

$ python oauth_sv.py
token_type: Bearer...
refresh_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUx...
expires_in: 1495561355.3989384...
access_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUx...