You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 lines
3.1 KiB
75 lines
3.1 KiB
# -*- coding: utf-8 -*-
|
|
"""
|
|
oauthlib.oauth2.rfc6749
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
This module is an implementation of various logic needed
|
|
for consuming and providing OAuth 2.0 RFC6749.
|
|
"""
|
|
from ..parameters import prepare_token_request
|
|
from .base import Client
|
|
|
|
|
|
class BackendApplicationClient(Client):
|
|
|
|
"""A public client utilizing the client credentials grant workflow.
|
|
|
|
The client can request an access token using only its client
|
|
credentials (or other supported means of authentication) when the
|
|
client is requesting access to the protected resources under its
|
|
control, or those of another resource owner which has been previously
|
|
arranged with the authorization server (the method of which is beyond
|
|
the scope of this specification).
|
|
|
|
The client credentials grant type MUST only be used by confidential
|
|
clients.
|
|
|
|
Since the client authentication is used as the authorization grant,
|
|
no additional authorization request is needed.
|
|
"""
|
|
|
|
grant_type = 'client_credentials'
|
|
|
|
def prepare_request_body(self, body='', scope=None,
|
|
include_client_id=False, **kwargs):
|
|
"""Add the client credentials to the request body.
|
|
|
|
The client makes a request to the token endpoint by adding the
|
|
following parameters using the "application/x-www-form-urlencoded"
|
|
format per `Appendix B`_ in the HTTP request entity-body:
|
|
|
|
:param body: Existing request body (URL encoded string) to embed parameters
|
|
into. This may contain extra parameters. Default ''.
|
|
:param scope: The scope of the access request as described by
|
|
`Section 3.3`_.
|
|
|
|
:param include_client_id: `True` to send the `client_id` in the
|
|
body of the upstream request. This is required
|
|
if the client is not authenticating with the
|
|
authorization server as described in
|
|
`Section 3.2.1`_. False otherwise (default).
|
|
:type include_client_id: Boolean
|
|
|
|
:param kwargs: Extra credentials to include in the token request.
|
|
|
|
The client MUST authenticate with the authorization server as
|
|
described in `Section 3.2.1`_.
|
|
|
|
The prepared body will include all provided credentials as well as
|
|
the ``grant_type`` parameter set to ``client_credentials``::
|
|
|
|
>>> from oauthlib.oauth2 import BackendApplicationClient
|
|
>>> client = BackendApplicationClient('your_id')
|
|
>>> client.prepare_request_body(scope=['hello', 'world'])
|
|
'grant_type=client_credentials&scope=hello+world'
|
|
|
|
.. _`Appendix B`: https://tools.ietf.org/html/rfc6749#appendix-B
|
|
.. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
|
|
.. _`Section 3.2.1`: https://tools.ietf.org/html/rfc6749#section-3.2.1
|
|
"""
|
|
kwargs['client_id'] = self.client_id
|
|
kwargs['include_client_id'] = include_client_id
|
|
scope = self.scope if scope is None else scope
|
|
return prepare_token_request(self.grant_type, body=body,
|
|
scope=scope, **kwargs)
|