diff options
| author | Ib Lundgren <ib.lundgren@gmail.com> | 2013-05-30 09:54:30 +0100 |
|---|---|---|
| committer | Ib Lundgren <ib.lundgren@gmail.com> | 2013-05-30 09:54:30 +0100 |
| commit | 00843c732475c914c58d00716262a63666d74b4a (patch) | |
| tree | 97ff705286980d4f272066041b5238c00dc4f2b9 | |
| parent | 90b2d14cdad2e001b3ccd696fb8007e7b96e82d8 (diff) | |
| download | oauthlib-00843c732475c914c58d00716262a63666d74b4a.tar.gz | |
Update references to point to RFC.
| -rw-r--r-- | oauthlib/oauth2/draft25/__init__.py | 80 | ||||
| -rw-r--r-- | oauthlib/oauth2/draft25/errors.py | 15 | ||||
| -rw-r--r-- | oauthlib/oauth2/draft25/grant_types.py | 15 | ||||
| -rw-r--r-- | oauthlib/oauth2/draft25/parameters.py | 164 | ||||
| -rw-r--r-- | oauthlib/oauth2/draft25/tokens.py | 6 |
5 files changed, 161 insertions, 119 deletions
diff --git a/oauthlib/oauth2/draft25/__init__.py b/oauthlib/oauth2/draft25/__init__.py index 91c0c27..f8ee488 100644 --- a/oauthlib/oauth2/draft25/__init__.py +++ b/oauthlib/oauth2/draft25/__init__.py @@ -2,18 +2,18 @@ from __future__ import absolute_import, unicode_literals """ -oauthlib.oauth2.draft_25 -~~~~~~~~~~~~~~ +oauthlib.oauth2.rfc6749 +~~~~~~~~~~~~~~~~~~~~~~~ This module is an implementation of various logic needed -for signing and checking OAuth 2.0 draft 25 requests. +for consuming and providing OAuth 2.0 RFC6749. """ import datetime import functools import logging from oauthlib.common import Request -from oauthlib.oauth2.draft25 import tokens, grant_types +from . import tokens, grant_types from .errors import TokenExpiredError, InsecureTransportError from .errors import TemporarilyUnavailableError, ServerError from .errors import FatalClientError, OAuth2Error @@ -96,7 +96,7 @@ class Client(object): type. For example, the "bearer" token type defined in - [I-D.ietf-oauth-v2-bearer] is utilized by simply including the access + [`I-D.ietf-oauth-v2-bearer`_] is utilized by simply including the access token string in the request: .. code-block:: http @@ -105,7 +105,7 @@ class Client(object): Host: example.com Authorization: Bearer mF_9.B5f-4.1JqM - while the "mac" token type defined in [I-D.ietf-oauth-v2-http-mac] is + while the "mac" token type defined in [`I-D.ietf-oauth-v2-http-mac`_] is utilized by issuing a MAC key together with the access token which is used to sign certain components of the HTTP requests: @@ -117,8 +117,8 @@ class Client(object): nonce="274312:dj83hs9s", mac="kDZvddkndxvhGRXZhvuDjEWhGeE=" - .. _`I-D.ietf-oauth-v2-bearer`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#ref-I-D.ietf-oauth-v2-bearer - .. _`I-D.ietf-oauth-v2-http-mac`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#ref-I-D.ietf-oauth-v2-http-mac + .. _`I-D.ietf-oauth-v2-bearer`: http://tools.ietf.org/html/rfc6749#section-12.2 + .. _`I-D.ietf-oauth-v2-http-mac`: http://tools.ietf.org/html/rfc6749#section-12.2 """ if not uri.lower().startswith('https://'): raise InsecureTransportError() @@ -379,11 +379,11 @@ class WebApplicationClient(Client): >>> client.parse_request_uri_response(uri, state='other') Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 357, in parse_request_uri_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 357, in parse_request_uri_response back from the provider to you, the client. - File "oauthlib/oauth2/draft25/parameters.py", line 153, in parse_authorization_code_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 153, in parse_authorization_code_response raise MismatchingStateError() - oauthlib.oauth2.draft25.errors.MismatchingStateError + oauthlib.oauth2.rfc6749.errors.MismatchingStateError """ response = parse_authorization_code_response(uri, state=state) self._populate_attributes(response) @@ -457,11 +457,11 @@ class WebApplicationClient(Client): >>> client.parse_request_body_response(response_body, scope=['images']) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response .. _`Section 5.2`: http://tools.ietf.org/html/rfc6749#section-5.2 - File "oauthlib/oauth2/draft25/parameters.py", line 263, in parse_token_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 263, in parse_token_response validate_token_parameters(params, scope) - File "oauthlib/oauth2/draft25/parameters.py", line 285, in validate_token_parameters + File "oauthlib/oauth2/rfc6749/parameters.py", line 285, in validate_token_parameters raise Warning("Scope has changed to %s." % new_scope) Warning: Scope has changed to [u'hello', u'world']. @@ -471,13 +471,13 @@ class WebApplicationClient(Client): >>> client.parse_request_body_response(response_body) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response - File "oauthlib/oauth2/draft25/parameters.py", line 263, in parse_token_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 263, in parse_token_response validate_token_parameters(params, scope) - File "oauthlib/oauth2/draft25/parameters.py", line 276, in validate_token_parameters + File "oauthlib/oauth2/rfc6749/parameters.py", line 276, in validate_token_parameters raise MissingTokenTypeError() - oauthlib.oauth2.draft25.errors.MissingTokenTypeError + oauthlib.oauth2.rfc6749.errors.MissingTokenTypeError .. _`Section 5.1`: http://tools.ietf.org/html/rfc6749#section-5.1 .. _`Section 5.2`: http://tools.ietf.org/html/rfc6749#section-5.2 @@ -627,19 +627,19 @@ class MobileApplicationClient(Client): >>> client.parse_request_uri_response(response_uri, state='other') Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 598, in parse_request_uri_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 598, in parse_request_uri_response **scope** - File "oauthlib/oauth2/draft25/parameters.py", line 197, in parse_implicit_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 197, in parse_implicit_response raise ValueError("Mismatching or missing state in params.") ValueError: Mismatching or missing state in params. >>> client.parse_request_uri_response(response_uri, scope=['other']) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 598, in parse_request_uri_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 598, in parse_request_uri_response **scope** - File "oauthlib/oauth2/draft25/parameters.py", line 199, in parse_implicit_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 199, in parse_implicit_response validate_token_parameters(params, scope) - File "oauthlib/oauth2/draft25/parameters.py", line 285, in validate_token_parameters + File "oauthlib/oauth2/rfc6749/parameters.py", line 285, in validate_token_parameters raise Warning("Scope has changed to %s." % new_scope) Warning: Scope has changed to [u'hello', u'world']. @@ -765,11 +765,11 @@ class BackendApplicationClient(Client): >>> client.parse_request_body_response(response_body, scope=['images']) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response .. _`Section 5.2`: http://tools.ietf.org/html/rfc6749#section-5.2 - File "oauthlib/oauth2/draft25/parameters.py", line 263, in parse_token_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 263, in parse_token_response validate_token_parameters(params, scope) - File "oauthlib/oauth2/draft25/parameters.py", line 285, in validate_token_parameters + File "oauthlib/oauth2/rfc6749/parameters.py", line 285, in validate_token_parameters raise Warning("Scope has changed to %s." % new_scope) Warning: Scope has changed to [u'hello', u'world']. @@ -779,13 +779,13 @@ class BackendApplicationClient(Client): >>> client.parse_request_body_response(response_body) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response - File "oauthlib/oauth2/draft25/parameters.py", line 263, in parse_token_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 263, in parse_token_response validate_token_parameters(params, scope) - File "oauthlib/oauth2/draft25/parameters.py", line 276, in validate_token_parameters + File "oauthlib/oauth2/rfc6749/parameters.py", line 276, in validate_token_parameters raise MissingTokenTypeError() - oauthlib.oauth2.draft25.errors.MissingTokenTypeError + oauthlib.oauth2.rfc6749.errors.MissingTokenTypeError .. _`Section 5.1`: http://tools.ietf.org/html/rfc6749#section-5.1 .. _`Section 5.2`: http://tools.ietf.org/html/rfc6749#section-5.2 @@ -922,11 +922,11 @@ class LegacyApplicationClient(Client): >>> client.parse_request_body_response(response_body, scope=['images']) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response .. _`Section 5.2`: http://tools.ietf.org/html/rfc6749#section-5.2 - File "oauthlib/oauth2/draft25/parameters.py", line 263, in parse_token_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 263, in parse_token_response validate_token_parameters(params, scope) - File "oauthlib/oauth2/draft25/parameters.py", line 285, in validate_token_parameters + File "oauthlib/oauth2/rfc6749/parameters.py", line 285, in validate_token_parameters raise Warning("Scope has changed to %s." % new_scope) Warning: Scope has changed to [u'hello', u'world']. @@ -936,13 +936,13 @@ class LegacyApplicationClient(Client): >>> client.parse_request_body_response(response_body) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response - File "oauthlib/oauth2/draft25/__init__.py", line 421, in parse_request_body_response - File "oauthlib/oauth2/draft25/parameters.py", line 263, in parse_token_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/__init__.py", line 421, in parse_request_body_response + File "oauthlib/oauth2/rfc6749/parameters.py", line 263, in parse_token_response validate_token_parameters(params, scope) - File "oauthlib/oauth2/draft25/parameters.py", line 276, in validate_token_parameters + File "oauthlib/oauth2/rfc6749/parameters.py", line 276, in validate_token_parameters raise MissingTokenTypeError() - oauthlib.oauth2.draft25.errors.MissingTokenTypeError + oauthlib.oauth2.rfc6749.errors.MissingTokenTypeError .. _`Section 5.1`: http://tools.ietf.org/html/rfc6749#section-5.1 .. _`Section 5.2`: http://tools.ietf.org/html/rfc6749#section-5.2 diff --git a/oauthlib/oauth2/draft25/errors.py b/oauthlib/oauth2/draft25/errors.py index 6b7fc03..7b8cc31 100644 --- a/oauthlib/oauth2/draft25/errors.py +++ b/oauthlib/oauth2/draft25/errors.py @@ -1,7 +1,10 @@ # coding=utf-8 """ -oauthlib.oauth2.draft_25.errors +oauthlib.oauth2.rfc6749.errors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Error used both by OAuth 2 clients and provicers to represent the spec +defined error responses for all four core grant types. """ from __future__ import unicode_literals import json @@ -94,6 +97,16 @@ class MissingTokenTypeError(OAuth2Error): class FatalClientError(OAuth2Error): + """Errors during authorization where user should not be redirected back. + + If the request fails due to a missing, invalid, or mismatching + redirection URI, or if the client identifier is missing or invalid, + the authorization server SHOULD inform the resource owner of the + error and MUST NOT automatically redirect the user-agent to the + invalid redirection URI. + + Instead the user should be informed of the error by the provider itself. + """ pass diff --git a/oauthlib/oauth2/draft25/grant_types.py b/oauthlib/oauth2/draft25/grant_types.py index 0b96bb7..25edcc8 100644 --- a/oauthlib/oauth2/draft25/grant_types.py +++ b/oauthlib/oauth2/draft25/grant_types.py @@ -1,15 +1,16 @@ # -*- coding: utf-8 -*- """ -oauthlib.oauth2.draft_25.grant_types +oauthlib.oauth2.rfc6749.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ """ -from __future__ import unicode_literals +from __future__ import unicode_literals, absolute_import import json import logging from oauthlib import common -from oauthlib.oauth2.draft25 import errors, utils from oauthlib.uri_validate import is_absolute_uri +from . import errors, utils + log = logging.getLogger('oauthlib') @@ -547,7 +548,7 @@ class AuthorizationCodeGrant(GrantTypeBase): >>> grant.create_authorization_response(request, token) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/grant_types.py", line 513, in create_authorization_response + File "oauthlib/oauth2/rfc6749/grant_types.py", line 513, in create_authorization_response raise ValueError('Scopes must be set on post auth.') ValueError: Scopes must be set on post auth. >>> request.scopes = ['authorized', 'in', 'some', 'form'] @@ -563,10 +564,10 @@ class AuthorizationCodeGrant(GrantTypeBase): >>> grant.create_authorization_response(request, token) Traceback (most recent call last): File "<stdin>", line 1, in <module> - File "oauthlib/oauth2/draft25/grant_types.py", line 515, in create_authorization_response + File "oauthlib/oauth2/rfc6749/grant_types.py", line 515, in create_authorization_response >>> grant.create_authorization_response(request, token) - File "oauthlib/oauth2/draft25/grant_types.py", line 591, in validate_authorization_request - oauthlib.oauth2.draft25.errors.InvalidClientIdError + File "oauthlib/oauth2/rfc6749/grant_types.py", line 591, in validate_authorization_request + oauthlib.oauth2.rfc6749.errors.InvalidClientIdError .. _`Appendix B`: http://tools.ietf.org/html/rfc6749#appendix-B .. _`Section 2.2`: http://tools.ietf.org/html/rfc6749#section-2.2 diff --git a/oauthlib/oauth2/draft25/parameters.py b/oauthlib/oauth2/draft25/parameters.py index d171305..f4421ff 100644 --- a/oauthlib/oauth2/draft25/parameters.py +++ b/oauthlib/oauth2/draft25/parameters.py @@ -2,12 +2,12 @@ from __future__ import absolute_import, unicode_literals """ -oauthlib.oauth2_draft28.parameters +oauthlib.oauth2.rfc6749.parameters ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -This module contains methods related to `Section 4`_ of the OAuth 2 draft. +This module contains methods related to `Section 4`_ of the OAuth 2 RFC. -.. _`Section 4`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-4 +.. _`Section 4`: http://tools.ietf.org/html/rfc6749#section-4 """ import json @@ -28,34 +28,38 @@ def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None, The client constructs the request URI by adding the following parameters to the query component of the authorization endpoint URI - using the "application/x-www-form-urlencoded" format as defined by - [W3C.REC-html401-19991224]: - - response_type - REQUIRED. Value MUST be set to "code". - client_id - REQUIRED. The client identifier as described in `Section 2.2`_. - redirect_uri - OPTIONAL. As described in `Section 3.1.2`_. - scope - OPTIONAL. The scope of the access request as described by - `Section 3.3`_. - state - RECOMMENDED. An opaque value used by the client to maintain - state between the request and callback. The authorization - server includes this value when redirecting the user-agent back - to the client. The parameter SHOULD be used for preventing - cross-site request forgery as described in `Section 10.12`_. - - GET /authorize?response_type=code&client_id=s6BhdRkqt3&state=xyz - &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb HTTP/1.1 - Host: server.example.com - - .. _`W3C.REC-html401-19991224`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#ref-W3C.REC-html401-19991224 - .. _`Section 2.2`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-2.2 - .. _`Section 3.1.2`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-3.1.2 - .. _`Section 3.3`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-3.3 - .. _`section 10.12`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-10.12 + using the ``application/x-www-form-urlencoded`` format as defined by + [`W3C.REC-html401-19991224`_]: + + :param response_type: To indicate which OAuth 2 grant/flow is required, + "code" and "token". + :param client_id: The client identifier as described in `Section 2.2`_. + :param redirect_uri: The client provided URI to redirect back to after + authorization as described in `Section 3.1.2`_. + :param scope: The scope of the access request as described by + `Section 3.3`_. + + :param state: An opaque value used by the client to maintain + state between the request and callback. The authorization + server includes this value when redirecting the user-agent + back to the client. The parameter SHOULD be used for + preventing cross-site request forgery as described in + `Section 10.12`_. + :param kwargs: Extra arguments to embed in the grant/authorization URL. + + An example of an authorization code grant authorization URL: + + .. code-block:: http + + GET /authorize?response_type=code&client_id=s6BhdRkqt3&state=xyz + &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb HTTP/1.1 + Host: server.example.com + + .. _`W3C.REC-html401-19991224`: http://tools.ietf.org/html/rfc6749#ref-W3C.REC-html401-19991224 + .. _`Section 2.2`: http://tools.ietf.org/html/rfc6749#section-2.2 + .. _`Section 3.1.2`: http://tools.ietf.org/html/rfc6749#section-3.1.2 + .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 + .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12 """ if not uri.startswith('https://'): raise InsecureTransportError() @@ -81,23 +85,27 @@ def prepare_token_request(grant_type, body='', **kwargs): """Prepare the access token request. The client makes a request to the token endpoint by adding the - following parameters using the "application/x-www-form-urlencoded" + following parameters using the ``application/x-www-form-urlencoded`` format in the HTTP request entity-body: - grant_type - REQUIRED. Value MUST be set to "authorization_code". - code - REQUIRED. The authorization code received from the - authorization server. - redirect_uri - REQUIRED, if the "redirect_uri" parameter was included in the - authorization request as described in `Section 4.1.1`_, and their - values MUST be identical. + :param grant_type: To indicate grant type being used, i.e. "password", + "authorization_code" or "client_credentials". + :param body: Existing request body to embed parameters in. + :param code: If using authorization code grant, pass the previously + obtained authorization code as the ``code`` argument. + :param redirect_uri: If the "redirect_uri" parameter was included in the + authorization request as described in + `Section 4.1.1`_, and their values MUST be identical. + :param kwargs: Extra arguments to embed in the request body. + + An example of an authorization code token request body: + + .. code-block:: http - grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA - &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb + grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA + &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb - .. _`Section 4.1.1`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-4.1.1 + .. _`Section 4.1.1`: http://tools.ietf.org/html/rfc6749#section-4.1.1 """ params = [('grant_type', grant_type)] @@ -117,9 +125,9 @@ def parse_authorization_code_response(uri, state=None): If the resource owner grants the access request, the authorization server issues an authorization code and delivers it to the client by adding the following parameters to the query component of the - redirection URI using the "application/x-www-form-urlencoded" format: + redirection URI using the ``application/x-www-form-urlencoded`` format: - code + **code** REQUIRED. The authorization code generated by the authorization server. The authorization code MUST expire shortly after it is issued to mitigate the risk of leaks. A @@ -130,17 +138,23 @@ def parse_authorization_code_response(uri, state=None): revoke (when possible) all tokens previously issued based on that authorization code. The authorization code is bound to the client identifier and redirection URI. - state + + **state** REQUIRED if the "state" parameter was present in the client authorization request. The exact value received from the client. + :param uri: The full redirect URL back to the client. + :param state: The state parameter from the authorization request. + For example, the authorization server redirects the user-agent by sending the following HTTP response: - HTTP/1.1 302 Found - Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA - &state=xyz + .. code-block:: http + + HTTP/1.1 302 Found + Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA + &state=xyz """ if not uri.lower().startswith('https://'): @@ -164,31 +178,40 @@ def parse_implicit_response(uri, state=None, scope=None): If the resource owner grants the access request, the authorization server issues an access token and delivers it to the client by adding the following parameters to the fragment component of the redirection - URI using the "application/x-www-form-urlencoded" format: + URI using the ``application/x-www-form-urlencoded`` format: - access_token + **access_token** REQUIRED. The access token issued by the authorization server. - token_type + + **token_type** REQUIRED. The type of the token issued as described in Section 7.1. Value is case insensitive. - expires_in + + **expires_in** RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value. - scope + + **scope** OPTIONAL, if identical to the scope requested by the client, otherwise REQUIRED. The scope of the access token as described by Section 3.3. - state + + **state** REQUIRED if the "state" parameter was present in the client authorization request. The exact value received from the client. - HTTP/1.1 302 Found - Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA - &state=xyz&token_type=example&expires_in=3600 + Similar to the authorization code response, but with a full token provided + in the URL fragment: + + .. code-block:: http + + HTTP/1.1 302 Found + Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA + &state=xyz&token_type=example&expires_in=3600 """ if not uri.lower().startswith('https://'): raise InsecureTransportError() @@ -241,24 +264,29 @@ def parse_token_response(body, scope=None): as JSON numbers. The order of parameters does not matter and can vary. + :param body: The full json encoded response body. + :param scope: The scope requested during authorization. + For example: + .. code-block:: http + HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { - "access_token":"2YotnFZFEjr1zCsicMWpAA", - "token_type":"example", - "expires_in":3600, - "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", - "example_parameter":"example_value" + "access_token":"2YotnFZFEjr1zCsicMWpAA", + "token_type":"example", + "expires_in":3600, + "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", + "example_parameter":"example_value" } - .. _`Section 7.1`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-7.1 - .. _`Section 6`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-6 - .. _`Section 3.3`: http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-3.3 + .. _`Section 7.1`: http://tools.ietf.org/html/rfc6749#section-7.1 + .. _`Section 6`: http://tools.ietf.org/html/rfc6749#section-6 + .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 .. _`RFC4627`: http://tools.ietf.org/html/rfc4627 """ params = json.loads(body) @@ -284,7 +312,7 @@ def validate_token_parameters(params, scope=None): # If the issued access token scope is different from the one requested by # the client, the authorization server MUST include the "scope" response # parameter to inform the client of the actual scope granted. - # http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-3.3 + # http://tools.ietf.org/html/rfc6749#section-3.3 new_scope = params.get('scope', None) scope = scope_to_list(scope) if scope and new_scope and set(scope) != set(new_scope): diff --git a/oauthlib/oauth2/draft25/tokens.py b/oauthlib/oauth2/draft25/tokens.py index b513e6f..c0861e7 100644 --- a/oauthlib/oauth2/draft25/tokens.py +++ b/oauthlib/oauth2/draft25/tokens.py @@ -1,12 +1,12 @@ from __future__ import absolute_import, unicode_literals """ -oauthlib.oauth2.draft25.tokens +oauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. -- Bearer http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-08 -- MAC http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-00 +- Bearer http://tools.ietf.org/html/rfc6750 +- MAC http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 """ from binascii import b2a_base64 |