diff options
author | Wiliam Souza <wiliamsouza83@gmail.com> | 2017-10-01 03:07:11 -0300 |
---|---|---|
committer | Omer Katz <omer.drow@gmail.com> | 2017-10-01 09:07:11 +0300 |
commit | e575cca3e5d18b1e7051c64f435f2cdea71a29ab (patch) | |
tree | 9034c64194268701ad6c5eada0d4b7b07e980279 /oauthlib/oauth2/rfc6749/grant_types/implicit.py | |
parent | 04959fe009cb2622c7422c736456cdbd36ec43b3 (diff) | |
download | oauthlib-e575cca3e5d18b1e7051c64f435f2cdea71a29ab.tar.gz |
OpenID connect improvements (#484)
* Change create_token_response to only save access_token when it's present in request.response_type
* Remove unused import, fix indentation and improve comment
* Fix AuthorizationEndpoint response_type for OpenID Connect hybrid flow
* Add new ImplicitTokenGrantDispatcher
Changes AuthorizationEndpoint response_type `'token'`, `'id_token'` and
`'id_token token'` to work with OpenID Connect and OAuth2 implicit flow
in a transparent way
* Add new AuthTokenGrantDispatcher
Change AuthorizationEndpoint grant_types `'authorization_code'` to work with
OpenID Connect and OAuth2 authorization flow in a transparent way
* Change tests to include required client_id and redirect_uri
* Remove AuthorizationEndpoint grant_types `'openid'`
Now OpenID Connect and OAuth2 authorization flow can use `authorization_code`
in a transparent way
* Add sone blank lines and fix indentation
* Change AuthorizationEndpoint grant type id_token and id_token token to use openid_connect_implicit direct
* Change default empty value to None and fix a typo
* Add assert called to AuthTokenGrantDispatcher tests
* Add request to get_authorization_code_scopes
Diffstat (limited to 'oauthlib/oauth2/rfc6749/grant_types/implicit.py')
-rw-r--r-- | oauthlib/oauth2/rfc6749/grant_types/implicit.py | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/oauthlib/oauth2/rfc6749/grant_types/implicit.py b/oauthlib/oauth2/rfc6749/grant_types/implicit.py index 858ef77..2b9c49d 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/implicit.py +++ b/oauthlib/oauth2/rfc6749/grant_types/implicit.py @@ -11,7 +11,6 @@ from oauthlib import common from oauthlib.uri_validate import is_absolute_uri from .. import errors -from ..request_validator import RequestValidator from .base import GrantTypeBase log = logging.getLogger(__name__) @@ -229,7 +228,7 @@ class ImplicitGrant(GrantTypeBase): return {'Location': common.add_params_to_uri(request.redirect_uri, e.twotuples, fragment=True)}, None, 302 - # In OIDC implicit flow it is possible to have a request_type that does not include the access token! + # In OIDC implicit flow it is possible to have a request_type that does not include the access_token! # "id_token token" - return the access token and the id token # "id_token" - don't return the access token if "token" in request.response_type.split(): @@ -239,7 +238,12 @@ class ImplicitGrant(GrantTypeBase): for modifier in self._token_modifiers: token = modifier(token, token_handler, request) - self.request_validator.save_token(token, request) + + # In OIDC implicit flow it is possible to have a request_type that does + # not include the access_token! In this case there is no need to save a token. + if "token" in request.response_type.split(): + self.request_validator.save_token(token, request) + return self.prepare_authorization_response( request, token, {}, None, 302) @@ -317,8 +321,7 @@ class ImplicitGrant(GrantTypeBase): # Then check for normal errors. request_info = self._run_custom_validators(request, - self.custom_validators.all_pre) - + self.custom_validators.all_pre) # If the resource owner denies the access request or if the request # fails for reasons other than a missing or invalid redirection URI, @@ -352,20 +355,21 @@ class ImplicitGrant(GrantTypeBase): self.validate_scopes(request) request_info.update({ - 'client_id': request.client_id, - 'redirect_uri': request.redirect_uri, - 'response_type': request.response_type, - 'state': request.state, - 'request': request, + 'client_id': request.client_id, + 'redirect_uri': request.redirect_uri, + 'response_type': request.response_type, + 'state': request.state, + 'request': request, }) - request_info = self._run_custom_validators(request, - self.custom_validators.all_post, - request_info) + request_info = self._run_custom_validators( + request, + self.custom_validators.all_post, + request_info + ) return request.scopes, request_info - def _run_custom_validators(self, request, validations, |