diff options
author | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2019-02-20 14:30:03 +0100 |
---|---|---|
committer | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2019-02-20 14:30:03 +0100 |
commit | 8c9f0a3cee9fab35fdf7269441daab666b931f59 (patch) | |
tree | 3269712f570666f7ca00521b3f939fa66a167394 /oauthlib/oauth2/rfc6749/tokens.py | |
parent | 00c0c3613879396e6511e9fc48d6ba5a6d7d746f (diff) | |
download | oauthlib-8c9f0a3cee9fab35fdf7269441daab666b931f59.tar.gz |
Fix 652: removed "state" from /token response.
Fix OIDC /token flow where &state=None was always returned, and fix OAuth2.0 /token flow where &state=foobar was returned if &state=foobar was present in the token request.
Remove "save_token" from create_token() signature cuz it was not used internally. Deprecated the option to let upstream libraries have a chance to remove it, if ever used.
Diffstat (limited to 'oauthlib/oauth2/rfc6749/tokens.py')
-rw-r--r-- | oauthlib/oauth2/rfc6749/tokens.py | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/oauthlib/oauth2/rfc6749/tokens.py b/oauthlib/oauth2/rfc6749/tokens.py index d78df09..44a9a97 100644 --- a/oauthlib/oauth2/rfc6749/tokens.py +++ b/oauthlib/oauth2/rfc6749/tokens.py @@ -12,6 +12,7 @@ from __future__ import absolute_import, unicode_literals import hashlib import hmac from binascii import b2a_base64 +import warnings from oauthlib import common from oauthlib.common import add_params_to_qs, add_params_to_uri, unicode_type @@ -296,15 +297,18 @@ class BearerToken(TokenBase): ) self.expires_in = expires_in or 3600 - def create_token(self, request, refresh_token=False, save_token=True): + def create_token(self, request, refresh_token=False, **kwargs): """ Create a BearerToken, by default without refresh token. - + :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: - :param save_token: """ + if "save_token" in kwargs: + warnings.warn("`save_token` has been deprecated, it was not used internally." + "If you do, use `request_validator.save_token()` instead.", + DeprecationWarning) if callable(self.expires_in): expires_in = self.expires_in(request) @@ -325,9 +329,6 @@ class BearerToken(TokenBase): if request.scopes is not None: token['scope'] = ' '.join(request.scopes) - if request.state is not None: - token['state'] = request.state - if refresh_token: if (request.refresh_token and not self.request_validator.rotate_refresh_token(request)): @@ -336,10 +337,7 @@ class BearerToken(TokenBase): token['refresh_token'] = self.refresh_token_generator(request) token.update(request.extra_credentials or {}) - token = OAuth2Token(token) - if save_token: - self.request_validator.save_bearer_token(token, request) - return token + return OAuth2Token(token) def validate_request(self, request): """ |