Add support for device authorization flow (RFC8628) (#795)

* rfc8628: Add client implementation for token retrieval

This change adds an implementation of the Device Authorization flow
client from RFC8628.  The initial structure is derived from the
existing BackendApplicationClient with the addition of the device_code
in the client.

This change does not provide the support necessary for querying the
device code endpoint in order to generate the initial device_code and
URL that is required for completing the full end to end device
authorization process.

* Add device token fetch URI generator

In order to perform the full device authorization flow it's necessary
to first generate the device code and get the authorization flow URL.

prepare_request_uri() allows us to do this while providing scopes and
additional parameters.

* Remove encoding lines

These lines are not required for python3

3 files changed, 63 insertions, 0 deletions

diff --git a/tests/oauth2/rfc8628/__init__.py b/tests/oauth2/rfc8628/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/oauth2/rfc8628/__init__.py
diff --git a/tests/oauth2/rfc8628/clients/__init__.py b/tests/oauth2/rfc8628/clients/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/oauth2/rfc8628/clients/__init__.py
diff --git a/tests/oauth2/rfc8628/clients/test_device.py b/tests/oauth2/rfc8628/clients/test_device.py
new file mode 100644
index 0000000..725dea2
--- /dev/null
+++ b/tests/oauth2/rfc8628/clients/test_device.py
@@ -0,0 +1,63 @@
+import os
+from unittest.mock import patch
+
+from oauthlib import signals
+from oauthlib.oauth2 import DeviceClient
+
+from tests.unittest import TestCase
+
+
+class DeviceClientTest(TestCase):
+
+    client_id = "someclientid"
+    kwargs = {
+        "some": "providers",
+        "require": "extra arguments"
+    }
+
+    client_secret = "asecret"
+
+    device_code = "somedevicecode"
+
+    scope = ["profile", "email"]
+
+    body = "not=empty"
+
+    body_up = "not=empty&grant_type=urn:ietf:params:oauth:grant-type:device_code"
+    body_code = body_up + "&device_code=somedevicecode"
+    body_kwargs = body_code + "&some=providers&require=extra+arguments"
+
+    uri = "https://example.com/path?query=world"
+    uri_id = uri + "&client_id=" + client_id
+    uri_grant = uri_id + "&grant_type=urn:ietf:params:oauth:grant-type:device_code"
+    uri_secret = uri_grant + "&client_secret=asecret"
+    uri_scope = uri_secret + "&scope=profile+email"
+
+    def test_request_body(self):
+        client = DeviceClient(self.client_id)
+
+        # Basic, no extra arguments
+        body = client.prepare_request_body(self.device_code, body=self.body)
+        self.assertFormBodyEqual(body, self.body_code)
+
+        rclient = DeviceClient(self.client_id)
+        body = rclient.prepare_request_body(self.device_code, body=self.body)
+        self.assertFormBodyEqual(body, self.body_code)
+
+        # With extra parameters
+        body = client.prepare_request_body(
+            self.device_code, body=self.body, **self.kwargs)
+        self.assertFormBodyEqual(body, self.body_kwargs)
+
+    def test_request_uri(self):
+        client = DeviceClient(self.client_id)
+
+        uri = client.prepare_request_uri(self.uri)
+        self.assertURLEqual(uri, self.uri_grant)
+
+        client = DeviceClient(self.client_id, client_secret=self.client_secret)
+        uri = client.prepare_request_uri(self.uri)
+        self.assertURLEqual(uri, self.uri_secret)
+
+        uri = client.prepare_request_uri(self.uri, scope=self.scope)
+        self.assertURLEqual(uri, self.uri_scope)