Changeset 8252 for trunk/ndg_oauth/ndg_oauth_server

Timestamp:

02/11/12 16:34:25 (8 years ago)

Author:

pjkersha

Message:

Added support for bearer token-based request to resource server setting token in Authorization header. Working version in examples area.

File:

• trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authorization_server.py (modified) (3 diffs)

trunk/ndg_oauth/ndg_oauth_server/ndg/oauth/server/lib/authorization_server.py

@@ -35 +35 @@
     """
     AUTHZ_HDR_ENV_KEYNAME = 'HTTP_AUTHORIZATION'
-     
+    BEARER_TOK_ID = 'Bearer'
+    MAC_TOK_ID = 'MAC'
+    TOKEN_TYPES = (BEARER_TOK_ID, MAC_TOK_ID)
+    
     def __init__(self, client_register_file, authorizer, client_authenticator,
                  access_token_generator, config):
@@ -481 +484 @@
         Checks that a token in the request is valid. It would
         be called from a resource service that trusts this authorization
-        service. This is not part of the OAuth specification.
-
-        Request parameters
-
-        access_token
-              REQUIRED.  Bearer token
-        scope
-              OPTIONAL.  Scope 
+        service. 
+
+        Request parameters:
+              set in Authorization header (OAuth spec., Section 7.1 Access
+              Token Types
+        token type: Bearer or MAC
+        access token: access token to obtain access
 
         Response:
@@ -513 +515 @@
         authorization_hdr = request.environ.get(
                                         self.__class__.AUTHZ_HDR_ENV_KEYNAME)
-        try:
-            token_type, access_token = authorization_hdr.split()
+        if authorization_hdr is None:
+            log.error('No Authorization header present for request to %r',
+                      request.path_url)
+            error = 'invalid_request'            
+        else:
+            authorization_hdr_parts = authorization_hdr.split()
+            if len(authorization_hdr_parts) < 2:
+                log.error('Expecting at least two Authorization header '
+                          'elements for request to %r; '
+                          'header is: %r', request.path_url, authorization_hdr)
+                error = 'invalid_request'            
+                
+            token_type, access_token = authorization_hdr_parts[:2]
             
-        except AttributeError:
-            log.error('No Authorization header present for request to %r', 
-                      request.path_url)
-            error = 'invalid_request'
-            
-        except ValueError:
-            log.error('Unexpected Authorization header values %r for request '
-                      'to %r', authorization_hdr, request.path_url)
-            error = 'invalid_request'
-            
-        else:
-            if token_type != 'Bearer':
-                log.error('Token type retrieved is %r, expecting "Bearer" type',
-                          token_type)
+            # Currently only supports bearer type tokens
+            if token_type != self.__class__.BEARER_TOK_ID:
+                log.error('Token type retrieved is %r, expecting "Bearer" '
+                          'type for request to %r', token_type)
                 error = 'invalid_request'
             else:   
                 token, error = self.access_token_register.get_token(
                                                                 access_token, 
-                                                                None)
+                                                                scope)
 
         status = {'invalid_request': httplib.BAD_REQUEST,