2022-05-27 15:51:40 +02:00
|
|
|
from authlib.integrations.sqla_oauth2 import (
|
|
|
|
create_bearer_token_validator,
|
|
|
|
create_revocation_endpoint,
|
|
|
|
)
|
2022-05-27 13:28:26 +02:00
|
|
|
from authlib.oauth2.rfc7636 import CodeChallenge
|
|
|
|
from flask import Flask
|
|
|
|
|
2022-05-27 14:46:03 +02:00
|
|
|
from fittrackee import db
|
|
|
|
|
|
|
|
from .grants import AuthorizationCodeGrant, OAuth2Token, RefreshTokenGrant
|
2022-05-27 15:51:40 +02:00
|
|
|
from .server import authorization_server, require_auth
|
2022-05-27 13:28:26 +02:00
|
|
|
|
|
|
|
|
|
|
|
def config_oauth(app: Flask) -> None:
|
|
|
|
authorization_server.init_app(app)
|
|
|
|
|
|
|
|
# supported grants
|
|
|
|
authorization_server.register_grant(
|
|
|
|
AuthorizationCodeGrant, [CodeChallenge(required=True)]
|
|
|
|
)
|
2022-05-27 14:18:50 +02:00
|
|
|
authorization_server.register_grant(RefreshTokenGrant)
|
2022-05-27 14:46:03 +02:00
|
|
|
|
|
|
|
# support revocation
|
|
|
|
revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
|
|
|
|
revocation_cls.CLIENT_AUTH_METHODS = ['client_secret_post']
|
|
|
|
authorization_server.register_endpoint(revocation_cls)
|
2022-05-27 15:51:40 +02:00
|
|
|
|
|
|
|
# protect resource
|
|
|
|
bearer_cls = create_bearer_token_validator(db.session, OAuth2Token)
|
|
|
|
require_auth.register_token_validator(bearer_cls())
|