from time import time from typing import Dict from werkzeug.security import gen_salt from fittrackee.oauth2.models import OAuth2Client from fittrackee.users.models import User DEFAULT_SCOPE = 'read' VALID_SCOPES = ['read', 'write'] def check_scope(scope: str) -> str: """ Verify if provided scope is valid. If not, it returns the default scope ('read'). """ valid_scopes = [] if not isinstance(scope, str) or not scope: return DEFAULT_SCOPE scopes = scope.split() for value in scopes: if value in VALID_SCOPES: valid_scopes.append(value) if len(valid_scopes) == 0: valid_scopes.append(DEFAULT_SCOPE) return ' '.join(valid_scopes) def create_oauth_client(metadata: Dict, user: User) -> OAuth2Client: """ Create oauth client for 3rd-party applications. Only Authorization Code Grant with 'client_secret_post' as method is supported. """ client_metadata = { 'client_name': metadata['client_name'], 'client_description': metadata.get('client_description'), 'client_uri': metadata['client_uri'], 'redirect_uris': metadata['redirect_uris'], 'scope': check_scope(metadata['scope']), 'grant_types': ['authorization_code', 'refresh_token'], 'response_types': ['code'], 'token_endpoint_auth_method': 'client_secret_post', } client_id = gen_salt(24) client_id_issued_at = int(time()) client = OAuth2Client( client_id=client_id, client_id_issued_at=client_id_issued_at, user_id=user.id, ) client.set_client_metadata(client_metadata) client.client_secret = gen_salt(48) return client