This section contains the generic implementation of RFC6750.
Bearer token is used in OAuth 2.0 framework to protect resources. You need
to implement the missing methods of BearerTokenValidator
before
using it. Learn how to use it in Resource Server.
authlib.oauth2.rfc6750.
BearerTokenValidator
(realm=None)¶authenticate_token
(token_string)¶A method to query token from database with the given token string. Developers MUST re-implement this method. For instance:
def authenticate_token(self, token_string):
return get_token_from_database(token_string)
Parameters: | token_string – A string to represent the access_token. |
---|---|
Returns: | token |
request_invalid
(request)¶Check if the HTTP request is valid or not. Developers MUST re-implement this method. For instance, your server requires a “X-Device-Version” in the header:
def request_invalid(self, request):
return 'X-Device-Version' in request.headers
Usually, you don’t have to detect if the request is valid or not,
you can just return a False
.
Parameters: | request – instance of HttpRequest |
---|---|
Returns: | Boolean |
token_revoked
(token)¶Check if this token is revoked. Developers MUST re-implement this
method. If there is a column called revoked
on the token table:
def token_revoked(self, token):
return token.revoked
Parameters: | token – token instance |
---|---|
Returns: | Boolean |
authlib.oauth2.rfc6750.
BearerToken
(access_token_generator, refresh_token_generator=None, expires_generator=None)¶Bearer Token generator which can create the payload for token response by OAuth 2 server. A typical token response would be:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"mF_9.B5f-4.1JqM",
"token_type":"Bearer",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA"
}
Parameters: |
|
---|---|
Returns: | Callable |
When BearerToken is initialized, it will be callable:
token_generator = BearerToken(access_token_generator)
token = token_generator(client, grant_type, expires_in=None,
scope=None, include_refresh_token=True)
The callable function that BearerToken created accepts these parameters:
Parameters: |
|
---|---|
Returns: | Token dict |
DEFAULT_EXPIRES_IN
= 3600¶default expires_in value
GRANT_TYPES_EXPIRES_IN
= {'authorization_code': 864000, 'client_credentials': 864000, 'implicit': 3600, 'password': 864000}¶default expires_in value differentiate by grant_type