Oauthlib: ๋ฒ”์œ„๋Š” ์ฝ”๋“œ response_type์—์„œ ์„ ํƒ ์‚ฌํ•ญ์ž…๋‹ˆ๊นŒ?

์— ๋งŒ๋“  2016๋…„ 02์›” 23์ผ  ยท  3์ฝ”๋ฉ˜ํŠธ  ยท  ์ถœ์ฒ˜: oauthlib/oauthlib

์•ˆ๋…•ํ•˜์„ธ์š”!

_oauthlib/oauth2/rfc6749/grant_types/authorization_code.py _์˜ ๋ฌธ์„œ๋ฅผ ์ฝ์„ ๋•Œ ๋‹ค์Œ์„ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
scope OPTIONAL. The scope of the access request as described by ์„น์…˜ 3.3 _.

๊ทธ๋Ÿฌ๋‚˜ ์ด ๊ฒ€์‚ฌ๋Š” ๋ฒ”์œ„๊ฐ€ ํ•„์ˆ˜๋ผ๊ณ  ๊ฐ€์ •ํ•ฉ๋‹ˆ๋‹ค.
if not request.scopes: raise ValueError('Scopes must be set on post auth.')

๋‚ด๊ฐ€ ๋ญ”๊ฐ€๋ฅผ ์˜คํ•ดํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๊นŒ?

Bug OAuth2-Provider
์ถœ์ฒ˜
picture ryarnyah

๊ฐ€์žฅ ์œ ์šฉํ•œ ๋Œ“๊ธ€

๋‚˜๋Š” ๊ฐ™์€ ํ–‰๋™์„ ๊ฒช์—ˆ๊ณ  ๋‚˜๋„ ๊ทธ๊ฒƒ์„ ์ดํ•ดํ•˜์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค. RFC๋Š” ๋ฒ”์œ„๊ฐ€ ์„ ํƒ ์‚ฌํ•ญ์ด๋ฉฐ ์˜ˆ์™ธ๊ฐ€ ๋ฐœ์ƒํ•ด์„œ๋Š” ์•ˆ๋œ๋‹ค๊ณ  ๋งํ•ฉ๋‹ˆ๋‹ค.

picture romsuhov ์— 2016๋…„ 03์›” 01์ผ
👍2

๋ชจ๋“  3 ๋Œ“๊ธ€

๋‚˜๋Š” ๊ฐ™์€ ํ–‰๋™์„ ๊ฒช์—ˆ๊ณ  ๋‚˜๋„ ๊ทธ๊ฒƒ์„ ์ดํ•ดํ•˜์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค. RFC๋Š” ๋ฒ”์œ„๊ฐ€ ์„ ํƒ ์‚ฌํ•ญ์ด๋ฉฐ ์˜ˆ์™ธ๊ฐ€ ๋ฐœ์ƒํ•ด์„œ๋Š” ์•ˆ๋œ๋‹ค๊ณ  ๋งํ•ฉ๋‹ˆ๋‹ค.

romsuhov picture romsuhov ์— 2016๋…„ 03์›” 01์ผ
👍2

์ด๊ฒƒ๋„ ์ €๋ฅผ ๋ฌผ์—ˆ์Šต๋‹ˆ๋‹ค. ๋‚˜๋Š” ๊ทธ๊ฒƒ์„ ์›์ˆญ์ด ํŒจ์น˜ํ–ˆ๋‹ค.

# A bit of monkey patching here. OAuthlib states that scope are optional, also
# RFC6749 confirms this, however, one method of the AuthorizationCodeGrant
# class requires scopes to be defined. As I don't know if we are going to use
# scopes, or what the scopes might be, I am going to monkey-patch this class to
# make scopes optional.
#
# https://github.com/idan/oauthlib/issues/406

# Some imports we need for the patching of the monkey...
from oauthlib.oauth2.rfc6749 import errors


def create_authorization_response(self, request, token_handler):
    """
    Monkey-patched version of this method that allows undefined scopes.
    """
    try:
        # Right here is where the base method checks scopes. We omit this check
        # but the rest of the method body is identical.

        self.validate_authorization_request(request)

        log.debug('Pre resource owner authorization validation ok for %r.',
                  request)
    except errors.FataClientError as e:
        log.debug('Fatal client error during validation of %r. %r.',
                  request, e)
        raise
    except errors.OAuth2Error as e:
        log.debug('Client error during validation of %r. %r.', request, e)
        request.redirect_uri = request.redirect_uri or self.error_uri
        return {
            'Location': common.add_params_to_uri(request.redirect_uri,
                                                 e.twotuples)
        }, None, 302

    grant = self.create_authorization_code(request)
    for modifier in self._code_modifiers:
        grant = modifier(grant, token_handler, request)
    log.debug('Saving grant %r for %r.', grant, request)
    self.request_validator.save_authorization_code(
        request.client_id, grant, request)
    return self.prepare_authorization_response(
        request, grant, {}, None, 302)


from oauthlib.oauth2.rfc6749.grant_types.authorization_code import (
    AuthorizationCodeGrant, log
)

AuthorizationCodeGrant.create_authorization_response = \
    create_authorization_response

# Now we can import the rest of what we need from oauthlib.
btimby picture btimby ์— 2017๋…„ 03์›” 27์ผ

๋‹น์‹ ์ด ๋งž์Šต๋‹ˆ๋‹ค. Implicit์— ๋Œ€ํ•œ ์ด๊ฒƒ๊ณผ ๊ด€๋ จ๋œ PR์€ ์ด๋ฏธ https://github.com/oauthlib/oauthlib/pull/475 ์—์„œ ์ œ์•ˆ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์šฐ๋ฆฌ๋Š” ๊ทธ๊ฒƒ์„ AuthCode๋กœ ํ™•์žฅํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค!

JonathanHuot picture JonathanHuot ์— 2018๋…„ 07์›” 03์ผ
์ด ํŽ˜์ด์ง€๊ฐ€ ๋„์›€์ด ๋˜์—ˆ๋‚˜์š”?
0 / 5 - 0 ๋“ฑ๊ธ‰

๊ด€๋ จ ๋ฌธ์ œ

thedrow picture thedrow  ยท  31์ฝ”๋ฉ˜ํŠธ
JonathanHuot picture JonathanHuot  ยท  26์ฝ”๋ฉ˜ํŠธ
JonathanHuot picture JonathanHuot  ยท  33์ฝ”๋ฉ˜ํŠธ
polamayster picture polamayster  ยท  19์ฝ”๋ฉ˜ํŠธ
JonathanHuot picture JonathanHuot  ยท  10์ฝ”๋ฉ˜ํŠธ