์๋ ํ์ธ์!
_oauthlib/oauth2/rfc6749/grant_types/authorization_code.py _์ ๋ฌธ์๋ฅผ ์ฝ์ ๋ ๋ค์์ ๋ณผ ์ ์์ต๋๋ค.
scope
OPTIONAL. The scope of the access request as described by
์น์
3.3 _.
๊ทธ๋ฌ๋ ์ด ๊ฒ์ฌ๋ ๋ฒ์๊ฐ ํ์๋ผ๊ณ ๊ฐ์ ํฉ๋๋ค.
if not request.scopes:
raise ValueError('Scopes must be set on post auth.')
๋ด๊ฐ ๋ญ๊ฐ๋ฅผ ์คํดํ๊ณ ์์ต๋๊น?
๋๋ ๊ฐ์ ํ๋์ ๊ฒช์๊ณ ๋๋ ๊ทธ๊ฒ์ ์ดํดํ์ง ๋ชปํฉ๋๋ค. RFC๋ ๋ฒ์๊ฐ ์ ํ ์ฌํญ์ด๋ฉฐ ์์ธ๊ฐ ๋ฐ์ํด์๋ ์๋๋ค๊ณ ๋งํฉ๋๋ค.
์ด๊ฒ๋ ์ ๋ฅผ ๋ฌผ์์ต๋๋ค. ๋๋ ๊ทธ๊ฒ์ ์์ญ์ด ํจ์นํ๋ค.
# A bit of monkey patching here. OAuthlib states that scope are optional, also
# RFC6749 confirms this, however, one method of the AuthorizationCodeGrant
# class requires scopes to be defined. As I don't know if we are going to use
# scopes, or what the scopes might be, I am going to monkey-patch this class to
# make scopes optional.
#
# https://github.com/idan/oauthlib/issues/406
# Some imports we need for the patching of the monkey...
from oauthlib.oauth2.rfc6749 import errors
def create_authorization_response(self, request, token_handler):
"""
Monkey-patched version of this method that allows undefined scopes.
"""
try:
# Right here is where the base method checks scopes. We omit this check
# but the rest of the method body is identical.
self.validate_authorization_request(request)
log.debug('Pre resource owner authorization validation ok for %r.',
request)
except errors.FataClientError as e:
log.debug('Fatal client error during validation of %r. %r.',
request, e)
raise
except errors.OAuth2Error as e:
log.debug('Client error during validation of %r. %r.', request, e)
request.redirect_uri = request.redirect_uri or self.error_uri
return {
'Location': common.add_params_to_uri(request.redirect_uri,
e.twotuples)
}, None, 302
grant = self.create_authorization_code(request)
for modifier in self._code_modifiers:
grant = modifier(grant, token_handler, request)
log.debug('Saving grant %r for %r.', grant, request)
self.request_validator.save_authorization_code(
request.client_id, grant, request)
return self.prepare_authorization_response(
request, grant, {}, None, 302)
from oauthlib.oauth2.rfc6749.grant_types.authorization_code import (
AuthorizationCodeGrant, log
)
AuthorizationCodeGrant.create_authorization_response = \
create_authorization_response
# Now we can import the rest of what we need from oauthlib.
๋น์ ์ด ๋ง์ต๋๋ค. Implicit์ ๋ํ ์ด๊ฒ๊ณผ ๊ด๋ จ๋ PR์ ์ด๋ฏธ https://github.com/oauthlib/oauthlib/pull/475 ์์ ์ ์๋์์ต๋๋ค. ์ฐ๋ฆฌ๋ ๊ทธ๊ฒ์ AuthCode๋ก ํ์ฅํด์ผ ํฉ๋๋ค!
๊ฐ์ฅ ์ ์ฉํ ๋๊ธ
๋๋ ๊ฐ์ ํ๋์ ๊ฒช์๊ณ ๋๋ ๊ทธ๊ฒ์ ์ดํดํ์ง ๋ชปํฉ๋๋ค. RFC๋ ๋ฒ์๊ฐ ์ ํ ์ฌํญ์ด๋ฉฐ ์์ธ๊ฐ ๋ฐ์ํด์๋ ์๋๋ค๊ณ ๋งํฉ๋๋ค.