Skip to content

legacy_application

oauthlib.oauth2.rfc6749 ~~~~~~~~~~~~~~~~~~~~~~~

This module is an implementation of various logic needed for consuming and providing OAuth 2.0 RFC6749.

LegacyApplicationClient

Bases: Client

A public client using the resource owner password and username directly.

The resource owner password credentials grant type is suitable in cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application. The authorization server should take special care when enabling this grant type, and only allow it when other flows are not viable.

The grant type is suitable for clients capable of obtaining the resource owner's credentials (username and password, typically using an interactive form). It is also used to migrate existing clients using direct authentication schemes such as HTTP Basic or Digest authentication to OAuth by converting the stored credentials to an access token.

The method through which the client obtains the resource owner credentials is beyond the scope of this specification. The client MUST discard the credentials once an access token has been obtained.

Source code in server/vendor/oauthlib/oauth2/rfc6749/clients/legacy_application.py 
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
class LegacyApplicationClient(Client):

    """A public client using the resource owner password and username directly.

    The resource owner password credentials grant type is suitable in
    cases where the resource owner has a trust relationship with the
    client, such as the device operating system or a highly privileged
    application.  The authorization server should take special care when
    enabling this grant type, and only allow it when other flows are not
    viable.

    The grant type is suitable for clients capable of obtaining the
    resource owner's credentials (username and password, typically using
    an interactive form).  It is also used to migrate existing clients
    using direct authentication schemes such as HTTP Basic or Digest
    authentication to OAuth by converting the stored credentials to an
    access token.

    The method through which the client obtains the resource owner
    credentials is beyond the scope of this specification.  The client
    MUST discard the credentials once an access token has been obtained.
    """

    grant_type = 'password'

    def __init__(self, client_id, **kwargs):
        super().__init__(client_id, **kwargs)

    def prepare_request_body(self, username, password, body='', scope=None,
                             include_client_id=False, **kwargs):
        """Add the resource owner password and username to the request body.

        The client makes a request to the token endpoint by adding the
        following parameters using the "application/x-www-form-urlencoded"
        format per `Appendix B`_ in the HTTP request entity-body:

        :param username:    The resource owner username.
        :param password:    The resource owner password.
        :param body: Existing request body (URL encoded string) to embed parameters
                     into. This may contain extra parameters. Default ''.
        :param scope:   The scope of the access request as described by
                        `Section 3.3`_.
        :param include_client_id: `True` to send the `client_id` in the
                                  body of the upstream request. This is required
                                  if the client is not authenticating with the
                                  authorization server as described in
                                  `Section 3.2.1`_. False otherwise (default).
        :type include_client_id: Boolean
        :param kwargs:  Extra credentials to include in the token request.

        If the client type is confidential or the client was issued client
        credentials (or assigned other authentication requirements), the
        client MUST authenticate with the authorization server as described
        in `Section 3.2.1`_.

        The prepared body will include all provided credentials as well as
        the ``grant_type`` parameter set to ``password``::

            >>> from oauthlib.oauth2 import LegacyApplicationClient
            >>> client = LegacyApplicationClient('your_id')
            >>> client.prepare_request_body(username='foo', password='bar', scope=['hello', 'world'])
            'grant_type=password&username=foo&scope=hello+world&password=bar'

        .. _`Appendix B`: https://tools.ietf.org/html/rfc6749#appendix-B
        .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
        .. _`Section 3.2.1`: https://tools.ietf.org/html/rfc6749#section-3.2.1
        """
        kwargs['client_id'] = self.client_id
        kwargs['include_client_id'] = include_client_id
        scope = self.scope if scope is None else scope
        return prepare_token_request(self.grant_type, body=body, username=username,
                                     password=password, scope=scope, **kwargs)

prepare_request_body(username, password, body='', scope=None, include_client_id=False, **kwargs)

Add the resource owner password and username to the request body.

The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format per Appendix B_ in the HTTP request entity-body:

:param username: The resource owner username. :param password: The resource owner password. :param body: Existing request body (URL encoded string) to embed parameters into. This may contain extra parameters. Default ''. :param scope: The scope of the access request as described by Section 3.3. :param include_client_id: True to send the client_id in the body of the upstream request. This is required if the client is not authenticating with the authorization server as described in Section 3.2.1. False otherwise (default). :type include_client_id: Boolean :param kwargs: Extra credentials to include in the token request.

If the client type is confidential or the client was issued client credentials (or assigned other authentication requirements), the client MUST authenticate with the authorization server as described in Section 3.2.1_.

The prepared body will include all provided credentials as well as the grant_type parameter set to password::

>>> from oauthlib.oauth2 import LegacyApplicationClient
>>> client = LegacyApplicationClient('your_id')
>>> client.prepare_request_body(username='foo', password='bar', scope=['hello', 'world'])
'grant_type=password&username=foo&scope=hello+world&password=bar'

.. Appendix B: https://tools.ietf.org/html/rfc6749#appendix-B .. Section 3.3: https://tools.ietf.org/html/rfc6749#section-3.3 .. _Section 3.2.1: https://tools.ietf.org/html/rfc6749#section-3.2.1

Source code in server/vendor/oauthlib/oauth2/rfc6749/clients/legacy_application.py 
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
def prepare_request_body(self, username, password, body='', scope=None,
                         include_client_id=False, **kwargs):
    """Add the resource owner password and username to the request body.

    The client makes a request to the token endpoint by adding the
    following parameters using the "application/x-www-form-urlencoded"
    format per `Appendix B`_ in the HTTP request entity-body:

    :param username:    The resource owner username.
    :param password:    The resource owner password.
    :param body: Existing request body (URL encoded string) to embed parameters
                 into. This may contain extra parameters. Default ''.
    :param scope:   The scope of the access request as described by
                    `Section 3.3`_.
    :param include_client_id: `True` to send the `client_id` in the
                              body of the upstream request. This is required
                              if the client is not authenticating with the
                              authorization server as described in
                              `Section 3.2.1`_. False otherwise (default).
    :type include_client_id: Boolean
    :param kwargs:  Extra credentials to include in the token request.

    If the client type is confidential or the client was issued client
    credentials (or assigned other authentication requirements), the
    client MUST authenticate with the authorization server as described
    in `Section 3.2.1`_.

    The prepared body will include all provided credentials as well as
    the ``grant_type`` parameter set to ``password``::

        >>> from oauthlib.oauth2 import LegacyApplicationClient
        >>> client = LegacyApplicationClient('your_id')
        >>> client.prepare_request_body(username='foo', password='bar', scope=['hello', 'world'])
        'grant_type=password&username=foo&scope=hello+world&password=bar'

    .. _`Appendix B`: https://tools.ietf.org/html/rfc6749#appendix-B
    .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
    .. _`Section 3.2.1`: https://tools.ietf.org/html/rfc6749#section-3.2.1
    """
    kwargs['client_id'] = self.client_id
    kwargs['include_client_id'] = include_client_id
    scope = self.scope if scope is None else scope
    return prepare_token_request(self.grant_type, body=body, username=username,
                                 password=password, scope=scope, **kwargs)