medmij_oauth.server module

Server

class medmij_oauth.server.Server(data_store=None, zg_resource_available=None, get_ocl=None)[source]

Class to assist in the OAuth serverside flow

Parameters

  • data_store (DataStore) – Must be subclass of DataStore, handles data interaction with OAuthSessions see DataStore for more info.

  • zg_resource_available (function) – Function that is called by Server.zg_resource_available to determine if resources are available for zorggebruiker.

  • get_ocl (function) – Function that returns a OCL

coroutine create_oauth_session(request_parameters, **kwargs)[source]

Create and return a new OAuthSession. (FLOW #3)

Parameters

  • request_parameters (dict) – Dictionary containing the request parameters from the start verzamelen.

  • **kwargs (various) – Keyword arguments get passed on to the data_store.create_oauth_session function, e.g. db object

Returns

The created OAuthSession

Return type

OAuthSession

Raises

OAuthException – If supplied request_parameters are not valid

coroutine exchange_authorization_code(request_parameters, **kwargs)[source]

Handle the oauth client’s request to exchange the authorization code for an access token. (FLOW #13)

Parameters

  • request_parameters (str) – Params send with the request.

  • **kwargs (various) – Keyword arguments get passed on to the various DataStore functions, e.g. db object

Returns

Dict containing the parameters for a valid response, including the access_token, token_type, expires_in and scope

Return type

dict

Raises

OAuthException – If request parameters are invalid

coroutine get_ocl()[source]

Return the OCL returned by the get_ocl function supplied in instantiation of Server object

coroutine handle_auth_grant(oauth_session_id=None, authorized=False, **kwargs)[source]

Handle the zorggebruikers response to the authorization question. (FLOW #10)

Parameters

  • oauth_session_id (str) – ID for the OAuthSession of current zorggebruiker.

  • authorized (bool) – Indicates if zorggebruiker response was negative (False) or positive (True)

  • **kwargs (various) – Keyword arguments get passed on to self.data_store.get_oauth_session_by_id and self.data_store.save_oauth_session

Returns

Tuple containing the updated OAuthSession (with authorization_code and authorization_code_expiration) and the redirect_url

Return type

tuple (OAuthSession, str)

Raises

OAuthException – If zorggebruiker response was negative

coroutine zg_resource_available(oauth_session=None, oauth_session_id=None, client_data={}, **kwargs)[source]

Determine if this service has resources available for this zorggebruikers by calling the supplied zg_resource_available function on instatiation of the Server. (FLOW #8)

This function requires a least an oauth_session or an oauthsession id. BSN is added to the client_data that is passed to the self._zg_resource_available function.

Parameters

  • oauth_session (OAuthSession) – OAuthSession for the current zorggebruiker (optional).

  • oauth_session_id (string) – ID for the OAuthSession of current zorggebruiker (optional).

  • client_data (dict) – Optional additional zorggebruikerinfo that gets passed on to the self._zg_resource_available function.

  • **kwargs (various) – Keyword arguments get passed to the supplied self._zg_resource_available function

Returns

returns True if resouces are available for this zorggebruiker

Return type

bool

Raises

OAuthException – If there is no resource available for this zorggebruiker

Datastore

class medmij_oauth.server.DataStore[source]

Bases: abc.ABC

Abstract Class that handles interaction instantiation, persisting and lookups of OAuthSessions.

coroutine create_oauth_session(response_type, client_id, redirect_uri, scope, state, **kwargs)[source]

Create a new oauth_session, persist the oauth_session and return it.

coroutine get_oauth_session_by_authorization_code(authorization_code, **kwargs)[source]

Get a oauth_session based on its authorization_code and return it, else return None

coroutine get_oauth_session_by_id(oauth_session_id, **kwargs)[source]

Get a oauth_session based on its id and return it, else return None

coroutine save_oauth_session(oauth_session, **kwargs)[source]

Persist the current state of the oauth_session and return it

OAuthSession

Class that should be implemented by implementor of the OAuth Server. This class is should be instantiated by your implementation of the DataStore base class and represents the current state of your OAuth Session.

The OAuthSession should at least have the following attributes:

  • id (uuid)

  • response_type (string)

  • client_id (string)

  • scope (string)

  • state (string)

  • redirect_uri (string)

  • authorization_code (string)

  • authorization_code_expiration (datetime.datetime)

  • authorization_granted (boolean)

  • access_token (string)

  • access_token_expiration (datetime.datetime)

  • zorggebruiker_bsn (string)

Example implementation:

class OAuthSession():
    def __init__(self, response_type, client_id, redirect_uri, scope, state):
        self.id = str(uuid.uuid4())
        self.response_type = response_type
        self.client_id = client_id
        self.scope = scope
        self.state = state
        self.redirect_uri = redirect_uri
        self.created_at = datetime.datetime.now()
        self.authorization_code = None
        self.authorization_code_expiration = -1
        self.authorization_granted = False
        self.access_token = None
        self.access_token_expiration = -1
        self.zorggebruiker_bsn = ''