medmij_oauth.server module¶
Server¶
- class medmij_oauth.server.Server(data_store=None, zg_resource_available=None, get_ocl=None)[source]¶
Class to assist in the OAuth serverside flow
- Parameters
data_store (
DataStore
) – Must be subclass of DataStore, handles data interaction with OAuthSessions seeDataStore
for more info.zg_resource_available (function) – Function that is called by Server.zg_resource_available to determine if resources are available for zorggebruiker.
get_ocl (function) – Function that returns a OCL
- coroutine create_oauth_session(request_parameters, **kwargs)[source]¶
Create and return a new OAuthSession. (FLOW #3)
- Parameters
request_parameters (dict) – Dictionary containing the request parameters from the start verzamelen.
**kwargs (various) – Keyword arguments get passed on to the data_store.create_oauth_session function, e.g. db object
- Returns
The created OAuthSession
- Return type
- Raises
OAuthException – If supplied request_parameters are not valid
- coroutine exchange_authorization_code(request_parameters, **kwargs)[source]¶
Handle the oauth client’s request to exchange the authorization code for an access token. (FLOW #13)
- Parameters
request_parameters (str) – Params send with the request.
**kwargs (various) – Keyword arguments get passed on to the various DataStore functions, e.g. db object
- Returns
Dict containing the parameters for a valid response, including the access_token, token_type, expires_in and scope
- Return type
dict
- Raises
OAuthException – If request parameters are invalid
- coroutine get_ocl()[source]¶
Return the OCL returned by the get_ocl function supplied in instantiation of Server object
- coroutine handle_auth_grant(oauth_session_id=None, authorized=False, **kwargs)[source]¶
Handle the zorggebruikers response to the authorization question. (FLOW #10)
- Parameters
oauth_session_id (str) – ID for the OAuthSession of current zorggebruiker.
authorized (bool) – Indicates if zorggebruiker response was negative (False) or positive (True)
**kwargs (various) – Keyword arguments get passed on to self.data_store.get_oauth_session_by_id and self.data_store.save_oauth_session
- Returns
Tuple containing the updated OAuthSession (with authorization_code and authorization_code_expiration) and the redirect_url
- Return type
tuple (OAuthSession, str)
- Raises
OAuthException – If zorggebruiker response was negative
- coroutine zg_resource_available(oauth_session=None, oauth_session_id=None, client_data={}, **kwargs)[source]¶
Determine if this service has resources available for this zorggebruikers by calling the supplied zg_resource_available function on instatiation of the Server. (FLOW #8)
This function requires a least an oauth_session or an oauthsession id. BSN is added to the client_data that is passed to the self._zg_resource_available function.
- Parameters
oauth_session (OAuthSession) – OAuthSession for the current zorggebruiker (optional).
oauth_session_id (string) – ID for the OAuthSession of current zorggebruiker (optional).
client_data (dict) – Optional additional zorggebruikerinfo that gets passed on to the self._zg_resource_available function.
**kwargs (various) – Keyword arguments get passed to the supplied self._zg_resource_available function
- Returns
returns True if resouces are available for this zorggebruiker
- Return type
bool
- Raises
OAuthException – If there is no resource available for this zorggebruiker
Datastore¶
- class medmij_oauth.server.DataStore[source]¶
Bases:
abc.ABC
Abstract Class that handles interaction instantiation, persisting and lookups of OAuthSessions.
- coroutine create_oauth_session(response_type, client_id, redirect_uri, scope, state, **kwargs)[source]¶
Create a new oauth_session, persist the oauth_session and return it.
- coroutine get_oauth_session_by_authorization_code(authorization_code, **kwargs)[source]¶
Get a oauth_session based on its authorization_code and return it, else return None
OAuthSession¶
Class that should be implemented by implementor of the OAuth Server. This class is should be instantiated by your implementation of the DataStore base class and represents the current state of your OAuth Session.
The OAuthSession should at least have the following attributes:
id (uuid)
response_type (string)
client_id (string)
scope (string)
state (string)
redirect_uri (string)
authorization_code (string)
authorization_code_expiration (datetime.datetime)
authorization_granted (boolean)
access_token (string)
access_token_expiration (datetime.datetime)
zorggebruiker_bsn (string)
Example implementation:
class OAuthSession():
def __init__(self, response_type, client_id, redirect_uri, scope, state):
self.id = str(uuid.uuid4())
self.response_type = response_type
self.client_id = client_id
self.scope = scope
self.state = state
self.redirect_uri = redirect_uri
self.created_at = datetime.datetime.now()
self.authorization_code = None
self.authorization_code_expiration = -1
self.authorization_granted = False
self.access_token = None
self.access_token_expiration = -1
self.zorggebruiker_bsn = ''