mirror of
https://github.com/jointakahe/takahe.git
synced 2025-01-12 15:15:29 +00:00
efd5f481e9
This implements a few oauth2 fixes: - passes along the state object - enforces authorization code expiration (currently set to 1 minute, we could make this configurable) - enforces redirect_uri - properly checks for client_secret when granting a token - handles pulling client authentication for token grant from basic auth - implement token revocation
44 lines
1.1 KiB
Python
44 lines
1.1 KiB
Python
from django.db import models
|
|
|
|
|
|
class Authorization(models.Model):
|
|
"""
|
|
An authorization code as part of the OAuth flow
|
|
"""
|
|
|
|
application = models.ForeignKey(
|
|
"api.Application",
|
|
on_delete=models.CASCADE,
|
|
related_name="authorizations",
|
|
)
|
|
|
|
user = models.ForeignKey(
|
|
"users.User",
|
|
blank=True,
|
|
null=True,
|
|
on_delete=models.CASCADE,
|
|
related_name="authorizations",
|
|
)
|
|
|
|
identity = models.ForeignKey(
|
|
"users.Identity",
|
|
blank=True,
|
|
null=True,
|
|
on_delete=models.CASCADE,
|
|
related_name="authorizations",
|
|
)
|
|
|
|
code = models.CharField(max_length=128, blank=True, null=True, unique=True)
|
|
token = models.OneToOneField(
|
|
"api.Token",
|
|
blank=True,
|
|
null=True,
|
|
on_delete=models.CASCADE,
|
|
)
|
|
|
|
scopes = models.JSONField()
|
|
redirect_uri = models.TextField(blank=True, null=True)
|
|
valid_for_seconds = models.IntegerField(default=60)
|
|
|
|
created = models.DateTimeField(auto_now_add=True)
|
|
updated = models.DateTimeField(auto_now=True)
|