mirror of
https://github.com/jointakahe/takahe.git
synced 2025-01-12 15:15:29 +00:00
efd5f481e9
This implements a few oauth2 fixes: - passes along the state object - enforces authorization code expiration (currently set to 1 minute, we could make this configurable) - enforces redirect_uri - properly checks for client_secret when granting a token - handles pulling client authentication for token grant from basic auth - implement token revocation
38 lines
896 B
Python
38 lines
896 B
Python
from django.db import models
|
|
|
|
|
|
class Token(models.Model):
|
|
"""
|
|
An (access) token to call the API with.
|
|
|
|
Can be either tied to a user, or app-level only.
|
|
"""
|
|
|
|
application = models.ForeignKey(
|
|
"api.Application",
|
|
on_delete=models.CASCADE,
|
|
related_name="tokens",
|
|
)
|
|
|
|
user = models.ForeignKey(
|
|
"users.User",
|
|
blank=True,
|
|
null=True,
|
|
on_delete=models.CASCADE,
|
|
related_name="tokens",
|
|
)
|
|
|
|
identity = models.ForeignKey(
|
|
"users.Identity",
|
|
blank=True,
|
|
null=True,
|
|
on_delete=models.CASCADE,
|
|
related_name="tokens",
|
|
)
|
|
|
|
token = models.CharField(max_length=500, unique=True)
|
|
scopes = models.JSONField()
|
|
|
|
created = models.DateTimeField(auto_now_add=True)
|
|
updated = models.DateTimeField(auto_now=True)
|
|
revoked = models.DateTimeField(blank=True, null=True)
|