Commit eddd1693 authored by qhoangxuan's avatar qhoangxuan

simplify oauth2 refresh token rest api

parent f5d74f8a
......@@ -50,6 +50,12 @@ class AccessTokenStore(AccessTokenStore):
res = sql.delete_refresh_token(refresh_token)
return res
def get_client_id_by_refresh_token(self, refresh_token):
sql = zoe_lib.state.SQLManager(get_conf())
data = sql.get_client_id_by_refresh_token(refresh_token)
return data
def get_client_id_by_access_token(self, access_token):
sql = zoe_lib.state.SQLManager(get_conf())
data = sql.get_client_id_by_access_token(access_token)
......
......@@ -42,7 +42,7 @@ Input: curl -u 'admin:admin' http://localhost:5001/api/0.6/oauth/token -X POST -
Output: {"token_type": "Bearer", "access_token": "3ddbe9ba-6a21-4e4d-993b-70556390c5d3", "refresh_token": "9bab190f-e211-42aa-917e-20ce987e355e", "expires_in": 36000}
*To refresh a token
Input: curl -u 'admin:admin' http://localhost:5001/api/0.6/oauth/token -X POST -H 'Content-Type: application/json' -d '{"grant_type": "refresh_token", "refresh_token": "9bab190f-e211-42aa-917e-20ce987e355e"}'
Input: curl -H 'Authorization: Bearer 9bab190f-e211-42aa-917e-20ce987e355e' http://localhost:5001/api/0.6/oauth/token -X POST -H 'Content-Type: application/json' -d '{"grant_type": "refresh_token", "refresh_token": "9bab190f-e211-42aa-917e-20ce987e355e"}'
Output: {"token_type": "Bearer", "access_token": "378f8d5f-2eb5-4181-b632-ad23c4534d32", "expires_in": 36000}
*To revoke a token, the passed token could be the access token or refresh token
......@@ -80,6 +80,12 @@ class OAuthGetAPI(RequestHandler):
request = self.request
params = json.loads(request.body.decode())
if params['grant_type'] == 'refresh_token':
auth_header = self.request.headers.get('Authorization')
refresh_token = auth_header[7:]
params['refresh_token'] = refresh_token
params['password'] = ''
params['username'] = ''
params['client_secret'] = ''
......
......@@ -86,7 +86,11 @@ def get_auth(handler: tornado.web.RequestHandler):
if "Bearer" in auth_header:
token = auth_header[7:]
data = token_store.get_client_id_by_access_token(token)
if 'token' in handler.request.uri:
data = token_store.get_client_id_by_refresh_token(token)
else:
data = token_store.get_client_id_by_access_token(token)
if data:
uid = data["client_id"]
role = client_store.get_role_by_client_id(uid)
......
......@@ -216,6 +216,13 @@ class SQLManager:
return cur.fetchone()
def get_client_id_by_refresh_token(self, refresh_token):
cur = self._cursor()
query = 'SELECT * FROM oauth_token WHERE refresh_token = %s'
cur.execute(query, (refresh_token,))
return cur.fetchone()
def save_token(self, client_id, grant_type, token, data, expires_at, refresh_token, refresh_expires_at, scopes, user_id):
cur = self._cursor()
expires_at = datetime.datetime.fromtimestamp(expires_at)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment