Annotate

mod_rest/example/prosody_oauth.py @ 5285:8e1f1eb00b58

mod_sasl2_fast: Fix harmless off-by-one error (invalidates existing tokens!) Problem: This was causing the key to become "<token>--cur" instead of the expected "<token>-cur". As the same key was used by the code to both set and get, it still worked. Rationale for change: Although it worked, it's unintended, inconsistent and messy. It increases the chances of future bugs due to the unexpected format. Side-effects of change: Existing '--cur' entries will not be checked after this change, and therefore existing FAST clients will fail to authenticate until they attempt password auth and obtain a new FAST token. Existing '--cur' entries in storage will not be cleaned up by this commit, but this is considered a minor issue, and okay for the relatively few FAST deployments.
author Matthew Wild <mwild1@gmail.com>
date Wed, 29 Mar 2023 16:12:15 +0100
parent 5269:0e5a37f55440
child 5488:9a4556a13cc7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4952
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 from requests_oauthlib import OAuth2Session
5269
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
2 import requests
4952
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 class ProsodyRestSession(OAuth2Session):
5269
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
6 def __init__(
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
7 self, base_url, client_name, client_uri, redirect_uri, *args, **kwargs
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
8 ):
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
9 self.base_url = base_url
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
10 discovery_url = base_url + "/.well-known/oauth-authorization-server"
4952
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
5269
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
12 meta = requests.get(discovery_url).json()
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
13 reg = requests.post(
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
14 meta["registration_endpoint"],
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
15 json={
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
16 "client_name": client_name,
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
17 "client_uri": client_uri,
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
18 "redirect_uris": [redirect_uri],
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
19 },
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
20 ).json()
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
21
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
22 super().__init__(client_id=reg["client_id"], *args, **kwargs)
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
23
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
24 self.meta = meta
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
25 self.client_secret = reg["client_secret"]
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
26 self.client_id = reg["client_id"]
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
27
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
28 def authorization_url(self, *args, **kwargs):
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
29 return super().authorization_url(
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
30 self.meta["authorization_endpoint"], *args, **kwargs
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
31 )
4952
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 def fetch_token(self, *args, **kwargs):
5269
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
34 return super().fetch_token(
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
35 token_url=self.meta["token_endpoint"],
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
36 client_secret=self.client_secret,
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
37 *args,
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
38 **kwargs
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
39 )
4952
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 def xmpp(self, json=None, *args, **kwargs):
5269
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
42 return self.post(self.base_url + "/rest", json=json, *args, **kwargs)
4952
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 if __name__ == "__main__":
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 # Example usage
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 # from prosody_oauth import ProsodyRestSession
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 from getpass import getpass
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50
5269
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
51 p = ProsodyRestSession(
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
52 input("Base URL: "),
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
53 "Prosody mod_rest OAuth 2 example",
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
54 "https://modules.prosody.im/mod_rest",
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
55 "urn:ietf:wg:oauth:2.0:oob",
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
56 )
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
57
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
58 print("Open the following URL in a browser and login:")
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
59 print(p.authorization_url()[0])
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
60
0e5a37f55440 mod_rest: Update prosody_oauth.py example to non-legacy OAuth2
Kim Alvefur <zash@zash.se>
parents: 4952
diff changeset
61 p.fetch_token(code=getpass("Paste Authorization code: "))
4952
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62
ccce785f53e1 mod_rest: Add an example OAuth client (needs mod_http_oauth2)
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63 print(p.xmpp(json={"disco": True, "to": "jabber.org"}).json())