I need to on GET request Authlib generated an authorization token. The user doesn't need to confirm the access to resources because it is closed network and only trusted services (our services) can send requests.
Using this sample of OAuth 2.0 Provider I wrote the next:
In routes:
@bp.route("/oauth/authorize", methods=['GET'])
@login_required
def authorize():
user = current_user()
return server.create_authorization_response(grant_user=user)
My oauth module:
server = AuthorizationServer()
require_oauth = ResourceProtector()
class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
def create_authorization_code(self, client, grant_user, request):
# you can use other method to generate this code
code = generate_token(48)
item = AuthorizationCode(
code=code,
client_id=client.client_id,
redirect_uri=request.redirect_uri,
scope=request.scope,
user_id=grant_user.get_user_id(),
)
db.session.add(item)
db.session.commit()
return code
def parse_authorization_code(self, code, client):
item = AuthorizationCode.query.filter_by(code=code, client_id=client.client_id)\
.first()
if item and not item.is_expired():
return item
def delete_authorization_code(self, authorization_code):
db.session.delete(authorization_code)
db.session.commit()
def authenticate_user(self, authorization_code):
return User.query.get(authorization_code.user_id)
def current_user():
if 'id' in session:
uid = session['id']
return User.query.get(uid)
return None
def query_client(client_id):
return Client.query.filter_by(client_id=client_id).first()
def save_token(token, request):
if request.user:
user_id = request.user.get_user_id()
else:
# client_credentials grant_type
user_id = request.client.user_id
item = Token(
client_id=request.client.client_id,
user_id=user_id,
**token
)
db.session.add(item)
db.session.commit()
def init_oauth2(app):
server.init_app(app, query_client=query_client, save_token=save_token)
# register it to grant endpoint
server.register_grant(AuthorizationCodeGrant)
But when I am trying to send a request:
http://127.0.0.1:5000/oauth/authorize?response_type=code&client_id=my_client_id
The server returns error:
{
"error": "unauthorized_client",
"error_description": "The client is not authorized to request an authorization code using this method"
}
I enabled the insecure transport mode and this client is registered in the database. I took its client_id from the database select client_id from clients. It says the client is authorized but I wanna authorize it, of course, it's unauthorized. What's wrong?
P.S. my repository
ADDED:
I was needed to specify response_type for the client.
This means that your client doesn’t support code response type. There is a check_response_type method on client, make sure it will return True.