medmij_oauth.server module¶
Server¶
-
class
medmij_oauth.server.
Server
(data_store=None, zg_resource_available=None, get_ocl=None, get_whitelist=None)[source]¶ Class to assist in the OAuth serverside flow
Parameters: - data_store (
DataStore
) – Must be subclass of DataStore, handles data interaction with OAuthSessions seeDataStore
for more info. - zg_resource_available (function) – Function that is called by Server.zg_resource_available to determine if resources are available for zorggebruiker.
- get_ocl (function) – Function that returns a OCL
- get_whitelist (coroutine) – Function that returns a Whitelist
-
coroutine
create_oauth_session
(request_parameters, **kwargs)[source]¶ Create and return a new OAuthSession. (FLOW #3)
Parameters: - request_parameters (dict) – Dictionary containing the request parameters from the start verzamelen.
- **kwargs (various) – Keyword arguments get passed on to the data_store.create_oauth_session function, e.g. db object
Returns: The created OAuthSession
Return type: Raises: OAuthException – If supplied request_parameters are not valid
Handle the oauth client’s request to exchange the authorization code for an access token. (FLOW #13)
Parameters: - request_parameters (str) – Params send with the request.
- **kwargs (various) – Keyword arguments get passed on to the various DataStore functions, e.g. db object
Returns: Dict containing the parameters for a valid response, including the access_token, token_type, expires_in and scope
Return type: dict
Raises: OAuthException – If request parameters are invalid
-
coroutine
get_ocl
()[source]¶ Return the OCL returned by the get_ocl function supplied in instantiation of Server object
-
coroutine
handle_auth_grant
(oauth_session_id=None, authorized=False, **kwargs)[source]¶ Handle the zorggebruikers response to the authorization question. (FLOW #10)
Parameters: - oauth_session_id (str) – ID for the OAuthSession of current zorggebruiker.
- authorized (bool) – Indicates if zorggebruiker response was negative (False) or positive (True)
- **kwargs (various) – Keyword arguments get passed on to self.data_store.get_oauth_session_by_id and self.data_store.save_oauth_session
Returns: Tuple containing the updated OAuthSession (with authorization_code and authorization_code_expiration) and the redirect_url
Return type: tuple (OAuthSession, str)
Raises: OAuthException – If zorggebruiker response was negative
-
coroutine
zg_resource_available
(oauth_session=None, oauth_session_id=None, client_data={}, **kwargs)[source]¶ Determine if this service has resources available for this zorggebruikers by calling the supplied zg_resource_available function on instatiation of the Server. (FLOW #8)
This function requires a least an oauth_session or an oauthsession id. BSN is added to the client_data that is passed to the self._zg_resource_available function.
Parameters: - oauth_session (OAuthSession) – OAuthSession for the current zorggebruiker (optional).
- oauth_session_id (string) – ID for the OAuthSession of current zorggebruiker (optional).
- client_data (dict) – Optional additional zorggebruikerinfo that gets passed on to the self._zg_resource_available function.
- **kwargs (various) – Keyword arguments get passed to the supplied self._zg_resource_available function
Returns: returns True if resouces are available for this zorggebruiker
Return type: bool
Raises: OAuthException – If there is no resource available for this zorggebruiker
- data_store (
Datastore¶
-
class
medmij_oauth.server.
DataStore
[source]¶ Bases:
abc.ABC
Abstract Class that handles interaction instantiation, persisting and lookups of OAuthSessions.
-
coroutine
create_oauth_session
(response_type, client_id, redirect_uri, scope, state, **kwargs)[source]¶ Create a new oauth_session, persist the oauth_session and return it.
Get a oauth_session based on its authorization_code and return it, else return None
-
coroutine
OAuthSession¶
Class that should be implemented by implementor of the OAuth Server. This class is should be instantiated by your implementation of the DataStore base class and represents the current state of your OAuth Session.
The OAuthSession should at least have the following attributes:
- id (uuid)
- response_type (string)
- client_id (string)
- scope (string)
- state (string)
- redirect_uri (string)
- authorization_code (string)
- authorization_code_expiration (datetime.datetime)
- authorization_granted (boolean)
- access_token (string)
- access_token_expiration (datetime.datetime)
- zorggebruiker_bsn (string)
Example implementation:
class OAuthSession():
def __init__(self, response_type, client_id, redirect_uri, scope, state):
self.id = str(uuid.uuid4())
self.response_type = response_type
self.client_id = client_id
self.scope = scope
self.state = state
self.redirect_uri = redirect_uri
self.created_at = datetime.datetime.now()
self.authorization_code = None
self.authorization_code_expiration = -1
self.authorization_granted = False
self.access_token = None
self.access_token_expiration = -1
self.zorggebruiker_bsn = ''