update id

2025-10-30 02:02:23 -03:00
parent f284b64c60
commit 76dfc44b71
25 changed files with 103 additions and 40 deletions
--- a/id.saladeaula.digital/app/oauth2.py
+++ b/id.saladeaula.digital/app/oauth2.py
@@ -76,6 +76,7 @@ class OpenIDCode(OpenIDCode_):
        ).filter(scope)

        if user.scope:
+            # Used to define permission granularity
            user_info['scope'] = user.scope

        return user_info
@@ -247,10 +248,13 @@ class RefreshTokenGrant(grants.RefreshTokenGrant):
        """The authorization server MAY revoke the old refresh token after
        issuing a new refresh token to the client."""

-        logger.debug('Revoking old refresh token', refresh_token=refresh_token)
        token = getattr(refresh_token, 'refresh_token', None)
+        logger.debug('Revoking old refresh token', refresh_token=token)
        user = refresh_token.get_user()

+        if not token:
+            return None
+
        with dyn.transact_writer() as transact:
            transact.delete(
                key=KeyPair(
--- a/id.saladeaula.digital/app/routes/authorize.py
+++ b/id.saladeaula.digital/app/routes/authorize.py
@@ -48,11 +48,13 @@ def authorize():
        if not client_scopes.issubset(user_scopes):
            raise ForbiddenError('Access denied')

-        return server.create_authorization_response(
+        response = server.create_authorization_response(
            request=router.current_event,
            grant_user=sub,
            grant=grant,
        )
+
+        logger.debug(response)
    except JoseError as err:
        logger.exception(err)
        raise BadRequestError(str(err))
@@ -62,6 +64,8 @@ def authorize():
            status_code=err.status_code,
            msg=dict(err.get_body()),  # type: ignore
        )
+    else:
+        return response


 def _user_scopes(sub: str) -> set:
--- a/id.saladeaula.digital/app/routes/revoke.py
+++ b/id.saladeaula.digital/app/routes/revoke.py
@@ -1,13 +1,17 @@
+from aws_lambda_powertools import Logger
 from aws_lambda_powertools.event_handler.api_gateway import Router

 from oauth2 import RevocationEndpoint, server

+logger = Logger(__name__)
 router = Router()


@router.post('/revoke')
 def revoke():
-    return server.create_endpoint_response(
+    response = server.create_endpoint_response(
        RevocationEndpoint.ENDPOINT_NAME,
        router.current_event,
    )
+    logger.debug(response)
+    return response
--- a/id.saladeaula.digital/app/routes/token.py
+++ b/id.saladeaula.digital/app/routes/token.py
@@ -1,10 +1,14 @@
+from aws_lambda_powertools import Logger
 from aws_lambda_powertools.event_handler.api_gateway import Router

 from oauth2 import server

+logger = Logger(__name__)
 router = Router()


@router.post('/token')
 def issue_token():
-    return server.create_token_response(router.current_event)
+    response = server.create_token_response(router.current_event)
+    logger.debug(response)
+    return response