update
This commit is contained in:
@@ -22,8 +22,8 @@ OAUTH2_SCOPES_SUPPORTED = os.getenv('OAUTH2_SCOPES_SUPPORTED')
|
||||
|
||||
|
||||
GRANT_TYPES_EXPIRES_IN = {
|
||||
'refresh_token': 900,
|
||||
'authorization_code': 900,
|
||||
'refresh_token': 600,
|
||||
'authorization_code': 600,
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
from authlib.oauth2 import ResourceProtector as _ResourceProtector
|
||||
|
||||
|
||||
class ResourceProtector(_ResourceProtector): ...
|
||||
@@ -1,8 +1,12 @@
|
||||
import re
|
||||
|
||||
from authlib.oauth2 import OAuth2Request
|
||||
from authlib.oauth2.rfc6749 import ClientMixin, TokenMixin, grants
|
||||
from authlib.oauth2.rfc7636 import CodeChallenge
|
||||
from authlib.oidc.core import OpenIDCode as OpenIDCode_
|
||||
from authlib.oidc.core import UserInfo
|
||||
from aws_lambda_powertools import Logger
|
||||
from aws_lambda_powertools.event_handler.exceptions import NotFoundError
|
||||
from layercake.dateutils import now, ttl
|
||||
from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
|
||||
from layercake.funcs import omit, pick
|
||||
@@ -17,6 +21,7 @@ from integrations.apigateway_oauth2.tokens import (
|
||||
OAuth2Token,
|
||||
)
|
||||
|
||||
logger = Logger(__name__)
|
||||
oauth2_layer = DynamoDBPersistenceLayer(OAUTH2_TABLE, dynamodb_client)
|
||||
|
||||
|
||||
@@ -137,22 +142,30 @@ class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
|
||||
return pick(('id', 'name', 'email', 'email_verified'), user)
|
||||
|
||||
|
||||
class RefreshTokenNotFoundError(NotFoundError):
|
||||
def __init__(self, *_):
|
||||
super().__init__('Refresh token not found')
|
||||
|
||||
|
||||
class RefreshTokenGrant(grants.RefreshTokenGrant):
|
||||
INCLUDE_NEW_REFRESH_TOKEN = True
|
||||
TOKEN_ENDPOINT_AUTH_METHODS = [
|
||||
'client_secret_basic',
|
||||
'client_secret_post',
|
||||
'none',
|
||||
]
|
||||
INCLUDE_NEW_REFRESH_TOKEN = True
|
||||
|
||||
def authenticate_refresh_token(self, refresh_token: str, **kwargs) -> TokenMixin:
|
||||
token = oauth2_layer.get_item(
|
||||
token = oauth2_layer.collection.get_item(
|
||||
KeyPair(
|
||||
pk='OAUTH2#TOKEN',
|
||||
sk=f'REFRESH_TOKEN#{refresh_token}',
|
||||
)
|
||||
),
|
||||
exc_cls=RefreshTokenNotFoundError,
|
||||
)
|
||||
|
||||
logger.info('Refresh token retrieved', token=token)
|
||||
|
||||
return OAuth2Token(
|
||||
expires_in=int(token['expires_in']),
|
||||
issued_at=int(token['issued_at']),
|
||||
@@ -164,7 +177,10 @@ class RefreshTokenGrant(grants.RefreshTokenGrant):
|
||||
return refresh_token.get_user()
|
||||
|
||||
def revoke_old_credential(self, refresh_token: TokenMixin) -> None:
|
||||
if token := getattr(refresh_token, 'refresh_token', None):
|
||||
logger.info('Revoking old refresh token', refresh_token=refresh_token)
|
||||
token = getattr(refresh_token, 'refresh_token', None)
|
||||
|
||||
if token:
|
||||
oauth2_layer.delete_item(
|
||||
KeyPair(pk='OAUTH2#TOKEN', sk=f'REFRESH_TOKEN#{token}')
|
||||
)
|
||||
|
||||
@@ -3,6 +3,6 @@ from aws_lambda_powertools.event_handler.api_gateway import Router
|
||||
router = Router()
|
||||
|
||||
|
||||
@router.get('/jwks.json')
|
||||
@router.get('/.well-known/jwks.json')
|
||||
def jwks():
|
||||
return {}
|
||||
|
||||
@@ -5,4 +5,4 @@ router = Router()
|
||||
|
||||
@router.get('/userinfo')
|
||||
def userinfo():
|
||||
return {}
|
||||
return {'name': 'test'}
|
||||
|
||||
Reference in New Issue
Block a user