How to use the authlib.oauth2.rfc6749.errors.InvalidRequestError function in Authlib
To help you get started, we’ve selected a few Authlib examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
lepture / authlib / tests / django / test_oauth2 / test_authorization_code_grant.py View on Github 
def test_validate_consent_request_redirect_uri(self):
server = self.create_server()
self.prepare_data()
base_url = '/authorize?response_type=code&client_id=client'
url = base_url + '&redirect_uri=https%3A%2F%2Fa.c'
request = self.factory.get(url)
self.assertRaises(
errors.InvalidRequestError,
server.validate_consent_request,
request
)
url = base_url + '&redirect_uri=https%3A%2F%2Fa.b'
request = self.factory.get(url)
grant = server.validate_consent_request(request)
self.assertIsInstance(grant, AuthorizationCodeGrant)client = self.authenticate_token_endpoint_client()
log.debug('Validate token request of %r', client)
if not client.check_grant_type(self.GRANT_TYPE):
raise UnauthorizedClientError()
code = self.request.form.get('code')
if code is None:
raise InvalidRequestError('Missing "code" in request.')
# ensure that the authorization code was issued to the authenticated
# confidential client, or if the client is public, ensure that the
# code was issued to "client_id" in the request
authorization_code = self.query_authorization_code(code, client)
if not authorization_code:
raise InvalidRequestError('Invalid "code" in request.')
# validate redirect_uri parameter
log.debug('Validate token redirect_uri of %r', client)
redirect_uri = self.request.redirect_uri
original_redirect_uri = authorization_code.get_redirect_uri()
if original_redirect_uri and redirect_uri != original_redirect_uri:
raise InvalidRequestError('Invalid "redirect_uri" in request.')
# save for create_token_response
self.request.client = client
self.request.credential = authorization_code
self.execute_hook('after_validate_token_request')Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Adevice_code
&device_code=GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS
&client_id=1406020730
"""
device_code = self.request.data.get('device_code')
if not device_code:
raise InvalidRequestError('Missing "device_code" in payload')
if not self.request.client_id:
raise InvalidRequestError('Missing "client_id" in payload')
credential = self.query_device_credential(device_code)
if not credential:
raise InvalidRequestError('Invalid "device_code" in payload')
if credential.get_client_id() != self.request.client_id:
raise UnauthorizedClientError()
client = self.authenticate_token_endpoint_client()
if not client.check_grant_type(self.GRANT_TYPE):
raise UnauthorizedClientError()
user = self.validate_device_credential(credential)
self.request.user = user
self.request.client = client
self.request.credential = credential
grant_type=password&username=johndoe&password=A3ddj3w
"""
# ignore validate for grant_type, since it is validated by
# check_token_endpoint
client = self.authenticate_token_endpoint_client()
log.debug('Validate token request of %r', client)
if not client.check_grant_type(self.GRANT_TYPE):
raise UnauthorizedClientError()
params = self.request.form
if 'username' not in params:
raise InvalidRequestError('Missing "username" in request.')
if 'password' not in params:
raise InvalidRequestError('Missing "password" in request.')
log.debug('Authenticate user of %r', params['username'])
user = self.authenticate_user(
params['username'],
params['password']
)
if not user:
raise InvalidRequestError(
'Invalid "username" or "password" in request.',
)
self.request.client = client
self.request.user = user
self.validate_requested_scope()
For example, the client makes the following HTTPS request::
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Adevice_code
&device_code=GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS
&client_id=1406020730
"""
device_code = self.request.data.get('device_code')
if not device_code:
raise InvalidRequestError('Missing "device_code" in payload')
if not self.request.client_id:
raise InvalidRequestError('Missing "client_id" in payload')
credential = self.query_device_credential(device_code)
if not credential:
raise InvalidRequestError('Invalid "device_code" in payload')
if credential.get_client_id() != self.request.client_id:
raise UnauthorizedClientError()
client = self.authenticate_token_endpoint_client()
if not client.check_grant_type(self.GRANT_TYPE):
raise UnauthorizedClientError()
user = self.validate_device_credential(credential)
self.request.user = user
self.request.client = client
self.request.credential = credentialAuthorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
"""
# ignore validate for grant_type, since it is validated by
# check_token_endpoint
client = self.authenticate_token_endpoint_client()
log.debug('Validate token request of %r', client)
if not client.check_grant_type(self.GRANT_TYPE):
raise UnauthorizedClientError()
params = self.request.form
if 'username' not in params:
raise InvalidRequestError('Missing "username" in request.')
if 'password' not in params:
raise InvalidRequestError('Missing "password" in request.')
log.debug('Authenticate user of %r', params['username'])
user = self.authenticate_user(
params['username'],
params['password']
)
if not user:
raise InvalidRequestError(
'Invalid "username" or "password" in request.',
)
self.request.client = client
self.request.user = user
self.validate_requested_scope()
authorization server as described in Section 3.2.1. of [RFC6749].
The client identifier as described in Section 2.2 of [RFC6749].
For example, the client makes the following HTTPS request::
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Adevice_code
&device_code=GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS
&client_id=1406020730
"""
device_code = self.request.data.get('device_code')
if not device_code:
raise InvalidRequestError('Missing "device_code" in payload')
if not self.request.client_id:
raise InvalidRequestError('Missing "client_id" in payload')
credential = self.query_device_credential(device_code)
if not credential:
raise InvalidRequestError('Invalid "device_code" in payload')
if credential.get_client_id() != self.request.client_id:
raise UnauthorizedClientError()
client = self.authenticate_token_endpoint_client()
if not client.check_grant_type(self.GRANT_TYPE):
raise UnauthorizedClientError()
user = self.validate_device_credential(credential)if self.required and request.auth_method == 'none' and not verifier:
raise InvalidRequestError('Missing "code_verifier"')
authorization_code = request.credential
challenge = self.get_authorization_code_challenge(authorization_code)
# ignore, it is the normal RFC6749 authorization_code request
if not challenge:
return
# challenge exists, code_verifier is required
if not verifier:
raise InvalidRequestError('Missing "code_verifier"')
if not CODE_VERIFIER_PATTERN.match(verifier):
raise InvalidRequestError('Invalid "code_verifier"')
# 4.6. Server Verifies code_verifier before Returning the Tokens
method = self.get_authorization_code_challenge_method(authorization_code)
if method is None:
method = self.DEFAULT_CODE_CHALLENGE_METHOD
func = self.CODE_CHALLENGE_METHODS.get(method)
if not func:
raise RuntimeError('No verify method for "{}"'.format(method))
# If the values are not equal, an error response indicating
# "invalid_grant" MUST be returned.
if not func(verifier, challenge):
raise InvalidGrantError(description='Code challenge failed.')def validate_authorization_redirect_uri(request, client):
if request.redirect_uri:
if not client.check_redirect_uri(request.redirect_uri):
raise InvalidRequestError(
'Invalid "redirect_uri" in request.',
state=request.state,
)
return request.redirect_uri
else:
redirect_uri = client.get_default_redirect_uri()
if not redirect_uri:
raise InvalidRequestError(
'Missing "redirect_uri" in request.'
)
return redirect_uridef _validate_request_token(self, client):
refresh_token = self.request.form.get('refresh_token')
if refresh_token is None:
raise InvalidRequestError(
'Missing "refresh_token" in request.',
)
token = self.authenticate_refresh_token(refresh_token)
if not token or token.get_client_id() != client.get_client_id():
raise InvalidRequestError(
'Invalid "refresh_token" in request.',
)
return tokenAuthlib
The ultimate Python library in building OAuth and OpenID Connect servers and clients.
Package Health Score
93 / 100Popular Authlib functions
- authlib.common.encoding.base64_to_int
- authlib.common.encoding.int_to_base64
- authlib.common.encoding.to_bytes
- authlib.common.encoding.to_unicode
- authlib.common.security.generate_token
- authlib.common.urls.url_decode
- authlib.common.urls.urlparse
- authlib.common.urls.urlparse.urlparse
- authlib.deprecate.deprecate
- authlib.integrations.flask_client.OAuth
- authlib.integrations.httpx_client.OAuth2Client
- authlib.integrations.requests_client.OAuth1Session
- authlib.integrations.requests_client.OAuth2Session
- authlib.jose.errors.DecodeError
- authlib.jose.errors.InvalidClaimError
- authlib.jose.jwt.decode
- authlib.jose.jwt.encode
- authlib.oauth1.rfc5849.util.escape
- authlib.oauth2.rfc6749.errors.InvalidRequestError
- authlib.specs.oidc.id_token.IDTokenError