keystone.oauth1.validator module¶

oAuthlib request validator.

class keystone.oauth1.validator.OAuthValidator[source]¶

Bases: keystone.common.provider_api.ProviderAPIMixin, oauthlib.oauth1.rfc5849.request_validator.RequestValidator

check_access_token(access_token)[source]¶

check_client_key(client_key)[source]¶

check_nonce(nonce)[source]¶

check_request_token(request_token)[source]¶

check_verifier(verifier)[source]¶

enforce_ssl¶

get_access_token_secret(client_key, token, request)[source]¶

get_client_secret(client_key, request)[source]¶

get_default_realms(client_key, request)[source]¶

get_realms(token, request)[source]¶

get_redirect_uri(token, request)[source]¶

get_request_token_secret(client_key, token, request)[source]¶

get_rsa_key(client_key, request)[source]¶

invalidate_request_token(client_key, request_token, request)[source]¶

Invalidate a used request token.

Parameters:	client_key – The client/consumer key. request_token – The request token string. request – An oauthlib.common.Request object.
Returns:	None

Per Section 2.3 of the spec:

“The server MUST (…) ensure that the temporary credentials have not expired or been used before.”

This method should ensure that provided token won’t validate anymore. It can be simply removing RequestToken from storage or setting specific flag that makes it invalid (note that such flag should be also validated during request token validation).

This method is used by

• AccessTokenEndpoint

safe_characters¶

save_access_token(token, request)[source]¶

save_request_token(token, request)[source]¶

save_verifier(token, verifier, request)[source]¶

Associate an authorization verifier with a request token.

Parameters:	token – A request token string. verifier – A dictionary containing the oauth_verifier and oauth_token request – An oauthlib.common.Request object.

We need to associate verifiers with tokens for validation during the access token request.

Note that unlike save_x_token token here is the oauth_token token string from the request token saved previously.

This method is used by

• AuthorizationEndpoint

validate_access_token(client_key, token, request)[source]¶

validate_client_key(client_key, request)[source]¶

validate_realms(client_key, token, request, uri=None, realms=None)[source]¶

validate_redirect_uri(client_key, redirect_uri, request)[source]¶

validate_request_token(client_key, token, request)[source]¶

validate_requested_realms(client_key, realms, request)[source]¶

validate_timestamp_and_nonce(client_key, timestamp, nonce, request, request_token=None, access_token=None)[source]¶

validate_verifier(client_key, token, verifier, request)[source]¶

verify_realms(token, realms, request)[source]¶

verify_request_token(token, request)[source]¶