keystone.oauth1.validator module

keystone.oauth1.validator module

oAuthlib request validator.

class keystone.oauth1.validator.OAuthValidator[source]

Bases: keystone.common.provider_api.ProviderAPIMixin, oauthlib.oauth1.rfc5849.request_validator.RequestValidator

get_access_token_secret(client_key, token, request)[source]
get_client_secret(client_key, request)[source]
get_default_realms(client_key, request)[source]
get_realms(token, request)[source]
get_redirect_uri(token, request)[source]
get_request_token_secret(client_key, token, request)[source]
get_rsa_key(client_key, request)[source]
invalidate_request_token(client_key, request_token, request)[source]

Invalidate a used request token.

  • client_key – The client/consumer key.
  • request_token – The request token string.
  • request – An oauthlib.common.Request object.


Per Section 2.3 of the spec:

“The server MUST (…) ensure that the temporary credentials have not expired or been used before.”

This method should ensure that provided token won’t validate anymore. It can be simply removing RequestToken from storage or setting specific flag that makes it invalid (note that such flag should be also validated during request token validation).

This method is used by

  • AccessTokenEndpoint
save_access_token(token, request)[source]
save_request_token(token, request)[source]
save_verifier(token, verifier, request)[source]

Associate an authorization verifier with a request token.

  • token – A request token string.
  • verifier – A dictionary containing the oauth_verifier and oauth_token
  • request – An oauthlib.common.Request object.

We need to associate verifiers with tokens for validation during the access token request.

Note that unlike save_x_token token here is the oauth_token token string from the request token saved previously.

This method is used by

  • AuthorizationEndpoint
validate_access_token(client_key, token, request)[source]
validate_client_key(client_key, request)[source]
validate_realms(client_key, token, request, uri=None, realms=None)[source]
validate_redirect_uri(client_key, redirect_uri, request)[source]
validate_request_token(client_key, token, request)[source]
validate_requested_realms(client_key, realms, request)[source]
validate_timestamp_and_nonce(client_key, timestamp, nonce, request, request_token=None, access_token=None)[source]
validate_verifier(client_key, token, verifier, request)[source]
verify_realms(token, realms, request)[source]
verify_request_token(token, request)[source]
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.