Parse authorization grant response URI into a dict. If the resource owner grants the access request, the authorization server issues an authorization code and delivers it to the client by adding the following parameters to the query component of the redirection URI using the ``appli
(uri, state=None)
| 108 | |
| 109 | |
| 110 | def parse_authorization_code_response(uri, state=None): |
| 111 | """Parse authorization grant response URI into a dict. |
| 112 | |
| 113 | If the resource owner grants the access request, the authorization |
| 114 | server issues an authorization code and delivers it to the client by |
| 115 | adding the following parameters to the query component of the |
| 116 | redirection URI using the ``application/x-www-form-urlencoded`` format: |
| 117 | |
| 118 | **code** |
| 119 | REQUIRED. The authorization code generated by the |
| 120 | authorization server. The authorization code MUST expire |
| 121 | shortly after it is issued to mitigate the risk of leaks. A |
| 122 | maximum authorization code lifetime of 10 minutes is |
| 123 | RECOMMENDED. The client MUST NOT use the authorization code |
| 124 | more than once. If an authorization code is used more than |
| 125 | once, the authorization server MUST deny the request and SHOULD |
| 126 | revoke (when possible) all tokens previously issued based on |
| 127 | that authorization code. The authorization code is bound to |
| 128 | the client identifier and redirection URI. |
| 129 | |
| 130 | **state** |
| 131 | REQUIRED if the "state" parameter was present in the client |
| 132 | authorization request. The exact value received from the |
| 133 | client. |
| 134 | |
| 135 | :param uri: The full redirect URL back to the client. |
| 136 | :param state: The state parameter from the authorization request. |
| 137 | |
| 138 | For example, the authorization server redirects the user-agent by |
| 139 | sending the following HTTP response: |
| 140 | |
| 141 | .. code-block:: http |
| 142 | |
| 143 | HTTP/1.1 302 Found |
| 144 | Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA |
| 145 | &state=xyz |
| 146 | |
| 147 | """ |
| 148 | query = urlparse.urlparse(uri).query |
| 149 | params = dict(urlparse.parse_qsl(query)) |
| 150 | |
| 151 | if "code" not in params: |
| 152 | raise MissingCodeException() |
| 153 | |
| 154 | params_state = params.get("state") |
| 155 | if state and params_state != state: |
| 156 | raise MismatchingStateException() |
| 157 | |
| 158 | return params |
| 159 | |
| 160 | |
| 161 | def parse_implicit_response(uri, state=None): |
no test coverage detected
searching dependent graphs…