pyramid_oauth2_provider icon indicating copy to clipboard operation
pyramid_oauth2_provider copied to clipboard

Published 20 hours ago verified publisher icon elliotpeele

Authorization code flow support

Open tonthon opened this issue 7 years ago • 3 comments

Hi, it seems there is no support for the Authorization code grant flow https://tools.ietf.org/html/rfc6749#section-4.1

The token view doesn't support authorization_code grant_type Am I right ?

tonthon avatar Mar 23 '17 17:03 tonthon

I might be wrong, but isn't this what you are looking for? https://github.com/elliotpeele/pyramid_oauth2_provider/blob/master/pyramid_oauth2_provider/views.py#L71-L133

secynic avatar Mar 28 '17 01:03 secynic

That's the first step of the authorization code flow. After that, the Ressource Consumer (Server side Client) should be able to query an access token with this code (D and E in the flow described here : https://tools.ietf.org/html/rfc6749#section-4.1)

tonthon avatar Mar 28 '17 09:03 tonthon

Understood. It looks like the database is already setup for this tracking: https://github.com/elliotpeele/pyramid_oauth2_provider/blob/master/pyramid_oauth2_provider/models.py#L111

Re-reading your initial post, you are right. Support should be added in the oauth2_token view.

secynic avatar Mar 28 '17 15:03 secynic