diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-08-16 14:51:03 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-08-16 14:51:03 +0300 |
commit | 6eac3fa1cf2a0f5b418e9336c54219c30edb4222 (patch) | |
tree | 6e1e445ff420be316a6db91c01a8ec009aba6dac /qvisqve | |
parent | 8b037ebc76e5b8a0d429a0c365514b0c41d6022e (diff) | |
download | qvisqve-6eac3fa1cf2a0f5b418e9336c54219c30edb4222.tar.gz |
Change: get allowed scopes from user, not client, for authz code flo
Diffstat (limited to 'qvisqve')
-rw-r--r-- | qvisqve/token_router.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/qvisqve/token_router.py b/qvisqve/token_router.py index ea37065..4778063 100644 --- a/qvisqve/token_router.py +++ b/qvisqve/token_router.py @@ -26,10 +26,10 @@ import qvisqve_secrets class TokenRouter(qvisqve.Router): - def __init__(self, token_generator, clients, authz_attempts): + def __init__(self, token_generator, clients, users, authz_attempts): qvisqve.log.log('debug', msg_text='TokenRouter init starts') super().__init__() - args = (clients, token_generator, authz_attempts) + args = (users, clients, token_generator, authz_attempts) self._grants = { 'client_credentials': ClientCredentialsGrant(*args), 'authorization_code': AuthorizationCodeGrant(*args), @@ -75,7 +75,8 @@ class TokenRouter(qvisqve.Router): class Grant: - def __init__(self, clients, generator, authz_attempts): + def __init__(self, users, clients, generator, authz_attempts): + self._users = users self._clients = clients self._generator = generator self._attempts = authz_attempts @@ -141,7 +142,7 @@ class AuthorizationCodeGrant(Grant): subject_id = aa.get_subject_id() scope = aa.get_scope() - allowed = self._clients.get_allowed_scopes(client_id) + allowed = self._users.get_allowed_scopes(subject_id) scope = ' '.join( s for s in scope.split() |