1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
from typing import Optional
from authlib.common.urls import add_params_to_uri
from authlib.deprecate import deprecate
from authlib.oauth2.rfc6749.grants import BaseGrant
class IssuerParameter:
def __call__(self, authorization_server):
if isinstance(authorization_server, BaseGrant):
deprecate(
"IssueParameter should be used as an authorization server extension with 'authorization_server.register_extension(IssueParameter())'.",
version="1.8",
)
authorization_server.register_hook(
"after_authorization_response",
self.add_issuer_parameter,
)
else:
authorization_server.register_hook(
"after_create_authorization_response",
self.add_issuer_parameter,
)
def add_issuer_parameter(self, authorization_server, response):
if self.get_issuer() and response.location:
# RFC9207 ยง2
# In authorization responses to the client, including error responses,
# an authorization server supporting this specification MUST indicate
# its identity by including the iss parameter in the response.
new_location = add_params_to_uri(
response.location, {"iss": self.get_issuer()}
)
response.location = new_location
def get_issuer(self) -> Optional[str]:
"""Return the issuer URL.
Developers MAY implement this method if they want to support :rfc:`RFC9207 <9207>`::
def get_issuer(self) -> str:
return "https://auth.example.org"
"""
return None
|
