46 lines
1.7 KiB
Python
46 lines
1.7 KiB
Python
from typing import Optional
|
|
|
|
from authlib.common.urls import add_params_to_uri
|
|
from authlib.deprecate import deprecate
|
|
from authlib.oauth2.rfc6749.grants import BaseGrant
|
|
|
|
|
|
class IssuerParameter:
|
|
def __call__(self, authorization_server):
|
|
if isinstance(authorization_server, BaseGrant):
|
|
deprecate(
|
|
"IssueParameter should be used as an authorization server extension with 'authorization_server.register_extension(IssueParameter())'.",
|
|
version="1.8",
|
|
)
|
|
authorization_server.register_hook(
|
|
"after_authorization_response",
|
|
self.add_issuer_parameter,
|
|
)
|
|
|
|
else:
|
|
authorization_server.register_hook(
|
|
"after_create_authorization_response",
|
|
self.add_issuer_parameter,
|
|
)
|
|
|
|
def add_issuer_parameter(self, authorization_server, response):
|
|
if self.get_issuer() and response.location:
|
|
# RFC9207 §2
|
|
# In authorization responses to the client, including error responses,
|
|
# an authorization server supporting this specification MUST indicate
|
|
# its identity by including the iss parameter in the response.
|
|
|
|
new_location = add_params_to_uri(
|
|
response.location, {"iss": self.get_issuer()}
|
|
)
|
|
response.location = new_location
|
|
|
|
def get_issuer(self) -> Optional[str]:
|
|
"""Return the issuer URL.
|
|
Developers MAY implement this method if they want to support :rfc:`RFC9207 <9207>`::
|
|
|
|
def get_issuer(self) -> str:
|
|
return "https://auth.example.org"
|
|
"""
|
|
return None
|