I probably shouldn't be answering, because my OAUTH2 expertise comes from a
presentation by Jim Manicore of Manicode.com,
but ...
On Wednesday, March 7, 2018 at 3:05:48 PM UTC-8, greenpoise wrote:
>
> I feel I am almost there making a connection. So, following the steps of
> the server side, I have to:
>
> 1. Request an Authorization and Temporary Token
> 2. Once I receive the temporary token,
> 3. I have to exchanged it for an access token which I can use to access
> the data
>
>
> I have the first 2 i believe. Here is my code in web2py:
>
> 1. Request Authorization and Temp Token
>
> def loginview():
> params = {"response_type": "code",
> "client_id": CLIENT_ID,
> "scope": "employee:customers_read"}
> url = "https://cloud.XXXXXXX.com/oauth/authorize.php?"; + urllib.
> urlencode(params)
> return dict(url=url)
>
> which gives me the temp_code within request.env.query_string the redirect
> which is defined in the server and goes to:
>
> 2.
> def index():
> request_uri = URL(args=request.args,vars=request.vars,host=True)
> temp_code = request.env.query_string
>
>
>
>
> 3. Step 3 is a continuation of step 2. and this is where I dont know how
> to exchange the temp_code above with the ACESS_TOKEN
>
> params = {"client_id":CLIENT_ID,
> "client_secret":CLIENT_SECRET,
> "code":temp_code,
> "grant_type":"authorization_code"}
> url="https://cloud.XXXXXXX.com/oauth/access_token.php";
> *response = requests.request("POST", url, data=params)*
>
> return dict(request_uri=request_uri,temp_code=temp_code,response=
> response)
>
>
> after that I have to use a session to store the access_token and start
> querying the endpoint data.
>
> Thanks
>
>
>
I may be confused, but I suspect that you might be .. based on my alleged
understanding of the typical OAUTH2 flow, which is something like shown in
the attached oauth2_flow.png.
As in that diagram, the token the client gets from the OAUTH2 server goes
to the application server, which then sends it to the OAUTH2 server to
confirm the client has permission to access the services of the application
server, and that the client has granted permission to the application
server to act on the client's behalf.
(One of the examples given was an online pizza ordering experience, where
OAUTH2 was used to post the customer's rave reviews on Yelp, with Yelp
being the OAUTH2 server, and the pizza palace being the application server.)
Now, I may be misunderstanding a) what you're trying to do and b) OAUTH2,
but if so you might want to post an equivalent diagram with the correct
flow shown.
/dps
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
