Extensions supporting OAuth1.
Bases: keystone.common.controller.V3Controller
Bases: keystone.common.controller.V3Controller
Bases: keystone.common.controller.V3Controller
Construct a path and pass it to V3Controller.base_url method.
Bases: keystone.common.controller.V3Controller
An authenticated user is going to authorize a request token.
As a security precaution, the requested roles must match those in the request token. Because this is in a CLI-only world at the moment, there is not another easy way to make sure the user knows which roles are being requested before authorizing.
Extensions supporting OAuth1.
Bases: object
Interface description for an OAuth1 driver.
Authorize request token.
Parameters: |
|
---|---|
Returns: | verifier |
Create access token.
Parameters: |
|
---|---|
Returns: | access_token_ref |
Create consumer.
Parameters: | consumer_ref (dict) – consumer ref with consumer name |
---|---|
Returns: | consumer_ref |
Create request token.
Parameters: |
|
---|---|
Returns: | request_token_ref |
Delete access token.
Parameters: |
|
---|---|
Returns: | None |
Delete consumer.
Parameters: | consumer_id (string) – id of consumer to get |
---|---|
Returns: | None. |
Get access token.
Parameters: | access_token_id (string) – the id of the access token |
---|---|
Returns: | access_token_ref |
Get consumer, returns the consumer id (key) and description.
Parameters: | consumer_id (string) – id of consumer to get |
---|---|
Returns: | consumer_ref |
Like get_consumer() but returned consumer_ref includes the consumer secret.
Secrets should only be shared upon consumer creation; the consumer secret is required to verify incoming OAuth requests.
Parameters: | consumer_id (string) – id of consumer to get |
---|---|
Returns: | consumer_ref |
Get request token.
Parameters: | request_token_id (string) – the id of the request token |
---|---|
Returns: | request_token_ref |
Bases: keystone.common.manager.Manager
Default pivot point for the OAuth1 backend.
See keystone.common.manager.Manager for more details on how this dynamically calls the backend.
Send a notification if the wrapped callable is successful.
Send a notification if the wrapped callable is successful.
Send a notification if the wrapped callable is successful.
Send a notification if the wrapped callable is successful.
Filter out private items in a consumer dict.
‘secret’ is never returned.
Returns: | consumer_ref |
---|
Bases: keystone.common.wsgi.V3ExtensionRouter
API Endpoints for the OAuth1 extension.
The goal of this extension is to allow third-party service providers to acquire tokens with a limited subset of a user’s roles for acting on behalf of that user. This is done using an oauth-similar flow and api.
The API looks like:
# Basic admin-only consumer crud
POST /OS-OAUTH1/consumers
GET /OS-OAUTH1/consumers
PATCH /OS-OAUTH1/consumers/$consumer_id
GET /OS-OAUTH1/consumers/$consumer_id
DELETE /OS-OAUTH1/consumers/$consumer_id
# User access token crud
GET /users/$user_id/OS-OAUTH1/access_tokens
GET /users/$user_id/OS-OAUTH1/access_tokens/$access_token_id
GET /users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles
GET /users/{user_id}/OS-OAUTH1/access_tokens
/{access_token_id}/roles/{role_id}
DELETE /users/$user_id/OS-OAUTH1/access_tokens/$access_token_id
# OAuth interfaces
POST /OS-OAUTH1/request_token # create a request token
PUT /OS-OAUTH1/authorize # authorize a request token
POST /OS-OAUTH1/access_token # create an access token
oAuthlib request validator.