Merge pull request #201 from squirly/#200

OAuth2 API cleanup to match OAuth1. Proposal for Issue #200
author: Ib Lundgren <ib.lundgren@gmail.com> 2013-08-03 11:57:00 -0700
committer: Ib Lundgren <ib.lundgren@gmail.com> 2013-08-03 11:57:00 -0700
commit: 1122945efbf3d1be6fed0e2279dfb81f785ad706 (patch)
tree: d1f0813cae7731eafd11c63164c140b5f88b0db8 /docs
parent: b79af6537675a897026ed9fec06e6f2dc8203ddb (diff)
parent: f538ea8f87947d7c1543a8c0fcea5b0242a12ab6 (diff)
download: oauthlib-1122945efbf3d1be6fed0e2279dfb81f785ad706.tar.gz
2 files changed, 26 insertions, 31 deletions
diff --git a/docs/oauth2/endpoints.rst b/docs/oauth2/endpoints.rst
index aa73d46..1441938 100644
--- a/docs/oauth2/endpoints.rst
+++ b/docs/oauth2/endpoints.rst
@@ -79,9 +79,8 @@ Grant and the Client Credentials Grant.
 
         except FatalClientError as e:
             # this is your custom error page
-            from your_views import authorization_error_page_uri
-            # Use in_uri to embed error code and description in the redirect uri
-            redirect(e.in_uri(authorization_error_page_uri))
+            from your_view_helpers import error_to_response
+            return error_to_response(e)
 
 
 **Post Authorization Request**
@@ -107,23 +106,22 @@ Grant and the Client Credentials Grant.
         scopes = request.POST.get('scopes')
 
         from oauthlib.oauth2 import FatalClientError, OAuth2Error
-        from your_framework import redirect
+        from your_framework import http_response
+        http_response(body, status=status, headers=headers)
         try:
-            uri, headers, body, status = server.create_authorization_response(
+            headers, body, status = server.create_authorization_response(
                 uri, http_method, body, headers, scopes, credentials)
-            # uri = https://foo.com/welcome_back?code=somerandomstring&state=xyz
-            # headers = {}, this might change to include suggested headers related
+            # headers = {'Location': 'https://foo.com/welcome_back?code=somerandomstring&state=xyz'}, this might change to include suggested headers related
             # to cache best practices etc.
             # body = '', this might be set in future custom grant types
             # status = 302, suggested HTTP status code
 
-            redirect(uri, headers=headers, status=status, body=body)
+            return http_response(body, status=status, headers=headers)
 
         except FatalClientError as e:
             # this is your custom error page
-            from your_views import authorization_error_page_uri
-            # Use in_uri to embed error code and description in the redirect uri
-            redirect(e.in_uri(authorization_error_page_uri))
+            from your_view_helpers import error_to_response
+            return error_to_response(e)
 
         except OAuth2Error as e:
             # Less grave errors will be reported back to client
@@ -181,10 +179,9 @@ tokens which unless you are certain you need them, are a bad idea.
         # Extra credentials you wish to include
         credentials = {'client_ip': '1.2.3.4'}
 
-        uri, headers, body, status = server.create_token_response(
+        headers, body, status = server.create_token_response(
             uri, http_method, body, headers, credentials)
 
-        # uri is not used by most grant types
         # headers will contain some suggested headers to add to your response
         {
             'Content-Type': 'application/json;charset=UTF-8',
diff --git a/docs/oauth2/server.rst b/docs/oauth2/server.rst
index 22e5d43..cba56d1 100644
--- a/docs/oauth2/server.rst
+++ b/docs/oauth2/server.rst
@@ -260,7 +260,6 @@ as well as provide an interface for a backend to store tokens, clients, etc.
             def __init__(self):
                 # Using the server from previous section
                 self._authorization_endpoint = server
-                self._error_uri = '/error'
 
             def get(self, request):
                 # You need to define extract_params and make sure it does not
@@ -288,7 +287,7 @@ as well as provide an interface for a backend to store tokens, clients, etc.
 
                 # Errors that should be shown to the user on the provider website
                 except errors.FatalClientError as e:
-                    return HttpResponseRedirect(e.in_uri(self._error_uri))
+                    return response_from_error(e)
 
                 # Errors embedded in the redirect URI back to the client
                 except errors.OAuth2Error as e:
@@ -297,7 +296,7 @@ as well as provide an interface for a backend to store tokens, clients, etc.
             @csrf_exempt
             def post(self, request):
                 uri, http_method, body, headers = extract_params(request)
-                
+
                 # The scopes the user actually authorized, i.e. checkboxes
                 # that were selected.
                 scopes = request.POST.getlist(['scopes'])
@@ -309,15 +308,12 @@ as well as provide an interface for a backend to store tokens, clients, etc.
                 credentials.update(request.session.get('oauth2_credentials', {}))
 
                 try:
-                    url, headers, body, status = self._authorization_endpoint.create_authorization_response(
+                    headers, body, status = self._authorization_endpoint.create_authorization_response(
                             uri, http_method, body, headers, scopes, credentials)
-                    return HttpResponseRedirect(url)
+                    return response_from_return(headers, body, status)
 
                 except errors.FatalClientError as e:
-                    return HttpResponseRedirect(e.in_uri(self._error_uri))
-
-                except errors.OAuth2Error as e:
-                    return HttpResponseRedirect(e.in_uri(redirect_uri))
+                    return response_from_error(e)
 
         # Handles requests to /token
         class TokenView(View):
@@ -333,21 +329,23 @@ as well as provide an interface for a backend to store tokens, clients, etc.
                 # use in the validator, do so here.
                 credentials = {'foo': 'bar'}
 
-                url, headers, body, status = self._token_endpoint.create_token_response(
+                headers, body, status = self._token_endpoint.create_token_response(
                         uri, http_method, body, headers, credentials)
 
                 # All requests to /token will return a json response, no redirection.
-                response = HttpResponse(content=body, status=status)
-                for k, v in headers.items():
-                    response[k] = v
-                return response
-
+                return response_from_return(headers, body, status)
 
-        class ErrorView(View):
-            response = HttpResponse()
-            response.write('Evil client is unable to send a proper request.')
+        def response_from_return(headers, body, status):
+            response = HttpResponse(content=body, status=status)
+            for k, v in headers.items():
+                response[k] = v
             return response
 
+        def response_from_error(e)
+            return HttpResponseBadRequest('Evil client is unable to send a proper request. Error is: ' + e.description)
+
+
+
 **5. Protect your APIs using scopes**
 
     Let's define a decorator we can use to protect the views.
author	Ib Lundgren <ib.lundgren@gmail.com>	2013-08-03 11:57:00 -0700
committer	Ib Lundgren <ib.lundgren@gmail.com>	2013-08-03 11:57:00 -0700
commit	1122945efbf3d1be6fed0e2279dfb81f785ad706 (patch)
tree	d1f0813cae7731eafd11c63164c140b5f88b0db8 /docs
parent	b79af6537675a897026ed9fec06e6f2dc8203ddb (diff)
parent	f538ea8f87947d7c1543a8c0fcea5b0242a12ab6 (diff)
download	oauthlib-1122945efbf3d1be6fed0e2279dfb81f785ad706.tar.gz