diff options
-rw-r--r-- | docs/oauth2/oauth2provider-server.dot | 24 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py | 6 |
2 files changed, 13 insertions, 17 deletions
diff --git a/docs/oauth2/oauth2provider-server.dot b/docs/oauth2/oauth2provider-server.dot index ec24078..2c4921c 100644 --- a/docs/oauth2/oauth2provider-server.dot +++ b/docs/oauth2/oauth2provider-server.dot @@ -83,12 +83,7 @@ digraph oauthlib { { rank = same; f_validate_client_id; - f_validate_code; - /* f_validate_user; */ - f_validate_bearer_token; - f_validate_refresh_token; - f_introspect_token; - f_revoke_token; + f_authenticate_client; } { rank = same; @@ -102,7 +97,12 @@ digraph oauthlib { } { rank = same; - f_invalidate_authorization_code; + f_validate_code; + f_validate_user; + f_validate_bearer_token; + f_validate_refresh_token; + f_introspect_token; + f_revoke_token; } { rank = same; @@ -110,10 +110,6 @@ digraph oauthlib { f_get_original_scopes; f_get_default_scopes; } - { - rank = same; - f_is_within_original_scope; - } /* Authorization Code - Access Token Request */ { @@ -189,10 +185,10 @@ digraph oauthlib { f_client_authentication_required:false:s -> f_authenticate_client_id; f_authenticate_client:true:s -> r_client_authenticated [ arrowhead=none ]; f_authenticate_client_id:true:s -> r_client_authenticated [ arrowhead=none ]; - r_client_authenticated -> f_validate_user; - f_validate_user:true:s -> f_validate_grant_type; + r_client_authenticated -> f_validate_grant_type; + f_validate_grant_type:true:s -> f_validate_user; - f_validate_grant_type:true:s -> if_scopes; + f_validate_user:true:s -> if_scopes; if_scopes -> f_validate_scopes [ label="present" ]; if_scopes -> f_get_default_scopes [ label="missing" ]; diff --git a/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py b/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py index f765d91..12c74f1 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py +++ b/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py @@ -178,6 +178,9 @@ class ResourceOwnerPasswordCredentialsGrant(GrantTypeBase): if not request.grant_type == 'password': raise errors.UnsupportedGrantTypeError(request=request) + # Ensure client is authorized use of this grant type + self.validate_grant_type(request) + log.debug('Validating username %s.', request.username) if not self.request_validator.validate_user(request.username, request.password, request.client, request): @@ -191,9 +194,6 @@ class ResourceOwnerPasswordCredentialsGrant(GrantTypeBase): 'in authenticate_client.') log.debug('Authorizing access to user %r.', request.user) - # Ensure client is authorized use of this grant type - self.validate_grant_type(request) - if request.client: request.client_id = request.client_id or request.client.client_id self.validate_scopes(request) |