diff options
author | halcy <halcy@ARARAGI-KUN> | 2022-11-13 22:32:04 +0200 |
---|---|---|
committer | halcy <halcy@ARARAGI-KUN> | 2022-11-13 22:32:04 +0200 |
commit | 24c686f6b274e04082b13f159ea10d995c2ca281 (patch) | |
tree | 57b0095298f0564f6a5730a9b6a3ac9cdacb85b9 /mastodon | |
parent | 5b328d479c17e44a6dde96408d6c8680b6c11ee0 (diff) | |
download | mastodon.py-24c686f6b274e04082b13f159ea10d995c2ca281.tar.gz |
Improve auth support
Diffstat (limited to 'mastodon')
-rw-r--r-- | mastodon/Mastodon.py | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/mastodon/Mastodon.py b/mastodon/Mastodon.py index e84df6d..48d850b 100644 --- a/mastodon/Mastodon.py +++ b/mastodon/Mastodon.py | |||
@@ -486,8 +486,7 @@ class Mastodon: | |||
486 | """ | 486 | """ |
487 | return Mastodon.__SUPPORTED_MASTODON_VERSION | 487 | return Mastodon.__SUPPORTED_MASTODON_VERSION |
488 | 488 | ||
489 | def auth_request_url(self, client_id=None, redirect_uris="urn:ietf:wg:oauth:2.0:oob", | 489 | def auth_request_url(self, client_id=None, redirect_uris="urn:ietf:wg:oauth:2.0:oob", scopes=__DEFAULT_SCOPES, force_login=False, state=None): |
490 | scopes=__DEFAULT_SCOPES, force_login=False): | ||
491 | """ | 490 | """ |
492 | Returns the url that a client needs to request an oauth grant from the server. | 491 | Returns the url that a client needs to request an oauth grant from the server. |
493 | 492 | ||
@@ -501,6 +500,10 @@ class Mastodon: | |||
501 | 500 | ||
502 | Pass force_login if you want the user to always log in even when already logged | 501 | Pass force_login if you want the user to always log in even when already logged |
503 | into web mastodon (i.e. when registering multiple different accounts in an app). | 502 | into web mastodon (i.e. when registering multiple different accounts in an app). |
503 | |||
504 | State is the oauth `state`parameter to pass to the server. It is strongly suggested | ||
505 | to use a random, nonguessable value (i.e. nothing meaningful and no incrementing ID) | ||
506 | to preserve security guarantees. It can be left out for non-web login flows. | ||
504 | """ | 507 | """ |
505 | if client_id is None: | 508 | if client_id is None: |
506 | client_id = self.client_id | 509 | client_id = self.client_id |
@@ -515,12 +518,11 @@ class Mastodon: | |||
515 | params['redirect_uri'] = redirect_uris | 518 | params['redirect_uri'] = redirect_uris |
516 | params['scope'] = " ".join(scopes) | 519 | params['scope'] = " ".join(scopes) |
517 | params['force_login'] = force_login | 520 | params['force_login'] = force_login |
521 | params['state'] = state | ||
518 | formatted_params = urlencode(params) | 522 | formatted_params = urlencode(params) |
519 | return "".join([self.api_base_url, "/oauth/authorize?", formatted_params]) | 523 | return "".join([self.api_base_url, "/oauth/authorize?", formatted_params]) |
520 | 524 | ||
521 | def log_in(self, username=None, password=None, | 525 | def log_in(self, username=None, password=None, code=None, redirect_uri="urn:ietf:wg:oauth:2.0:oob", refresh_token=None, scopes=__DEFAULT_SCOPES, to_file=None): |
522 | code=None, redirect_uri="urn:ietf:wg:oauth:2.0:oob", refresh_token=None, | ||
523 | scopes=__DEFAULT_SCOPES, to_file=None): | ||
524 | """ | 526 | """ |
525 | Get the access token for a user. | 527 | Get the access token for a user. |
526 | 528 | ||
@@ -588,6 +590,25 @@ class Mastodon: | |||
588 | 590 | ||
589 | return response['access_token'] | 591 | return response['access_token'] |
590 | 592 | ||
593 | def revoke_access_token(self): | ||
594 | """ | ||
595 | Revoke the oauth token the user is currently authenticated with, effectively removing | ||
596 | the apps access and requiring the user to log in again. | ||
597 | """ | ||
598 | if self.access_token is None: | ||
599 | raise MastodonIllegalArgumentError("Not logged in, do not have a token to revoke.") | ||
600 | if self.client_id is None or self.client_secret is None: | ||
601 | raise MastodonIllegalArgumentError("Client authentication (id + secret) is required to revoke tokens.") | ||
602 | params = collections.OrderedDict([]) | ||
603 | params['client_id'] = self.client_id | ||
604 | params['client_secret'] = self.client_secret | ||
605 | params['token'] = self.access_token | ||
606 | self.__api_request('POST', '/oauth/revoke', params) | ||
607 | |||
608 | # We are now logged out, clear token and logged in id | ||
609 | self.access_token = None | ||
610 | self.__logged_in_id = None | ||
611 | |||
591 | @api_version("2.7.0", "2.7.0", "2.7.0") | 612 | @api_version("2.7.0", "2.7.0", "2.7.0") |
592 | def create_account(self, username, password, email, agreement=False, reason=None, locale="en", scopes=__DEFAULT_SCOPES, to_file=None): | 613 | def create_account(self, username, password, email, agreement=False, reason=None, locale="en", scopes=__DEFAULT_SCOPES, to_file=None): |
593 | """ | 614 | """ |