samschott/maestral
1
1
Fork 0
mirror of https://github.com/samschott/maestral.git synced 2024-10-06 10:28:07 +03:00
Code Issues Projects Releases Wiki Activity

[oauth] use PKCE if available

Browse Source
This commit is contained in:
Sam Schott 2020-04-06 23:19:44 +01:00
parent 0b29893e5a
commit 86177ad046
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
maestral/oauth.py
View File

@ -5,9 +5,7 @@
(c) Sam Schott; This work is licensed under a Creative Commons
Attribution-NonCommercial-NoDerivs 2.0 UK: England & Wales License.
This module is responsible for authorization and token store in the system keyring. It
provides a higher level user interface and uses the OAuth 2 implicit grant flow from
:mod:`utils.oauth_implicit` to perform the actual auth flow.
This module is responsible for authorization and token store in the system keyring.
"""
# system imports
@ -16,7 +14,8 @@ import logging
# external packages
import click
from keyring.errors import KeyringLocked
import keyrings.alt
import keyrings.alt.file
from dropbox.oauth import DropboxOAuth2FlowNoRedirect
# maestral modules
from maestral.config import MaestralConfig
@ -30,12 +29,15 @@ logger = logging.getLogger(__name__)
class OAuth2Session:
"""
OAuth2Session provides OAuth 2 login and token store. To authenticate with Dropbox,
run ``get_auth_url`` first and direct the user to visit that URL and retrieve an auth
token. Verify the provided auth token with ``verify_auth_token`` and save it in the
system keyring together with the corresponding Dropbox ID by calling ``save_creds``.
The convenience method ``link`` runs through the above auth flow in a command line
user dialog.
OAuth2Session provides OAuth 2 login and token store in the preferred system kering.
To authenticate with Dropbox, run :meth:`get_auth_url`` first and direct the user to
visit that URL and retrieve an auth token. Verify the provided auth token with
:meth:`verify_auth_token` and save it in the system keyring together with the
corresponding Dropbox ID by calling :meth:`save_creds`. The convenience method
:meth:`link` runs through the above auth flow in a command line user dialog.
This will currently use PKCE if available and fall back to the implicit grant flow
implemented in :mod:`utils.oauth_implicit` otherwise.
:param str config_name: Name of maestral config.
@ -86,8 +88,10 @@ class OAuth2Session:
:returns: Dropbox auth URL.
:rtype: str
"""
self.auth_flow = DropboxOAuth2FlowImplicit(DROPBOX_APP_KEY)
try:
self.auth_flow = DropboxOAuth2FlowNoRedirect(DROPBOX_APP_KEY, use_pkce=True)
except TypeError:
self.auth_flow = DropboxOAuth2FlowImplicit(DROPBOX_APP_KEY)
authorize_url = self.auth_flow.start()
return authorize_url