def authorize_POST():
client_id = request.form.get("client_id")
if not client_id:
return render_template("oauth-authorize.html", errors="Missing client_id")
client = OAuthClient.query.filter(OAuthClient.client_id == client_id).first()
if not client:
abort(404)
salt = os.urandom(40)
code = hashlib.sha256(salt).hexdigest()[:10]
r = redis.Redis()
r.setex("oauth.exchange.client." + code, client_id, 600) # expires in 10 minutes
r.setex("oauth.exchange.user." + code, current_user.id, 600)
params = {
"code": code
}
parts = list(urllib.parse.urlparse(client.redirect_uri))
parsed = urllib.parse.parse_qs(parts[4])
parsed.update(params)
parts[4] = urllib.parse.urlencode(parsed)
return redirect(urllib.parse.urlunparse(parts))
评论列表
文章目录
