Extensions supporting OAuth1.
keystone.oauth1.controllers.
AccessTokenCrudV3
[source]¶Bases: keystone.common.controller.V3Controller
collection_name
= 'access_tokens'¶member_name
= 'access_token'¶keystone.oauth1.controllers.
AccessTokenRolesV3
[source]¶Bases: keystone.common.controller.V3Controller
collection_name
= 'roles'¶member_name
= 'role'¶keystone.oauth1.controllers.
ConsumerCrudV3
[source]¶Bases: keystone.common.controller.V3Controller
base_url
(context, path=None)[source]¶Construct a path and pass it to V3Controller.base_url method.
collection_name
= 'consumers'¶member_name
= 'consumer'¶keystone.oauth1.controllers.
OAuthControllerV3
[source]¶Bases: keystone.common.controller.V3Controller
An authenticated user is going to authorize a request token.
As a security precaution, the requested roles must match those in the request token. Because this is in a CLI-only world at the moment, there is not another easy way to make sure the user knows which roles are being requested before authorizing.
collection_name
= 'not_used'¶member_name
= 'not_used'¶Main entry point into the OAuth1 service.
keystone.oauth1.core.
Manager
[source]¶Bases: keystone.common.manager.Manager
Default pivot point for the OAuth1 backend.
See keystone.common.manager.Manager
for more details on how this
dynamically calls the backend.
driver_namespace
= 'keystone.oauth1'¶keystone.oauth1.routers.
Routers
[source]¶Bases: keystone.common.wsgi.RoutersBase
API Endpoints for the OAuth1 extension.
The goal of this extension is to allow third-party service providers to acquire tokens with a limited subset of a user’s roles for acting on behalf of that user. This is done using an oauth-similar flow and api.
The API looks like:
# Basic admin-only consumer crud
POST /OS-OAUTH1/consumers
GET /OS-OAUTH1/consumers
PATCH /OS-OAUTH1/consumers/{consumer_id}
GET /OS-OAUTH1/consumers/{consumer_id}
DELETE /OS-OAUTH1/consumers/{consumer_id}
# User access token crud
GET /users/{user_id}/OS-OAUTH1/access_tokens
GET /users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}
GET /users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles
GET /users/{user_id}/OS-OAUTH1/access_tokens
/{access_token_id}/roles/{role_id}
DELETE /users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}
# OAuth interfaces
POST /OS-OAUTH1/request_token # create a request token
PUT /OS-OAUTH1/authorize # authorize a request token
POST /OS-OAUTH1/access_token # create an access token
oAuthlib request validator.
keystone.oauth1.validator.
OAuthValidator
[source]¶Bases: keystone.common.provider_api.ProviderAPIMixin
, oauthlib.oauth1.rfc5849.request_validator.RequestValidator
enforce_ssl
¶safe_characters
¶Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.