Move extract_client_auth to oauth2 utils.

oidc_provider/lib/endpoints/token.py

@@ -1,7 +1,6 @@
-from base64 import b64decode, urlsafe_b64encode
+from base64 import urlsafe_b64encode
 import hashlib
 import logging
-import re
 from django.contrib.auth import authenticate
 
 from django.http import JsonResponse
@@ -10,6 +9,7 @@ from oidc_provider.lib.errors import (
     TokenError,
     UserAuthError,
 )
+from oidc_provider.lib.utils.oauth2 import extract_client_auth
 from oidc_provider.lib.utils.token import (
     create_id_token,
     create_token,
@@ -26,6 +26,7 @@ logger = logging.getLogger(__name__)
 
 
 class TokenEndpoint(object):
+
     def __init__(self, request):
         self.request = request
         self.params = {}
@@ -33,7 +34,7 @@ class TokenEndpoint(object):
         self._extract_params()
 
     def _extract_params(self):
-        client_id, client_secret = self._extract_client_auth()
+        client_id, client_secret = extract_client_auth(self.request)
 
         self.params['client_id'] = client_id
         self.params['client_secret'] = client_secret
@@ -49,29 +50,6 @@ class TokenEndpoint(object):
         self.params['username'] = self.request.POST.get('username', '')
         self.params['password'] = self.request.POST.get('password', '')
 
-    def _extract_client_auth(self):
-        """
-        Get client credentials using HTTP Basic Authentication method.
-        Or try getting parameters via POST.
-        See: http://tools.ietf.org/html/rfc6750#section-2.1
-
-        Return a string.
-        """
-        auth_header = self.request.META.get('HTTP_AUTHORIZATION', '')
-
-        if re.compile('^Basic\s{1}.+$').match(auth_header):
-            b64_user_pass = auth_header.split()[1]
-            try:
-                user_pass = b64decode(b64_user_pass).decode('utf-8').split(':')
-                client_id, client_secret = tuple(user_pass)
-            except Exception:
-                client_id = client_secret = ''
-        else:
-            client_id = self.request.POST.get('client_id', '')
-            client_secret = self.request.POST.get('client_secret', '')
-
-        return (client_id, client_secret)
-
     def validate_params(self):
         try:
             self.client = Client.objects.get(client_id=self.params['client_id'])

oidc_provider/lib/utils/oauth2.py

@@ -1,3 +1,4 @@
+from base64 import b64decode
 import logging
 import re
 
@@ -28,6 +29,30 @@ def extract_access_token(request):
     return access_token
 
 
+def extract_client_auth(request):
+    """
+    Get client credentials using HTTP Basic Authentication method.
+    Or try getting parameters via POST.
+    See: http://tools.ietf.org/html/rfc6750#section-2.1
+
+    Return a tuple `(client_id, client_secret)`.
+    """
+    auth_header = request.META.get('HTTP_AUTHORIZATION', '')
+
+    if re.compile('^Basic\s{1}.+$').match(auth_header):
+        b64_user_pass = auth_header.split()[1]
+        try:
+            user_pass = b64decode(b64_user_pass).decode('utf-8').split(':')
+            client_id, client_secret = tuple(user_pass)
+        except Exception:
+            client_id = client_secret = ''
+    else:
+        client_id = request.POST.get('client_id', '')
+        client_secret = request.POST.get('client_secret', '')
+
+    return (client_id, client_secret)
+
+
 def protected_resource_view(scopes=None):
     """
     View decorator. The client accesses protected resources by presenting the