archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Pass our OAuth2 client ID to Blender ID when validating tokens

Browse Source 
This is a security measure, as it ensures that valid Blender ID OAuth2
tokens that were not generated for Blender Cloud are rejected.
This commit is contained in:
Sybren A. Stüvel 2018-02-21 10:49:33 +01:00
parent 854bc7cfaf
commit 450dde56b7
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pillar/api/blender_id.py
View File

@ -114,7 +114,12 @@ def validate_token(user_id, token, oauth_subclient_id):
payload = {'user_id': user_id,
'token': token}
if oauth_subclient_id:
# If the subclient ID is set, the token belongs to another OAuth Client,
# in which case we do not set the client_id field.
payload['subclient_id'] = oauth_subclient_id
else:
# We only want to accept Blender Cloud tokens.
payload['client_id'] = current_app.config['OAUTH_CREDENTIALS']['blender-id']['id']
url = '{0}/u/validate_token'.format(blender_id_endpoint())
log.debug('POSTing to %r', url)