Added support for PKCE auth and JWT auth (#48)

* Added support for PKCE auth and JWT auth
* removed debug statement

Author: byrnereese

config.py

@@ -18,7 +18,8 @@ def get_config_parser():
 USERNAME = config.get('Credentials', 'USERNAME')
 EXTENSION = config.get('Credentials', 'EXTENSION')
 PASSWORD = config.get('Credentials', 'PASSWORD')
+JWT = config.get('Credentials', 'JWT')
 APP_KEY = config.get('Credentials', 'APP_KEY')
 APP_SECRET = config.get('Credentials', 'APP_SECRET')
 SERVER = config.get('Credentials', 'SERVER')
-MOBILE = config.get('Credentials', 'MOBILE')
+MOBILE = config.get('Credentials', 'MOBILE')

ringcentral/platform/platform.py

@@ -2,6 +2,7 @@
 # encoding: utf-8
 
 import sys
+import urllib.parse
 from observable import Observable
 from functools import reduce
 from .auth import Auth
@@ -13,6 +14,7 @@
 URL_PREFIX = '/restapi'
 TOKEN_ENDPOINT = '/restapi/oauth/token'
 REVOKE_ENDPOINT = '/restapi/oauth/revoke'
+AUTHORIZE_ENDPOINT = '/restapi/oauth/authorize'
 API_VERSION = 'v1.0'
 ACCESS_TOKEN_TTL = 3600  # 60 minutes
 REFRESH_TOKEN_TTL = 604800  # 1 week
@@ -76,12 +78,20 @@ def logged_in(self):
         except:
             return False
 
-    def login(self, username='', extension='', password='', code='', redirect_uri=''):
+    def login_url(self, redirect_uri, state='', challenge='', challenge_method='S256'):
+        built_url = self.create_url( AUTHORIZE_ENDPOINT, add_server=True )
+        built_url += '?response_type=code&client_id=' + self._key + '&redirect_uri=' + urllib.parse.quote(redirect_uri)
+        if state:
+            built_url += '&state=' + urllib.parse.quote(state)
+        if challenge:
+            built_url += '&code_challenge=' + urllib.parse.quote(challenge) + '&code_challenge_method=' + challenge_method
+        return built_url
+        
+    def login(self, username='', extension='', password='', code='', redirect_uri='', jwt='', verifier=''):
         try:
-            if not code and not username and not password:
-                raise Exception('Either code or username with password has to be provided')
-
-            if not code:
+            if not code and not username and not password and not jwt:
+                raise Exception('Either code, or username with password, or jwt has to be provided')
+            if not code and not jwt:
                 body = {
                     'grant_type': 'password',
                     'username': username,
@@ -91,12 +101,19 @@ def login(self, username='', extension='', password='', code='', redirect_uri=''
                 }
                 if extension:
                     body['extension'] = extension
+            elif jwt:
+                body = {
+                    'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+                    'assertion': jwt
+                }
             else:
                 body = {
                     'grant_type': 'authorization_code',
                     'redirect_uri': redirect_uri if redirect_uri else self._redirect_uri,
                     'code': code
                 }
+                if verifier:
+                    body['code_verifier'] = verifier
             response = self._request_token(TOKEN_ENDPOINT, body=body)
             self._auth.set_data(response.json_dict())
             self.trigger(Events.loginSuccess, response)

setup.py

@@ -1,6 +1,6 @@
 from setuptools import setup, find_packages
 
-VERSION = '0.7.11'
+VERSION = '0.7.12'
 
 setup(
     name='ringcentral',