backends: Move Facebook Limited Login to separate module

This removes jose dependency from Facebook backend. Fixes python-social-auth#773
nijel · Mar 27, 2023 · 10cc300 · 10cc300
1 parent d1d91ae
commit 10cc300
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 47 deletions.
diff --git a/social_core/backends/facebook.py b/social_core/backends/facebook.py
@@ -1,5 +1,5 @@
 """
-Facebook OAuth2, Canvas Application and Limited Login backends, docs at:
+Facebook OAuth2, and Canvas Application  backends, docs at:
     https://python-social-auth.readthedocs.io/en/latest/backends/facebook.html
 """
 import base64
@@ -12,12 +12,10 @@
     AuthCanceled,
     AuthException,
     AuthMissingParameter,
-    AuthTokenError,
     AuthUnknownError,
 )
 from ..utils import constant_time_compare, handle_http_errors, parse_qs
 from .oauth import BaseOAuth2
-from .open_id_connect import OpenIdConnectAuth
 
 API_VERSION = 12.0
 
@@ -249,46 +247,3 @@ def base64_url_decode(data):
                 time.time() - 86400
             ):
                 return data
-
-
-class FacebookLimitedLogin(OpenIdConnectAuth):
-    """Facebook Limited Login (OIDC) backend"""
-
-    name = "facebook-limited-login"
-    OIDC_ENDPOINT = "https://www.facebook.com"
-    ACCESS_TOKEN_URL = "https://facebook.com/dialog/oauth/"
-    ID_TOKEN_MAX_AGE = 3600
-
-    def authenticate(self, *args, **kwargs):
-        if (
-            "backend" not in kwargs
-            or kwargs["backend"].name != self.name
-            or "strategy" not in kwargs
-            or "response" not in kwargs
-        ):
-            return None
-
-        # Replace response with the decoded JWT
-        raw_jwt = kwargs.get("response", {}).get("access_token")
-        kwargs["response"] = self.validate_and_return_id_token(raw_jwt, "")
-        return super().authenticate(*args, **kwargs)
-
-    def get_user_details(self, response):
-        return {
-            "fullname": response.get("name"),
-            "email": response.get("email"),
-            "picture": response.get("picture"),
-        }
-
-    def user_data(self, access_token, *args, **kwargs):
-        # We don't have an access token to call any API for the user details.
-        return None
-
-    def validate_claims(self, id_token):
-        try:
-            super().validate_claims(id_token)
-        except AuthTokenError as e:
-            if "Incorrect id_token: nonce" in e.args:
-                # Ignore errors about nonce. We can't validate it since it's not generated server-side.
-                return
-            raise
diff --git a/social_core/backends/facebook_limited.py b/social_core/backends/facebook_limited.py
@@ -0,0 +1,49 @@
+"""
+Facebook Limited Login backend, docs at:
+    https://python-social-auth.readthedocs.io/en/latest/backends/facebook.html
+"""
+from ..exceptions import AuthTokenError
+from .open_id_connect import OpenIdConnectAuth
+
+
+class FacebookLimitedLogin(OpenIdConnectAuth):
+    """Facebook Limited Login (OIDC) backend"""
+
+    name = "facebook-limited-login"
+    OIDC_ENDPOINT = "https://www.facebook.com"
+    ACCESS_TOKEN_URL = "https://facebook.com/dialog/oauth/"
+    ID_TOKEN_MAX_AGE = 3600
+
+    def authenticate(self, *args, **kwargs):
+        if (
+            "backend" not in kwargs
+            or kwargs["backend"].name != self.name
+            or "strategy" not in kwargs
+            or "response" not in kwargs
+        ):
+            return None
+
+        # Replace response with the decoded JWT
+        raw_jwt = kwargs.get("response", {}).get("access_token")
+        kwargs["response"] = self.validate_and_return_id_token(raw_jwt, "")
+        return super().authenticate(*args, **kwargs)
+
+    def get_user_details(self, response):
+        return {
+            "fullname": response.get("name"),
+            "email": response.get("email"),
+            "picture": response.get("picture"),
+        }
+
+    def user_data(self, access_token, *args, **kwargs):
+        # We don't have an access token to call any API for the user details.
+        return None
+
+    def validate_claims(self, id_token):
+        try:
+            super().validate_claims(id_token)
+        except AuthTokenError as e:
+            if "Incorrect id_token: nonce" in e.args:
+                # Ignore errors about nonce. We can't validate it since it's not generated server-side.
+                return
+            raise
diff --git a/social_core/tests/backends/test_facebook.py b/social_core/tests/backends/test_facebook.py
@@ -71,7 +71,7 @@ def test_partial_pipeline(self):
 
 
 class FacebookLimitedLoginTest(OpenIdConnectTestMixin, OAuth2Test):
-    backend_path = "social_core.backends.facebook.FacebookLimitedLogin"
+    backend_path = "social_core.backends.facebook_limited.FacebookLimitedLogin"
     issuer = "https://facebook.com"
     openid_config_body = """
     {