k7i]DSr"SS5r"SS5r"SS5rg)zauthlib.oauth2.rfc6749.models. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module defines how to construct Client, AuthorizationCode and Token. cH\rSrSrSrSrSrSrSrSr Sr S r S r S r g ) ClientMixinaImplementation of OAuth 2 Client described in `Section 2`_ with some methods to help validation. A client has at least these information: * client_id: A string represents client identifier. * client_secret: A string represents client password. * token_endpoint_auth_method: A way to authenticate client at token endpoint. .. _`Section 2`: https://tools.ietf.org/html/rfc6749#section-2 c[5e)zA method to return client_id of the client. For instance, the value in database is saved in a column called ``client_id``:: def get_client_id(self): return self.client_id :return: string NotImplementedErrorselfs W/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc6749/models.py get_client_idClientMixin.get_client_id "##c[5e)zA method to get client default redirect_uri. For instance, the database table for client has a column called ``default_redirect_uri``:: def get_default_redirect_uri(self): return self.default_redirect_uri :return: A URL string rrs r get_default_redirect_uri$ClientMixin.get_default_redirect_urir rc[5e)aA method to return a list of requested scopes which are supported by this client. For instance, there is a ``scope`` column:: def get_allowed_scope(self, scope): if not scope: return "" allowed = set(scope_to_list(self.scope)) return list_to_scope([s for s in scope.split() if s in allowed]) :param scope: the requested scope. :return: string of scope r)r scopes r get_allowed_scopeClientMixin.get_allowed_scope* "##rc[5e)a;Validate redirect_uri parameter in Authorization Endpoints. For instance, in the client table, there is an ``allowed_redirect_uris`` column:: def check_redirect_uri(self, redirect_uri): return redirect_uri in self.allowed_redirect_uris :param redirect_uri: A URL string for redirecting. :return: bool r)r redirect_uris r check_redirect_uriClientMixin.check_redirect_uri9 "##rc[5e)aJCheck client_secret matching with the client. For instance, in the client table, the column is called ``client_secret``:: import secrets def check_client_secret(self, client_secret): return secrets.compare_digest(self.client_secret, client_secret) :param client_secret: A string of client secret :return: bool r)r client_secrets r check_client_secretClientMixin.check_client_secretFrrc[5e)a"Check if client support the given method for the given endpoint. There is a ``token_endpoint_auth_method`` defined via `RFC7591`_. Developers MAY re-implement this method with:: def check_endpoint_auth_method(self, method, endpoint): if endpoint == "token": # if client table has ``token_endpoint_auth_method`` return self.token_endpoint_auth_method == method return True Method values defined by this specification are: * "none": The client is a public client as defined in OAuth 2.0, and does not have a client secret. * "client_secret_post": The client uses the HTTP POST parameters as defined in OAuth 2.0 * "client_secret_basic": The client uses HTTP Basic as defined in OAuth 2.0 .. _`RFC7591`: https://tools.ietf.org/html/rfc7591 r)r methodendpoints r check_endpoint_auth_method&ClientMixin.check_endpoint_auth_methodUs 0"##rc[5e)axValidate if the client can handle the given response_type. There are two response types defined by RFC6749: code and token. For instance, there is a ``allowed_response_types`` column in your client:: def check_response_type(self, response_type): return response_type in self.response_types :param response_type: the requested response_type string. :return: bool r)r response_types r check_response_typeClientMixin.check_response_typeorrc[5e)aValidate if the client can handle the given grant_type. There are four grant types defined by RFC6749: * authorization_code * implicit * client_credentials * password For instance, there is a ``allowed_grant_types`` column in your client:: def check_grant_type(self, grant_type): return grant_type in self.grant_types :param grant_type: the requested grant_type string. :return: bool r)r grant_types r check_grant_typeClientMixin.check_grant_type|s ""##rN)__name__ __module__ __qualname____firstlineno____doc__r rrrrr#r'r+__static_attributes__r-rr rrs/  $ $ $ $ $$4 $$rrc \rSrSrSrSrSrg)AuthorizationCodeMixinc[5e)zA method to get authorization code's ``redirect_uri``. For instance, the database table for authorization code has a column called ``redirect_uri``:: def get_redirect_uri(self): return self.redirect_uri :return: A URL string rrs r get_redirect_uri'AuthorizationCodeMixin.get_redirect_uris "##rc[5ezA method to get scope of the authorization code. For instance, the column is called ``scope``:: def get_scope(self): return self.scope :return: scope string rrs r get_scope AuthorizationCodeMixin.get_scoper rr-N)r.r/r0r1r8r<r3r-rr r5r5s  $ $rr5cF\rSrSrSrSrSrSrSrSr S\ 4S jr S r g ) TokenMixinc[5e)zA method to check if this token is issued to the given client. For instance, ``client_id`` is saved on token table:: def check_client(self, client): return self.client_id == client.client_id :return: bool r)r clients r check_clientTokenMixin.check_clientr rc[5er;rrs r r<TokenMixin.get_scoper rc[5e)zA method to get the ``expires_in`` value of the token. e.g. the column is called ``expires_in``:: def get_expires_in(self): return self.expires_in :return: timestamp int rrs r get_expires_inTokenMixin.get_expires_inr rc[5e)zA method to define if this token is expired. For instance, there is a column ``expired_at`` in the table:: def is_expired(self): return self.expired_at < now :return: boolean rrs r is_expiredTokenMixin.is_expiredr rc[5e)zA method to define if this token is revoked. For instance, there is a boolean column ``revoked`` in the table:: def is_revoked(self): return self.revoked :return: boolean rrs r is_revokedTokenMixin.is_revokedr rc[5e)zA method to get the user object associated with this token: .. code-block:: def get_user(self): return User.get(self.user_id) rrs r get_userTokenMixin.get_user "##rreturnc[5e)zA method to get the client object associated with this token: .. code-block:: def get_client(self): return Client.get(self.client_id) rrs r get_clientTokenMixin.get_clientrSrr-N) r.r/r0r1rCr<rHrKrNrQrrVr3r-rr r?r?s, $ $ $ $ $$$K$rr?N)r2rr5r?r-rr rXs-E$E$P$$2J$J$r