Config
Configuration settings for aioauth server instance.
Settings
dataclass
Configuration options that is used by the Server class.
Source code in aioauth/config.py
AUTHORIZATION_CODE_EXPIRES_IN = 5 * 60
class-attribute
instance-attribute
Authorization code lifetime in seconds. Defaults to 5 minutes.
AVAILABLE = True
class-attribute
instance-attribute
Boolean indicating whether or not the server is available.
ERROR_URI = ''
class-attribute
instance-attribute
URI to redirect resource owner when server encounters error.
INSECURE_TRANSPORT = False
class-attribute
instance-attribute
Allow connections over SSL only.
Note
When this option is disabled server will raise "HTTP method is not allowed" error when attempting to access the server without a valid SSL tunnel.
ISSUE_REFRESH_TOKEN_IMPLICIT_GRANT = True
class-attribute
instance-attribute
Issue refresh tokens during implicit grant dialog.
Note
This flag can be used, when sets to True, to strictly meet the requirements
described in section 4.2 of the RFC 6749 regarding the issuance of refresh
tokens during grant type "Implicit Grant". In particular, as stated in section
4.2.2 of that RFC:
4.2.2. Access Token Response
If the resource owner grants the access request, the authorization server issues an access token and delivers it to the client by adding the following parameters to the fragment component of the redirection URI using the "application/x-www-form-urlencoded" format, per Appendix B:
[...]
The authorization server MUST NOT issue a refresh token.
Reference links:
REFRESH_TOKEN_EXPIRES_IN = TOKEN_EXPIRES_IN * 2
class-attribute
instance-attribute
Refresh token lifetime in seconds. Defaults to TOKEN_EXPIRES_IN * 2 (48 hours).
TOKEN_EXPIRES_IN = 24 * 60 * 60
class-attribute
instance-attribute
Access token lifetime in seconds. Defaults to 24 hours.