Grant Type

from aioauth import grant_type

Different OAuth 2.0 grant types.


class GrantTypeBase(storage: TStorage, client_id: str, client_secret: str | None)[source]

Base grant type that all other grant types inherit from.

async create_token_response(request: TRequest, client: Client) TokenResponse[source]

Creates token response to reply to client.

async validate_request(request: TRequest) Client[source]

Validates the client request to ensure it is valid.

class AuthorizationCodeGrantType(storage: TStorage, client_id: str, client_secret: str | None)[source]

The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token. It is recommended that all clients use RFC 7636 Proof Key for Code Exchange extension with this flow as well to provide better security.

Note

Note that aioauth implements RFC 7636 out-of-the-box. See RFC 6749 section 1.3.1.

async validate_request(request: TRequest) Client[source]

Validates the client request to ensure it is valid.

async create_token_response(request: TRequest, client: Client) TokenResponse[source]

Creates token response to reply to client.

class PasswordGrantType(storage: TStorage, client_id: str, client_secret: str | None)[source]

The Password grant type is a way to exchange a user’s credentials for an access token. Because the client application has to collect the user’s password and send it to the authorization server, it is not recommended that this grant be used at all anymore. See RFC 6749 section 1.3.3. The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely.

async validate_request(request: TRequest) Client[source]

Validates the client request to ensure it is valid.

class RefreshTokenGrantType(storage: TStorage, client_id: str, client_secret: str | None)[source]

The Refresh Token grant type is used by clients to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user. See RFC 6749 section 1.5.

async create_token_response(request: TRequest, client: Client) TokenResponse[source]

Validate token request and create token response.

async validate_request(request: TRequest) Client[source]

Validates the client request to ensure it is valid.

class ClientCredentialsGrantType(storage: TStorage, client_id: str, client_secret: str | None)[source]

The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user. This is typically used by clients to access resources about themselves rather than to access a user’s resources. See RFC 6749 section 4.4.

async validate_request(request: TRequest) Client[source]

Validates the client request to ensure it is valid.