Server
from aioauth import server
Memory object and interface used to initialize an OAuth2.0 server instance.
Warning
Note that aioauth.server.AuthorizationServer is not
depedent on any server framework, nor serves at any specific
endpoint. Instead, it is used to create an interface that can be
used in conjunction with a server framework like FastAPI or
aiohttp to create a fully functional OAuth 2.0 server.
Check out the Examples portion of the documentation to understand
how it can be leveraged in your own project.
- class AuthorizationServer(storage: TStorage, response_types: Dict | None = None, grant_types: Dict | None = None)[source]
Interface for initializing an OAuth 2.0 server.
- response_types: Dict[Literal['token', 'code', 'none', 'id_token'], Any] = {'code': aioauth.response_type.ResponseTypeAuthorizationCode[~TRequest, ~TStorage], 'id_token': aioauth.response_type.ResponseTypeIdToken[~TRequest, ~TStorage], 'none': aioauth.response_type.ResponseTypeNone[~TRequest, ~TStorage], 'token': aioauth.response_type.ResponseTypeToken[~TRequest, ~TStorage]}
- grant_types: Dict[Literal['authorization_code', 'password', 'client_credentials', 'refresh_token'], Any] = {'authorization_code': aioauth.grant_type.AuthorizationCodeGrantType[~TRequest, ~TStorage], 'client_credentials': aioauth.grant_type.ClientCredentialsGrantType[~TRequest, ~TStorage], 'password': aioauth.grant_type.PasswordGrantType[~TRequest, ~TStorage], 'refresh_token': aioauth.grant_type.RefreshTokenGrantType[~TRequest, ~TStorage]}
- is_secure_transport(request: TRequest) bool[source]
Verifies the request was sent via a protected SSL tunnel.
Note
This method simply checks if the request URL contains
https://at the start of it. It does not ensure if the SSL certificate is valid.- Parameters:
request –
aioauth.requests.Requestobject.- Returns:
Flag representing whether or not the transport is secure.
- async create_token_introspection_response(request: TRequest) Response[source]
Returns a response object with introspection of the passed token. For more information see RFC7662 section 2.1.
Note
The API endpoint that leverages this function is usually
/introspect.Example
Below is an example utilizing FastAPI as the server framework.
from aioauth_fastapi.utils import to_oauth2_request, to_fastapi_response @app.get("/token/introspect") async def introspect(request: fastapi.Request) -> fastapi.Response: # Converts a fastapi.Request to an aioauth.Request. oauth2_request: aioauth.Request = await to_oauth2_request(request) # Creates the response via this function call. oauth2_response: aioauth.Response = await server.create_token_introspection_response(oauth2_request) # Converts an aioauth.Response to a fastapi.Response. response: fastapi.Response = await to_fastapi_response(oauth2_response) return response
- Parameters:
request – An
aioauth.requests.Requestobject.- Returns:
An
aioauth.responses.Responseobject.- Return type:
response
- async create_token_response(request: TRequest) Response[source]
Endpoint to obtain an access and/or ID token by presenting an authorization grant or refresh token. Validates a token request and creates a token response. For more information see RFC6749 section 4.1.3.
Note
The API endpoint that leverages this function is usually
/token.Example
Below is an example utilizing FastAPI as the server framework.
from aioauth_fastapi.utils import to_oauth2_request, to_fastapi_response @app.post("/token") async def token(request: fastapi.Request) -> fastapi.Response: # Converts a fastapi.Request to an aioauth.Request. oauth2_request: aioauth.Request = await to_oauth2_request(request) # Creates the response via this function call. oauth2_response: aioauth.Response = await server.create_token_response(oauth2_request) # Converts an aioauth.Response to a fastapi.Response. response: fastapi.Response = await to_fastapi_response(oauth2_response) return response
- Parameters:
request – An
aioauth.requests.Requestobject.- Returns:
An
aioauth.responses.Responseobject.- Return type:
response
- async create_authorization_response(request: TRequest) Response[source]
Endpoint to interact with the resource owner and obtain an authorization grant. Validate authorization request and create authorization response. For more information see RFC6749 section 4.1.1.
Note
The API endpoint that leverages this function is usually
/authorize.Example
Below is an example utilizing FastAPI as the server framework.
from aioauth.fastapi.utils import to_oauth2_request, to_fastapi_response @app.post("/authorize") async def authorize(request: fastapi.Request) -> fastapi.Response: # Converts a fastapi.Request to an aioauth.Request. oauth2_request: aioauth.Request = await to_oauth2_request(request) # Creates the response via this function call. oauth2_response: aioauth.Response = await server.create_authorization_response(oauth2_request) # Converts an aioauth.Response to a fastapi.Response. response: fastapi.Response = await to_fastapi_response(oauth2_response) return response
- Parameters:
request – An
aioauth.requests.Requestobject.- Returns:
An
aioauth.responses.Responseobject.- Return type:
response
- async revoke_token(request: TRequest) Response[source]
Endpoint to revoke an access token or refresh token. For more information see RFC7009.
Note
The API endpoint that leverages this function is usually
/revoke.Example
Below is an example utilizing FastAPI as the server framework.
from aioauth_fastapi.utils import to_oauth2_request, to_fastapi_response @app.post("/revoke") async def revoke(request: fastapi.Request) -> fastapi.Response: # Converts a fastapi.Request to an aioauth.Request. oauth2_request: aioauth.Request = await to_oauth2_request(request) # Creates the response via this function call. oauth2_response: aioauth.Response = await server.revoke_token(oauth2_request) # Converts an aioauth.Response to a fastapi.Response. response: fastapi.Response = await to_fastapi_response(oauth2_response) return response
- Parameters:
request – An
aioauth.requests.Requestobject.- Returns:
An
aioauth.responses.Responseobject.- Return type:
response