Storage

from aioauth import storage

Storage helper class for storing and retrieving client and resource owner information. See the examples on the sidebar to view this in action.

class BaseStorage[source]

async create_token(request: TRequest, client_id: str, scope: str, access_token: str, refresh_token: str) → TToken[source]

Generates a user token and stores it in the database.

Warning

Generated token must be stored in the database.

Note

Method is used by all core grant types, but only used for aioauth.response_type.ResponseTypeToken.

Parameters:

request – An aioauth.requests.Request.
client_id – A user client ID.
scope – The scopes for the token.

Returns:

The new generated aioauth.models.Token.

async get_token(request: TRequest, client_id: str, token_type: Literal['access_token', 'refresh_token'] | None = 'refresh_token', access_token: str | None = None, refresh_token: str | None = None) → TToken | None[source]

Gets existing token from the database.

Note

Method is used by aioauth.server.AuthorizationServer, and by the grant type aioauth.grant_types.RefreshTokenGrantType.

Parameters:

request – An aioauth.requests.Request.
client_id – A user client ID.
access_token – The user access token.
refresh_token – The user refresh token.

Returns:

An optional aioauth.models.Token object.

async create_authorization_code(request: TRequest, client_id: str, scope: str, response_type: Literal['token', 'code', 'none', 'id_token'], redirect_uri: str, code_challenge_method: Literal['plain', 'S256'] | None, code_challenge: str | None, code: str, **kwargs) → TAuthorizationCode[source]

Generates an authorization token and stores it in the database.

Warning

Generated authorization token must be stored in the database.

Note

This must is used by the response type aioauth.respose_type.ResponseTypeAuthorizationCode.

Parameters:

request – An aioauth.requests.Request.
client_id – A user client ID.
scope – The scopes for the token.
response_type – An aioauth.types.ResponseType.
redirect_uri – The redirect URI.
code_challenge_method – An aioauth.types.CodeChallengeMethod.
code_challenge – Code challenge string.

Returns:

An aioauth.models.AuthorizationCode object.

async get_id_token(request: TRequest, client_id: str, scope: str, response_type: Literal['token', 'code', 'none', 'id_token'], redirect_uri: str, **kwargs) → str[source]: Returns an id_token. For more information see OpenID Connect Core 1.0 incorporating errata set 1 section 2.

Note

Method is used by response type aioauth.response_type.ResponseTypeIdToken and aioauth.oidc.core.grant_type.AuthorizationCodeGrantType.

async get_client(request: TRequest, client_id: str, client_secret: str | None = None) → TClient | None[source]

Gets existing client from the database if it exists.

Warning

If client does not exists in database this method must return None to indicate to the validator that the requested client_id does not exist or is invalid.

Note

This method is used by all core grant types, as well as all core response types.

Parameters:

request – An aioauth.requests.Request.
client_id – A user client ID.
client_secret – An optional user client secret.

Returns:

An optional aioauth.models.Client object.

async authenticate(request: TRequest) → bool[source]

Authenticates a user.

Note

This method is used by the grant type aioauth.grant_type.PasswordGrantType.

Parameters:: request – An aioauth.requests.Request.
Returns:: Boolean indicating whether or not the user was authenticated successfully.

async get_authorization_code(request: TRequest, client_id: str, code: str) → TAuthorizationCode | None[source]

Gets existing authorization code from the database if it exists.

Warning

If authorization code does not exists this function must return None to indicate to the validator that the requested authorization code does not exist or is invalid.

Note

This method is used by the grant type aioauth.grant_type.AuthorizationCodeGrantType.

Parameters:

request – An aioauth.requests.Request.
client_id – A user client ID.
code – An authorization code.

Returns:

An optional aioauth.models.AuthorizationCode.

async delete_authorization_code(request: TRequest, client_id: str, code: str) → None[source]

Deletes authorization code from database.

Note

This method is used by the grant type aioauth.grant_type.AuthorizationCodeGrantType.

Parameters:

request – An aioauth.requests.Request.
client_id – A user client ID.
code – An authorization code.

async revoke_token(request: TRequest, token_type: Literal['access_token', 'refresh_token'] | None = 'refresh_token', access_token: str | None = None, refresh_token: str | None = None) → None[source]

Revokes a token’s from the database.

Note

This method must set revoked to True for an existing token record. This method is used by the grant type aioauth.grant_types.RefreshTokenGrantType.

Parameters:

request – An aioauth.requests.Request.
refresh_token – The user refresh token.