Method .validate_consent_request
has been replaced by .get_consent_grant
. In your authorize
view:
@app.route('/authorize')
def authorize(request):
if request.method == 'GET':
# deprecated code before v1
# grant = authorization_server.validate_consent_request(end_user=current_user)
# new code in v1
grant = authorization_server.get_consent_grant(end_user=current_user)
Token model design has been changed. The required methods for TokenMixin
are:
- check_client (new)
- get_scope
- get_expires_in
- is_expired (new)
- is_revoked (new)
And these methods are deleted, you don't have to add them:
- get_client_id
- get_expires_at
So our Token model for OAuth2 will looks like:
class OAuth2Token(Model):
# ....
def check_client(self, client):
return self.client_id == client.client_id
def get_scope(self):
return self.scope
def get_expires_in(self):
return self.expires_in
def is_expired(self):
if not self.expires_in:
return True
expired_at = self.issued_at + self.expires_in
return expired_at < time.time()
def is_revoked(self):
return self.access_token_revoked_at or self.refresh_token_revoked_at
Device Credential model (DeviceCredentialMixin
) has changed too, it is using is_expired
method instead of get_expires_at
.
So you should add a is_expired
method:
class DeviceCredential(Model):
# ...
def is_expired(self):
return expired_at < time.time()
Parameters of DeviceCodeGrant.should_slow_down
are changed, it is now:
def should_slow_down(self, credential):
https://git.io/JkY4f