Method .validate_consent_request has been replaced by .get_consent_grant. In your authorize view:
@app.route('/authorize')
def authorize(request):
if request.method == 'GET':
# deprecated code before v1
# grant = authorization_server.validate_consent_request(end_user=current_user)
# new code in v1
grant = authorization_server.get_consent_grant(end_user=current_user)Token model design has been changed. The required methods for TokenMixin are:
- check_client (new)
- get_scope
- get_expires_in
- is_expired (new)
- is_revoked (new)
And these methods are deleted, you don't have to add them:
- get_client_id
- get_expires_at
So our Token model for OAuth2 will looks like:
class OAuth2Token(Model):
# ....
def check_client(self, client):
return self.client_id == client.client_id
def get_scope(self):
return self.scope
def get_expires_in(self):
return self.expires_in
def is_expired(self):
if not self.expires_in:
return True
expired_at = self.issued_at + self.expires_in
return expired_at < time.time()
def is_revoked(self):
return self.access_token_revoked_at or self.refresh_token_revoked_atDevice Credential model (DeviceCredentialMixin) has changed too, it is using is_expired method instead of get_expires_at.
So you should add a is_expired method:
class DeviceCredential(Model):
# ...
def is_expired(self):
return expired_at < time.time()Parameters of DeviceCodeGrant.should_slow_down are changed, it is now:
def should_slow_down(self, credential):
Among the other changes I encountered:
Client.check_token_endpoint_auth_methodmethod has been renamedcheck_endpoint_auth_methodin lepture/authlib@b1d14c0AuthorizationServer.metadataattribute have been removed in lepture/authlib@f2a8d26IntrospectionEndpoint.query_tokenandRevocationEndpoint.query_tokenclientargument have been removed in lepture/authlib@2b37fbe. The client verification should be done in check_permission.RevocationEndpoint.revoke_tokentakes arequestargument since lepture/authlib@2b37fbe