Skip to content

Instantly share code, notes, and snippets.


lepture/ Secret

Last active Apr 14, 2022
What would you like to do?
Authlib v1.0 Breaking Change

OAuth 2 Provider

Authorization Code Flow

Method .validate_consent_request has been replaced by .get_consent_grant. In your authorize view:

def authorize(request):
    if request.method == 'GET':
        # deprecated code before v1
        # grant = authorization_server.validate_consent_request(end_user=current_user)
        # new code in v1
        grant = authorization_server.get_consent_grant(end_user=current_user)

Token Model

Token model design has been changed. The required methods for TokenMixin are:

  • check_client (new)
  • get_scope
  • get_expires_in
  • is_expired (new)
  • is_revoked (new)

And these methods are deleted, you don't have to add them:

  • get_client_id
  • get_expires_at

So our Token model for OAuth2 will looks like:

class OAuth2Token(Model):
    # ....
    def check_client(self, client):
        return self.client_id == client.client_id

    def get_scope(self):
        return self.scope

    def get_expires_in(self):
        return self.expires_in

    def is_expired(self):
        if not self.expires_in:
            return True
        expired_at = self.issued_at + self.expires_in
        return expired_at < time.time()

    def is_revoked(self):
        return self.access_token_revoked_at or self.refresh_token_revoked_at

Device Code flow

Device Credential model (DeviceCredentialMixin) has changed too, it is using is_expired method instead of get_expires_at. So you should add a is_expired method:

class DeviceCredential(Model):
    # ...
    def is_expired(self):
        return expired_at < time.time()

Parameters of DeviceCodeGrant.should_slow_down are changed, it is now:

def should_slow_down(self, credential):
Copy link

lepture commented Apr 14, 2022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment