Method .validate_consent_request
has been replaced by .get_consent_grant
. In your authorize
view:
@app.route('/authorize')
def authorize(request):
if request.method == 'GET':
# deprecated code before v1
# grant = authorization_server.validate_consent_request(end_user=current_user)
# new code in v1
grant = authorization_server.get_consent_grant(end_user=current_user)
Token model design has been changed. The required methods for TokenMixin
are:
- check_client (new)
- get_scope
- get_expires_in
- is_expired (new)
- is_revoked (new)
And these methods are deleted, you don't have to add them:
- get_client_id
- get_expires_at
So our Token model for OAuth2 will looks like:
class OAuth2Token(Model):
# ....
def check_client(self, client):
return self.client_id == client.client_id
def get_scope(self):
return self.scope
def get_expires_in(self):
return self.expires_in
def is_expired(self):
if not self.expires_in:
return True
expired_at = self.issued_at + self.expires_in
return expired_at < time.time()
def is_revoked(self):
return self.access_token_revoked_at or self.refresh_token_revoked_at
Device Credential model (DeviceCredentialMixin
) has changed too, it is using is_expired
method instead of get_expires_at
.
So you should add a is_expired
method:
class DeviceCredential(Model):
# ...
def is_expired(self):
return expired_at < time.time()
Parameters of DeviceCodeGrant.should_slow_down
are changed, it is now:
def should_slow_down(self, credential):
Additional changes that may be worth noting:
authlib.oauth2.rfc6749.authorization_server.AuthorizationServer.__init__
no longer supportsgenerate_token
ormetadata
kwargsauthlib.integrations.django_oauth2.ResourceProtector.__call__
no longer accepts anoperator
kwarg.scope_insufficient
function onauthlib.oauth2.rfc6749.resource_protector. TokenValidator
(correct me if I'm wrong)