Authlib v0.6 Changes

## CAR.md

      
        

          Raw
        
        
          
            
          
          
            
              CAR.md
            
          
        
      
    
  
    create_authorization_response

deprecated
compatible

OAuth 2 AuthorizationServer.create_authorization_response paramters changed.
Before v0.6
AuthorizationServer.create_authorization_response(grant_user)
After v0.6
AuthorizationServer.create_authorization_response(grant_user=grant_user)
Keyword argument is required.

  

  

## GT.md

      
        

          Raw
        
        
          
            
          
          
            
              GT.md
            
          
        
      
    
  
    create_access_token

deprecated
compatible

Method .create_access_token in all grants are deprecated, instead you should define a shared save_token on authorization server.
def save_token(token, client, user):
    if user:
        user_id = user.get_user_id()
    else:
        user_id = 0
        # or: user_id = client.user_id
        # when user is None, it is a client_credentials grant type
    tok = Token(client_id=client_id, user_id=user_id, **token)
    db.session.add(tok)
    db.session.commit()

server = AuthorizationServer(app, query_client, save_token)
# or initialize lazily
server = AuthorizationServer()
server.init_app(app, query_client, save_token)
AuthorizationCodeGrant
Remove .create_access_token implementation, add a .authenticate_user method.
Before v0.6
from authlib.specs.rfc6749 import grants

class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
    ...
    def create_access_token(self, token, client, authorization_code):
        tok = Token(
            client_id=client.client_id,
            user_id=authorization_code.user_id,
            **token
        )
        db.session.add(tok)
        db.session.commit()
After v0.6
from authlib.specs.rfc6749 import grants

class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
    ...
    def authenticate_user(self, authorization_code):
        return User.query.get(authorization_code.user_id)
ImplicitGrant & ClientCredentialsGrant
You don't need to re-implement them at all. Just use it with:
from authlib.specs.rfc6749 import grants

server.register_grant(grants.ImplicitGrant)
server.register_grant(grants.ClientCredentialsGrant)
ResourceOwnerPasswordCredentialsGrant
You don't need to implement .create_access_token, just remove it.
RefreshTokenGrant
The changes in RefreshTokenGrant looks the same as AuthorizationCodeGrant.
Instead of .create_access_token, you need to implement a .authenticate_user
method.
Before v0.6
from authlib.specs.rfc6749 import grants

class RefreshTokenGrant(grants.RefreshTokenGrant):
    ...
    def create_access_token(self, token, client, credential):
        tok = Token(
            client_id=client.client_id,
            user_id=credential.user_id,
            **token
        )
        db.session.add(tok)
        db.session.commit()
After v0.6
from authlib.specs.rfc6749 import grants

class RefreshTokenGrant(grants.RefreshTokenGrant):
    ...
    def authenticate_user(self, credential):
        return User.query.get(credential.user_id)

  

  

## RE.md

      
        

          Raw
        
        
          
            
          
          
            
              RE.md
            
          
        
      
    
  
    register_endpoint

deprecated
compatible

OAuth 2 Authorization Server has a new method: .register_endpoint.
It replaced AuthorizationServer.register_revoke_token_endpoint.
Before v0.6
server.register_revoke_token_endpoint(MyRevocationEndpoint)
After v0.6
server.register_endpoint(MyRevocationEndpoint)
create_endpoint_response
Together with .register_endpoint, there is a .create_endpoint_response method.
It replaced AuthorizationServer.create_revocation_response.
Before v0.6
server.create_revocation_response()
After v0.6
server.create_endpoint_response(MyRevocationEndpoint.ENDPOINT_NAME)
# or
server.create_endpoint_response('revocation')

  

  

## RG.md

      
        

          Raw
        
        
          
            
          
          
            
              RG.md
            
          
        
      
    
  
    register_grant_endpoint

deprecated
compatible

OAuth 2 AuthorizationServer.register_grant_endpoint is deprecated, use AuthorizationServer.register_grant instead.
Before v0.6
server.register_grant_endpoint(MyAuthorizationCodeGrant)
After v0.6
server.register_grant(MyAuthorizationCodeGrant)

  

  

## VAR.md

      
        

          Raw
        
        
          
            
          
          
            
              VAR.md
            
          
        
      
    
  
    validate_authorization_request

deprecated
compatible

OAuth 2 AuthorizationServer.validate_authorization_request is deprecated, use AuthorizationServer.validate_consent_request instead.
Before v0.6
grant = server.validate_authorization_request()
After v0.6
grant = server.validate_consent_request(end_user=current_user)