Skip to content

Instantly share code, notes, and snippets.

@lepture lepture/CAR.md Secret
Last active Mar 12, 2018

Embed
What would you like to do?
Authlib v0.6 Changes

create_authorization_response

  • deprecated
  • compatible

OAuth 2 AuthorizationServer.create_authorization_response paramters changed.

Before v0.6

AuthorizationServer.create_authorization_response(grant_user)

After v0.6

AuthorizationServer.create_authorization_response(grant_user=grant_user)

Keyword argument is required.

create_access_token

  • deprecated
  • compatible

Method .create_access_token in all grants are deprecated, instead you should define a shared save_token on authorization server.

def save_token(token, client, user):
    if user:
        user_id = user.get_user_id()
    else:
        user_id = 0
        # or: user_id = client.user_id
        # when user is None, it is a client_credentials grant type
    tok = Token(client_id=client_id, user_id=user_id, **token)
    db.session.add(tok)
    db.session.commit()

server = AuthorizationServer(app, query_client, save_token)
# or initialize lazily
server = AuthorizationServer()
server.init_app(app, query_client, save_token)

AuthorizationCodeGrant

Remove .create_access_token implementation, add a .authenticate_user method.

Before v0.6

from authlib.specs.rfc6749 import grants

class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
    ...
    def create_access_token(self, token, client, authorization_code):
        tok = Token(
            client_id=client.client_id,
            user_id=authorization_code.user_id,
            **token
        )
        db.session.add(tok)
        db.session.commit()

After v0.6

from authlib.specs.rfc6749 import grants

class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
    ...
    def authenticate_user(self, authorization_code):
        return User.query.get(authorization_code.user_id)

ImplicitGrant & ClientCredentialsGrant

You don't need to re-implement them at all. Just use it with:

from authlib.specs.rfc6749 import grants

server.register_grant(grants.ImplicitGrant)
server.register_grant(grants.ClientCredentialsGrant)

ResourceOwnerPasswordCredentialsGrant

You don't need to implement .create_access_token, just remove it.

RefreshTokenGrant

The changes in RefreshTokenGrant looks the same as AuthorizationCodeGrant. Instead of .create_access_token, you need to implement a .authenticate_user method.

Before v0.6

from authlib.specs.rfc6749 import grants

class RefreshTokenGrant(grants.RefreshTokenGrant):
    ...
    def create_access_token(self, token, client, credential):
        tok = Token(
            client_id=client.client_id,
            user_id=credential.user_id,
            **token
        )
        db.session.add(tok)
        db.session.commit()

After v0.6

from authlib.specs.rfc6749 import grants

class RefreshTokenGrant(grants.RefreshTokenGrant):
    ...
    def authenticate_user(self, credential):
        return User.query.get(credential.user_id)

register_endpoint

  • deprecated
  • compatible

OAuth 2 Authorization Server has a new method: .register_endpoint. It replaced AuthorizationServer.register_revoke_token_endpoint.

Before v0.6

server.register_revoke_token_endpoint(MyRevocationEndpoint)

After v0.6

server.register_endpoint(MyRevocationEndpoint)

create_endpoint_response

Together with .register_endpoint, there is a .create_endpoint_response method. It replaced AuthorizationServer.create_revocation_response.

Before v0.6

server.create_revocation_response()

After v0.6

server.create_endpoint_response(MyRevocationEndpoint.ENDPOINT_NAME)
# or
server.create_endpoint_response('revocation')

register_grant_endpoint

  • deprecated
  • compatible

OAuth 2 AuthorizationServer.register_grant_endpoint is deprecated, use AuthorizationServer.register_grant instead.

Before v0.6

server.register_grant_endpoint(MyAuthorizationCodeGrant)

After v0.6

server.register_grant(MyAuthorizationCodeGrant)

validate_authorization_request

  • deprecated
  • compatible

OAuth 2 AuthorizationServer.validate_authorization_request is deprecated, use AuthorizationServer.validate_consent_request instead.

Before v0.6

grant = server.validate_authorization_request()

After v0.6

grant = server.validate_consent_request(end_user=current_user)
@lepture

This comment has been minimized.

Copy link
Owner Author

commented Mar 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.