Skip to content

Instantly share code, notes, and snippets.

@lepture

lepture/CAR.md Secret

Last active March 12, 2018 10:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lepture/711cb62cea90f35209f7e20a1549f15d to your computer and use it in GitHub Desktop.
Save lepture/711cb62cea90f35209f7e20a1549f15d to your computer and use it in GitHub Desktop.
Authlib v0.6 Changes

create_authorization_response

  • deprecated
  • compatible

OAuth 2 AuthorizationServer.create_authorization_response paramters changed.

Before v0.6

AuthorizationServer.create_authorization_response(grant_user)

After v0.6

AuthorizationServer.create_authorization_response(grant_user=grant_user)

Keyword argument is required.

create_access_token

  • deprecated
  • compatible

Method .create_access_token in all grants are deprecated, instead you should define a shared save_token on authorization server.

def save_token(token, client, user):
    if user:
        user_id = user.get_user_id()
    else:
        user_id = 0
        # or: user_id = client.user_id
        # when user is None, it is a client_credentials grant type
    tok = Token(client_id=client_id, user_id=user_id, **token)
    db.session.add(tok)
    db.session.commit()

server = AuthorizationServer(app, query_client, save_token)
# or initialize lazily
server = AuthorizationServer()
server.init_app(app, query_client, save_token)

AuthorizationCodeGrant

Remove .create_access_token implementation, add a .authenticate_user method.

Before v0.6

from authlib.specs.rfc6749 import grants

class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
    ...
    def create_access_token(self, token, client, authorization_code):
        tok = Token(
            client_id=client.client_id,
            user_id=authorization_code.user_id,
            **token
        )
        db.session.add(tok)
        db.session.commit()

After v0.6

from authlib.specs.rfc6749 import grants

class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
    ...
    def authenticate_user(self, authorization_code):
        return User.query.get(authorization_code.user_id)

ImplicitGrant & ClientCredentialsGrant

You don't need to re-implement them at all. Just use it with:

from authlib.specs.rfc6749 import grants

server.register_grant(grants.ImplicitGrant)
server.register_grant(grants.ClientCredentialsGrant)

ResourceOwnerPasswordCredentialsGrant

You don't need to implement .create_access_token, just remove it.

RefreshTokenGrant

The changes in RefreshTokenGrant looks the same as AuthorizationCodeGrant. Instead of .create_access_token, you need to implement a .authenticate_user method.

Before v0.6

from authlib.specs.rfc6749 import grants

class RefreshTokenGrant(grants.RefreshTokenGrant):
    ...
    def create_access_token(self, token, client, credential):
        tok = Token(
            client_id=client.client_id,
            user_id=credential.user_id,
            **token
        )
        db.session.add(tok)
        db.session.commit()

After v0.6

from authlib.specs.rfc6749 import grants

class RefreshTokenGrant(grants.RefreshTokenGrant):
    ...
    def authenticate_user(self, credential):
        return User.query.get(credential.user_id)

register_endpoint

  • deprecated
  • compatible

OAuth 2 Authorization Server has a new method: .register_endpoint. It replaced AuthorizationServer.register_revoke_token_endpoint.

Before v0.6

server.register_revoke_token_endpoint(MyRevocationEndpoint)

After v0.6

server.register_endpoint(MyRevocationEndpoint)

create_endpoint_response

Together with .register_endpoint, there is a .create_endpoint_response method. It replaced AuthorizationServer.create_revocation_response.

Before v0.6

server.create_revocation_response()

After v0.6

server.create_endpoint_response(MyRevocationEndpoint.ENDPOINT_NAME)
# or
server.create_endpoint_response('revocation')

register_grant_endpoint

  • deprecated
  • compatible

OAuth 2 AuthorizationServer.register_grant_endpoint is deprecated, use AuthorizationServer.register_grant instead.

Before v0.6

server.register_grant_endpoint(MyAuthorizationCodeGrant)

After v0.6

server.register_grant(MyAuthorizationCodeGrant)

validate_authorization_request

  • deprecated
  • compatible

OAuth 2 AuthorizationServer.validate_authorization_request is deprecated, use AuthorizationServer.validate_consent_request instead.

Before v0.6

grant = server.validate_authorization_request()

After v0.6

grant = server.validate_consent_request(end_user=current_user)
@lepture
Copy link
Author

lepture commented Mar 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment