In this version, Authlib "Grant" is redesigned. You don't need to change anything for the normal grant types. But if you are working on "OpenID Connect" server. Here is what you need to do:
authlib.oidc.core.grants.OpenIDCodeGrant
is deprecated. Instead, you can use OpenIDCode
extension:
from from authlib.oauth2.rfc6749 import grants
from authlib.oidc.core.grants import OpenIDCode
from authlib.oidc.core import UserInfo
class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
def create_authorization_code(self, client, grant_user, request):
# ...
# ... implement missing methods
class OpenIDCodeExtension(OpenIDCode):
def get_jwt_config(self, grant):
# key can be JWK Set
return dict(key=private_key, alg='RS256', iss='https://...', exp=3600)
def generate_user_info(self, user, scopes):
return UserInfo({'sub': str(self.id), 'name': self.name, ...})
def exists_nonce(self, nonce, request):
return is_authorization_code_exists(client_id=request.client_id, nonce=nonce)
# register it as an extension for AuthorizationCodeGrant
authorization_server.register_grant(AuthorizationCodeGrant, [OpenIDCodeExtension()])
Register implict flow for OpenID Connect
from authlib.oidc.core import grants
class OpenIDImplicitGrant(grants.OpenIDImplicitGrant):
def get_jwt_config(self):
return dict(key=private_key, alg='RS256', iss='https://...', exp=3600)
def generate_user_info(self, user, scopes):
return UserInfo({'sub': str(self.id), 'name': self.name, ...})
def exists_nonce(self, nonce, request):
return is_authorization_code_exists(client_id=request.client_id, nonce=nonce)
authorization_server.register_grant(OpenIDImplicitGrant)
Hybrid flow is a mix of CodeFlow and ImplicitFlow. You MUST implement CodeFlow to support HybridFlow.
You also need to add one more OpenIDHybridGrant
:
from authlib.oidc.core import grants
class OpenIDHybridGrant(grants.OpenIDHybridGrant):
def create_authorization_code(self, client, grant_user, request):
nonce = request.data.get('nonce')
return generate_authorization_code(
client, grant_user, request, nonce=nonce)
def get_jwt_config(self):
return dict(key=private_key, alg='RS256', iss='https://...', exp=3600)
def generate_user_info(self, user, scopes):
return UserInfo({'sub': str(self.id), 'name': self.name, ...})
def exists_nonce(self, nonce, request):
return is_authorization_code_exists(client_id=request.client_id, nonce=nonce)
authorization_server.register_grant(OpenIDHybridGrant)
NOTE: YOU MUST also implement CodeFlow.
https://git.io/fjPsV