simple_openid_connect.flows.authorization_code_flow.client#
Classes
|
A client that implements authorization code flow related functionality. |
- class simple_openid_connect.flows.authorization_code_flow.client.AuthorizationCodeFlowClient(base_client: OpenidClient)#
A client that implements authorization code flow related functionality.
It is exposed via
OpenidClient.authorization_code_flow
.- __init__(base_client: OpenidClient)#
- exchange_code_for_tokens(authentication_response: AuthenticationSuccessResponse) → TokenSuccessResponse | TokenErrorResponse#
Exchange a received code for access, refresh and id tokens.
You might want to use
handle_authentication_result()
if you don’t want to parse an authentication result from the users current url yourself.- Parameters:
authentication_response – The (successful) response which this app received after the user has come back from the OP.
- Raises:
UnsupportedByProviderError – If the provider only supports implicit flow and has no token endpoint.
ImpossibleOperationError – If the client has no redirect_uri configured and therefore cannot perform this operation.
- Returns:
The result of the token exchange
- handle_authentication_result(current_url: str, additional_redirect_args: Mapping[str, str] | None = None) → TokenSuccessResponse | TokenErrorResponse#
Handle an authentication result that is communicated to the RP in form of the user agents current url after having started an authentication process via
start_authentication()
.- Parameters:
current_url – The current URL which the user is visiting. The authentication result should be encoded into this url by the authorization server.
additional_redirect_args – Additional URL parameters that were added to the redirect uri. They are probably still present in current_url but since they could be of any shape, no attempt is made here to automatically reconstruct them.
- Raises:
AuthenticationFailedError – If the current url indicates an authentication failure that prevents an access token from being retrieved.
UnsupportedByProviderError – If the provider only supports implicit flow and has no token endpoint.
ImpossibleOperationError – If the client has no redirect_uri configured and therefore cannot perform this operation.
- Returns:
The result of the token exchange
- start_authentication() → str#
Start the authentication process by constructing an appropriate
AuthenticationRequest
, serializing it and returning a which the end user now needs to visit.- Raises:
ImpossibleOperationError – If the client has no redirect_uri configured and therefore cannot perform this operation.
- Returns:
A URL to which the user agent should be redirected