simple_openid_connect.flows.authorization_code_flow.client

Classes

AuthorizationCodeFlowClient(base_client)

A client that implements authorization code flow related functionality.

class simple_openid_connect.flows.authorization_code_flow.client.AuthorizationCodeFlowClient(base_client: OpenidClient)

A client that implements authorization code flow related functionality.

It is exposed via OpenidClient.authorization_code_flow.

__init__(base_client: OpenidClient)

exchange_code_for_tokens(authentication_response: AuthenticationSuccessResponse) → TokenSuccessResponse | TokenErrorResponse

Exchange a received code for access, refresh and id tokens.

You might want to use handle_authentication_result() if you don’t want to parse an authentication result from the users current url yourself.

Parameters:

authentication_response – The (successful) response which this app received after the user has come back from the OP.

Raises:

• UnsupportedByProviderError – If the provider only supports implicit flow and has no token endpoint.

• ImpossibleOperationError – If the client has no redirect_uri configured and therefore cannot perform this operation.

Returns:

The result of the token exchange

handle_authentication_result(current_url: str, additional_redirect_args: Mapping[str, str] | None = None) → TokenSuccessResponse | TokenErrorResponse

Handle an authentication result that is communicated to the RP in form of the user agents current url after having started an authentication process via start_authentication().

Parameters:

• current_url – The current URL which the user is visiting. The authentication result should be encoded into this url by the authorization server.

• additional_redirect_args – Additional URL parameters that were added to the redirect uri. They are probably still present in current_url but since they could be of any shape, no attempt is made here to automatically reconstruct them.

Raises:

• AuthenticationFailedError – If the current url indicates an authentication failure that prevents an access token from being retrieved.

• UnsupportedByProviderError – If the provider only supports implicit flow and has no token endpoint.

• ImpossibleOperationError – If the client has no redirect_uri configured and therefore cannot perform this operation.

Returns:

The result of the token exchange

start_authentication() → str

Start the authentication process by constructing an appropriate AuthenticationRequest, serializing it and returning a which the end user now needs to visit.

Raises:

ImpossibleOperationError – If the client has no redirect_uri configured and therefore cannot perform this operation.

Returns:

A URL to which the user agent should be redirected