simple_openid_connect.flows.authorization_code_flow#
The Authorization Code Flow returns an Authorization Code to the Client, which can then exchange it for an ID Token and an Access Token. This provides the benefit of not exposing any tokens to the User Agent and possibly other malicious applications with access to the User Agent. The Authorization Server can also authenticate the Client before exchanging the Authorization Code for an Access Token.
The Authorization Code flow is suitable for Clients that can securely maintain a Client Secret between themselves and the Authorization Server.
Functions
|
Exchange a received code for access, refresh and id tokens. |
|
Handle an authentication result that is communicated to the RP in form of the user agents current url after having started an authentication process via |
|
Start the authentication process by constructing an appropriate |
- simple_openid_connect.flows.authorization_code_flow.exchange_code_for_tokens(token_endpoint: str, authentication_response: AuthenticationSuccessResponse, redirect_uri: str, client_authentication: ClientAuthenticationMethod) → TokenSuccessResponse | TokenErrorResponse#
Exchange a received code for access, refresh and id tokens.
You might want to use
handle_authentication_result()if you don’t want to parse an authentication result from the users current url yourself.- Parameters:
token_endpoint – The endpoint of the OP at which tokens can be exchanged. Corresponds to
ProviderMetadata.token_endpointauthentication_response – The (successful) response which this app received after the user has come back from the OP.
redirect_uri – The callback URI that was specified during the authentication initiation.
client_authentication – A way for the client to authenticate itself
- Returns:
The result of the token exchange
- simple_openid_connect.flows.authorization_code_flow.handle_authentication_result(current_url: str, token_endpoint: str, client_authentication: ClientAuthenticationMethod, redirect_uri: Literal['auto'] | str = 'auto') → TokenSuccessResponse | TokenErrorResponse#
Handle an authentication result that is communicated to the RP in form of the user agents current url after having started an authentication process via
start_authentication().- Parameters:
current_url – The current URL which the user is visiting. The authentication result should be encoded into this url by the authorization server.
token_endpoint – The endpoint of the OP at which tokens can be exchanged. Corresponds to
ProviderMetadata.token_endpointclient_authentication – A way for the client to authenticate itself
redirect_uri – The redirect_uri that was specified during the authentication initiation. If the special value auto is used, it is assumed that current_url is the that callback and it is stripped of query parameters and fragments to reproduce the originally supplied one.
- Raises:
AuthenticationFailedError – If the current url indicates an authentication failure that prevents an access token from being retrieved.
- Returns:
The result of the token exchange
- simple_openid_connect.flows.authorization_code_flow.start_authentication(authorization_endpoint: str, scope: str, client_id: str, redirect_uri: str) → str#
Start the authentication process by constructing an appropriate
AuthenticationRequest, serializing it and returning a which the end user now needs to visit.- Returns:
A URL to which the user agent should be redirected
Modules