simple_openid_connect.flows.authorization_code_flow.client#

Classes

AuthorizationCodeFlowClient(base_client)

A client that implements authorization code flow related functionality.

class simple_openid_connect.flows.authorization_code_flow.client.AuthorizationCodeFlowClient(base_client: OpenidClient)#

A client that implements authorization code flow related functionality.

It is exposed via OpenidClient.authorization_code_flow.

__init__(base_client: OpenidClient)#
exchange_code_for_tokens(authentication_response: AuthenticationSuccessResponse) Union[TokenSuccessResponse, TokenErrorResponse]#

Exchange a received code for access, refresh and id tokens.

You might want to use handle_authentication_result() if you don’t want to parse an authentication result from the users current url yourself.

Parameters

authentication_response – The (successful) response which this app received after the user has come back from the OP.

Raises
Returns

The result of the token exchange

handle_authentication_result(current_url: str, additional_redirect_args: Optional[Mapping[str, str]] = None) Union[TokenSuccessResponse, TokenErrorResponse]#

Handle an authentication result that is communicated to the RP in form of the user agents current url after having started an authentication process via start_authentication().

Parameters
  • current_url – The current URL which the user is visiting. The authentication result should be encoded into this url by the authorization server.

  • additional_redirect_args – Additional URL parameters that were added to the redirect uri. They are probably still present in current_url but since they could be of any shape, no attempt is made here to automatically reconstruct them.

Raises
Returns

The result of the token exchange

start_authentication(additional_redirect_args: Optional[Mapping[str, str]] = None) str#

Start the authentication process by constructing an appropriate AuthenticationRequest, serializing it and returning a which the end user now needs to visit.

Parameters

additional_redirect_args – Additional URL parameters that are added to the redirect uri.

Raises

ImpossibleOperationError – If the client has no redirect_uri configured and therefore cannot perform this operation.

Returns

A URL to which the user agent should be redirected