RefreshToken

class DIRAC.FrameworkSystem.private.authorization.grants.RefreshToken.RefreshTokenGrant(request: OAuth2Request, server)

Bases: RefreshTokenGrant

See authlib.oauth2.rfc6749.grants.RefreshTokenGrant

DEFAULT_EXPIRES_AT = 43200
GRANT_TYPE = 'refresh_token'

Designed for which “grant_type”

INCLUDE_NEW_REFRESH_TOKEN = False

The authorization server MAY issue a new refresh token

TOKEN_ENDPOINT_AUTH_METHODS = ['client_secret_basic', 'client_secret_post', 'none']

Allowed client auth methods for token endpoint

TOKEN_ENDPOINT_HTTP_METHODS = ['POST']

Allowed HTTP methods of this token endpoint

TOKEN_RESPONSE_HEADER = [('Content-Type', 'application/json'), ('Cache-Control', 'no-store'), ('Pragma', 'no-cache')]
__init__(request: OAuth2Request, server)
authenticate_refresh_token(refresh_token)

Get credential for token

Parameters:

refresh_token (str) – refresh token

Returns:

dict or None

authenticate_token_endpoint_client()

Authenticate client with the given methods for token endpoint.

For example, the client makes the following HTTP request using TLS:

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

Default available methods are: “none”, “client_secret_basic” and “client_secret_post”.

Returns:

client

authenticate_user(credential)

Authorize user

Parameters:

credential (dict) – credential (token payload)

Returns:

str or bool

classmethod check_token_endpoint(request: OAuth2Request)
property client
create_token_response()

If valid and authorized, the authorization server issues an access token as described in Section 5.1. If the request failed verification or is invalid, the authorization server returns an error response as described in Section 5.2.

execute_hook(hook_type, *args, **kwargs)
generate_token(user=None, scope=None, grant_type=None, expires_in=None, include_refresh_token=True)
issue_token(user, credential)

Refresh tokens

Parameters:
  • user – unuse

  • credential (dict) – token credential

Returns:

dict

register_hook(hook_type, hook)
revoke_old_credential(credential)

Remove old credential

save_token(token)

A method to save token into database.

validate_requested_scope()

Validate if requested scope is supported by Authorization Server.

validate_token_request()

If the authorization server issued a refresh token to the client, the client makes a refresh request to the token endpoint by adding the following parameters using the “application/x-www-form-urlencoded” format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body, per Section 6:

grant_type

REQUIRED. Value MUST be set to “refresh_token”.

refresh_token

REQUIRED. The refresh token issued to the client.

scope

OPTIONAL. The scope of the access request as described by Section 3.3. The requested scope MUST NOT include any scope not originally granted by the resource owner, and if omitted is treated as equal to the scope originally granted by the resource owner.

For example, the client makes the following HTTP request using transport-layer security (with extra line breaks for display purposes only):

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA