RefreshToken
- class DIRAC.FrameworkSystem.private.authorization.grants.RefreshToken.RefreshTokenGrant(request: OAuth2Request, server)
Bases:
RefreshTokenGrant
See
authlib.oauth2.rfc6749.grants.RefreshTokenGrant
- DEFAULT_EXPIRES_AT = 43200
- GRANT_TYPE = 'refresh_token'
Designed for which “grant_type”
- INCLUDE_NEW_REFRESH_TOKEN = False
The authorization server MAY issue a new refresh token
- TOKEN_ENDPOINT_AUTH_METHODS = ['client_secret_basic', 'client_secret_post', 'none']
Allowed client auth methods for token endpoint
- TOKEN_ENDPOINT_HTTP_METHODS = ['POST']
Allowed HTTP methods of this token endpoint
- TOKEN_RESPONSE_HEADER = [('Content-Type', 'application/json'), ('Cache-Control', 'no-store'), ('Pragma', 'no-cache')]
- __init__(request: OAuth2Request, server)
- authenticate_refresh_token(refresh_token)
Get credential for token
- Parameters:
refresh_token (str) – refresh token
- Returns:
dict or None
- authenticate_token_endpoint_client()
Authenticate client with the given methods for token endpoint.
For example, the client makes the following HTTP request using TLS:
POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
Default available methods are: “none”, “client_secret_basic” and “client_secret_post”.
- Returns:
client
- authenticate_user(credential)
Authorize user
- Parameters:
credential (dict) – credential (token payload)
- Returns:
str or bool
- classmethod check_token_endpoint(request: OAuth2Request)
- property client
- create_token_response()
If valid and authorized, the authorization server issues an access token as described in Section 5.1. If the request failed verification or is invalid, the authorization server returns an error response as described in Section 5.2.
- execute_hook(hook_type, *args, **kwargs)
- generate_token(user=None, scope=None, grant_type=None, expires_in=None, include_refresh_token=True)
- issue_token(user, credential)
Refresh tokens
- Parameters:
user – unuse
credential (dict) – token credential
- Returns:
dict
- register_hook(hook_type, hook)
- revoke_old_credential(credential)
Remove old credential
- save_token(token)
A method to save token into database.
- validate_requested_scope()
Validate if requested scope is supported by Authorization Server.
- validate_token_request()
If the authorization server issued a refresh token to the client, the client makes a refresh request to the token endpoint by adding the following parameters using the “application/x-www-form-urlencoded” format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body, per Section 6:
- grant_type
REQUIRED. Value MUST be set to “refresh_token”.
- refresh_token
REQUIRED. The refresh token issued to the client.
- scope
OPTIONAL. The scope of the access request as described by Section 3.3. The requested scope MUST NOT include any scope not originally granted by the resource owner, and if omitted is treated as equal to the scope originally granted by the resource owner.
For example, the client makes the following HTTP request using transport-layer security (with extra line breaks for display purposes only):
POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA