aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authentication/oauth2/models
AgeCommit message (Collapse)Author
6 daysRevert "Debug: Add debug logging to trace JWK fetching."HEADmainFrederick Muriuki Muriithi
This reverts commit 5a6dc1fb81bf223750f42f4697f3cd7d86b39e71. Remove debugging statements and restore original code.
9 daysDebug: Add debug logging to trace JWK fetching.Frederick Muriuki Muriithi
2024-10-09Linting: Fix minor linting errorsFrederick Muriuki Muriithi
2024-10-09Add a client to the JWTBearerToken objects.Frederick Muriuki Muriithi
2024-10-03Provide a way to change OAuth2 client secrets.Frederick Muriuki Muriithi
2024-08-05Fix linting errors.Frederick Muriuki Muriithi
2024-07-31Update all endpoints to use the `client_secret_post` auth method.Frederick Muriuki Muriithi
2024-07-31Extend default JWTBearerToken to include a user member.Frederick Muriuki Muriithi
2024-07-31Fetch a client's JWKs from a URIFrederick Muriuki Muriithi
2024-07-30JWT refresh: Deactivate the checks and revocationFrederick Muriuki Muriithi
The checks for whether a token is already linked, and then revoking it and raising an error were causing issues in multi-threaded environments, where there'd be multiple requests to the auth server all using an expired token. This just links the refresh token and avoids the check and revocation for the time being.
2024-06-03Raise explicit error messages for more graceful handling.enable-sending-emailsFrederick Muriuki Muriithi
2024-05-24Revoke refresh token, and all its children.Frederick Muriuki Muriithi
2024-05-24Check whether a refresh token has been used beforeFrederick Muriuki Muriithi
Check whether a refresh token has been used before using it to generate a new JWT token. If the refresh token has been used previously, it should be revoked, and an error raised. As of this commit the actual revocation process hasn't been implemented.
2024-05-24Use monads consistently to reduce chances of errors.Frederick Muriuki Muriithi
2024-05-13Fix myriad of linting errorFrederick Muriuki Muriithi
These linting errors can't be rebased into the newer commits.
2024-05-13Initialise JWTRefreshToken modelFrederick Muriuki Muriithi
Add a model for the JWT refresh tokens.
2024-05-02Compute and cache the client's KeySet.Frederick Muriuki Muriithi
2024-04-24Move the errors module up one level to break circular dependencies.Frederick Muriuki Muriithi
2024-03-21Rename the_user -> _user.Munyoki Kilyungi
* gn_auth/auth/authentication/oauth2/models/oauth2client.py (client): Rename the_user -> _user. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Rename users -> fetch_users.Munyoki Kilyungi
Use verbs for methods. * gn_auth/auth/authentication/oauth2/models/oauth2client.py (OAuth2Client): (oauth2_clients): Rename users -> fetch_users. * gn_auth/auth/authentication/users.py (users): Ditto. (fetch_users): Ditto. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define AuthorisationCode using frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authentication/oauth2/models/authorization_code.py: Import dataclass, asdict, cached_property and AuthorizationCodeMixin. Remove NamedTuple import. (AuthorisationCode): Use frozen dataclass and explicitly inherit from AuthorizationCodeMixin. Delete unnecessary comment. (AuthorisationCode.response_type): Make this a cached_property. (AuthorisationCode.get_nonce): Delete. This is not defined in the RFC6749 spec. (save_authorisation_code): Replace _asdict() with asdict(...). Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define OAuth2Client using frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authentication/oauth2/models/oauth2client.py: Import dataclass, cached_property and ClientMixin. Remove NamedTuple import. (OAuth2Client): Use frozen dataclass and explicitly inherit from ClientMixin. (OAuth2Client.token_endpoint_auth_method): Make this a cached property. (OAuth2Client.client_type): Ditto. (OAuth2Client.id): Ditto. (OAuth2Client.grant_types): Ditto. (OAuth2Client.redirect_uris): Ditto. (OAuth2Client.response_types): Ditto. (OAuth2Client.scope): Ditto. (OAuth2Client.get_allowed_scope): Autopep-8 it. (client): Autopep-8 it and use kw args for OAuthClient. (client_by_id_and_secret): Ditto. (oauth2_clients): Ditto. (save_client): Ditto. (delete_client): Ditto. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define OAuth2Token using a frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authentication/oauth2/endpoints/introspection.py (IntrospectionEndpoint.introspect_token): Replace token.get_scope() with token.scope. * gn_auth/auth/authentication/oauth2/models/oauth2token.py: Import dataclass, TokenMixin and cached_property. Delete NamedTuple import. (OAuth2Token): Use a frozen dataclass and explicitly inherit from TokenMixin. (OAuth2Token.expires_at): Make this a cached_property. (OAuth2Token.check_client): Add the "# pylint ..." in it's own line. Tested-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-08Replace "if" branching with "monad_from_none_or_value".Munyoki Kilyungi
* gn_auth/auth/authentication/oauth2/models/authorization_code.py: Import "monad_from_none_or_value". (authorisation_code): Replace if branching for Nothing/Just check with "monad_from_none_or_value". * gn_auth/auth/authentication/oauth2/models/oauth2token.py: Import "monad_from_none_or_value". (__token_from_resultset__): Replace if branching for Nothing/Just check with "monad_from_none_or_value". (token_by_access_token): Ditto. (token_by_refresh_token): Ditto. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-08Rename "__5_MINUTES__" to "EXPIRY_IN_SECONDS".Munyoki Kilyungi
* gn_auth/auth/authentication/oauth2/models/authorization_code.py (AuthorisationCode.__5_MINUTES__): Rename this to EXPIRY_IN_SECONDS. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-08Explicitly add keyword arguments to AuthorisationCode.Munyoki Kilyungi
This improves readability. * gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py (AuthorisationCodeGrant.save_authorization_code): Use keyword arguments. * gn_auth/auth/authentication/oauth2/models/authorization_code.py (authorisation_code): Ditto. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2023-08-23pylint: Replace `lambda ...` statements with `def ...`Frederick Muriuki Muriithi
2023-08-07Change imports to new unified db module.Frederick Muriuki Muriithi
2023-08-07Update module name/pathFrederick Muriuki Muriithi
Change from gn3 to gn_auth
2023-08-04Copy over files from GN3 repository.Frederick Muriuki Muriithi