Skip to content

Device flow: Pass verification_uri_complete to endpoint + pass Server kwargs to DeviceCodeGrant to allow validators to be setup with more flexibility #891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 28, 2025
Merged

Device flow: Pass verification_uri_complete to endpoint + pass Server kwargs to DeviceCodeGrant to allow validators to be setup with more flexibility #891

merged 5 commits into from
Jan 28, 2025

Conversation

duzumaki
Copy link
Contributor

@duzumaki duzumaki commented Jan 24, 2025
edited
Loading

Note to reviewer: pr is best reviewed commit by commit

While implementing this
I realised two things are missing

  1. verification_uri_complete isn't being passed to the endpoint
  2. The server kwargs aren't being passed to the device code grant

Explanation of 2:

oauthlib assumes code like so for adding custom validators (or rather, examples in the code base do this but the constructor of a grant allows for generic kwargs to be passed in to set it up)

auth = DeviceCodeGrant(validator)

auth.custom_validators.pre_token.append(pre_token_validator)
auth.custom_validators.post_token.append(post_token_validator)

However there are cases where one would want more flexibility. What do I mean flexibility? All grant's inherit from GrantTypeBase and have a constructor like:

    def __init__(self, request_validator=None, **kwargs):
        self.request_validator = request_validator or RequestValidator()
        self._setup_custom_validators(kwargs)

    def _setup_custom_validators(self, kwargs):
        post_auth = kwargs.get('post_auth', [])
        post_token = kwargs.get('post_token', [])
        pre_auth = kwargs.get('pre_auth', [])
        pre_token = kwargs.get('pre_token', [])
        self.custom_validators = ValidatorsContainer(post_auth, post_token,
                                                     pre_auth, pre_token)

One might want to pass in any combination of the custom validators to the Server that uses the Grant object as a generic dict of server kwargs (like is done in django-oauth-toolkit in order to abstract oauthlib away)

By allowing this it makes it easier to set up the validator checks

But what were you even trying to do in the first place?

For the device code this means being able to pass in a validation callable in a more flexible manner to assign oauthlib.common.Request's user attribute before the access token is made and saved allowing to associate the device user with the access token user

Screenshot showing access tokens having users set from the device flow and verification_uri_complete(https://datatracker.ietf.org/doc/html/rfc8628#section-3.2) coming back from the authorization stage
image
image

@duzumaki duzumaki force-pushed the extra-device-flow-changes branch 2 times, most recently from 535b12f to d230a05 Compare January 24, 2025 16:18
@duzumaki duzumaki changed the title Device flow: Pass verification_uri_complete to endpoint + pass Server kwargs to DeviceCodeGrant Device flow: Pass verification_uri_complete to endpoint + pass Server kwargs to DeviceCodeGrant to allow more flexibility of setup Jan 24, 2025
@duzumaki duzumaki force-pushed the extra-device-flow-changes branch 4 times, most recently from 8fc44dd to 3a25fd0 Compare January 24, 2025 16:30
@duzumaki
Ensure verification_uri_complete make it to DeviceAuthorizationEndpoint
7373f02 
Needed as a caller is unable to tell the device endpoint to
return the verification_uri_complete value
@duzumaki duzumaki force-pushed the extra-device-flow-changes branch from 3a25fd0 to 460ae31 Compare January 24, 2025 16:33
@duzumaki
Copy link
Contributor Author

duzumaki commented Jan 24, 2025
edited
Loading

hmm why is ruff reporting on lines unrelated to my change?

@duzumaki duzumaki force-pushed the extra-device-flow-changes branch 2 times, most recently from bb9ec29 to b0503f8 Compare January 24, 2025 16:44
@duzumaki duzumaki changed the title Device flow: Pass verification_uri_complete to endpoint + pass Server kwargs to DeviceCodeGrant to allow more flexibility of setup Device flow: Pass verification_uri_complete to endpoint + pass Server kwargs to DeviceCodeGrant to allow validators to be setup with more flexibility Jan 24, 2025
This was referenced Jan 24, 2025
Open
Open
@duzumaki
Ensure the device grant gets the kwargs
ed6d2aa 
In order for the device grant's pre token custom valisator to run
as the parent class "GrantTypeBase" sets it up like

    def _setup_custom_validators(self, kwargs):
        post_auth = kwargs.get('post_auth', [])
        post_token = kwargs.get('post_token', [])
        pre_auth = kwargs.get('pre_auth', [])
        pre_token = kwargs.get('pre_token', [])

The need for this was discovered because a pre_token callable needs to be passed
in order to set oauthlib's request.user attribute accordingly before
the token gets saved
@duzumaki
Add test
a096dce
@duzumaki
Ruff
ca06e96 
Don't know why it's complaining on modules I didn't touch
A005 Module `resource` shadows a Python standard-library module
PLC0206 Extracting value from dictionary without calling `.items()`
RUF023 `BearerToken.__slots__` is not sorted

ignoring as this isn't realted to this pr
@duzumaki duzumaki force-pushed the extra-device-flow-changes branch from b0503f8 to ca06e96 Compare January 24, 2025 18:34
@duzumaki
Copy link
Contributor Author

@auvipy doesn't let me add reviewers so tagging

@auvipy auvipy self-requested a review January 28, 2025 07:35
auvipy
auvipy requested changes Jan 28, 2025
View reviewed changes
Copy link
Contributor

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't we also update relevant docs?

@duzumaki
Copy link
Contributor Author

duzumaki commented Jan 28, 2025
edited
Loading

@auvipy it's already documented :)

oauthlib/docs/oauth2/endpoints/device.rst

Line 47 in 028c563

"verification_uri_complete":

edit: let me update this line here actually as well

oauthlib/docs/oauth2/endpoints/device.rst

Line 30 in 028c563

server = DeviceApplicationServer(your_validator, verification_uri, user_code)

@duzumaki duzumaki requested a review from auvipy January 28, 2025 08:11
@duzumaki
Copy link
Contributor Author

duzumaki commented Jan 28, 2025
edited
Loading

@auvipy updated here

@auvipy auvipy merged commit 028a8f1 into oauthlib:master Jan 28, 2025
12 checks passed
@JonathanHuot JonathanHuot added this to the 3.3.0 milestone May 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@auvipy auvipy auvipy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@duzumaki @auvipy @JonathanHuot
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy