PySide6.QtNetworkAuth.QOAuth2AuthorizationCodeFlow¶
- class QOAuth2AuthorizationCodeFlow¶
The
QOAuth2AuthorizationCodeFlow
class provides an implementation of the Authorization Code Grant flow. More…Synopsis¶
Properties¶
accessTokenUrlᅟ
- This property holds the URL used to convert the temporary code received during the authorization response
Methods¶
def
__init__()
def
accessTokenUrl()
def
pkceMethod()
def
setPkceMethod()
Slots¶
Signals¶
Note
This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE
Detailed Description¶
This class implements the Authorization Code Grant flow, which is used both to obtain and to refresh access tokens. It is a redirection-based flow so the user will need access to a web browser.
As a redirection-based flow this class requires a proper reply handler to be set. See Qt OAuth2 Overview ,
QOAuthHttpServerReplyHandler
, andQOAuthUriSchemeReplyHandler
.- class PkceMethod¶
List of available Proof Key for Code Exchange (PKCE) methods .
PKCE is a security measure to mitigate the risk of authorization code interception attacks . As such it is relevant for OAuth2 “Authorization Code” flow (grant) and in particular with native applications.
PKCE inserts additional parameters into authorization and access token requests. With the help of these parameters the authorization server is able to verify that an access token request originates from the same entity that issued the authorization request.
Constant
Description
QOAuth2AuthorizationCodeFlow.PkceMethod.None
PKCE is not used.
QOAuth2AuthorizationCodeFlow.PkceMethod.Plain
The Plain PKCE method is used. Use this only if it is not possible to use S256. With Plain method the code challenge equals to the code verifier .
QOAuth2AuthorizationCodeFlow.PkceMethod.S256
The S256 PKCE method is used. This is the default and the recommended method for native applications. With the S256 method the code challenge is a base64url-encoded value of the SHA-256 of the code verifier.
See also
Added in version 6.8.
Note
Properties can be used directly when
from __feature__ import true_property
is used or via accessor functions otherwise.This property holds This property holds the URL used to convert the temporary code received during the authorization response..
See also: Access Token Request
- Access functions:
Constructs a
QOAuth2AuthorizationCodeFlow
object with parent objectparent
.- __init__(manager[, parent=None])
- Parameters:
manager –
QNetworkAccessManager
parent –
QObject
Constructs a
QOAuth2AuthorizationCodeFlow
object usingparent
as parent and setsmanager
as the network access manager.- __init__(clientIdentifier, manager[, parent=None])
- Parameters:
clientIdentifier – str
manager –
QNetworkAccessManager
parent –
QObject
Constructs a
QOAuth2AuthorizationCodeFlow
object usingparent
as parent and setsmanager
as the network access manager. The client identifier is set toclientIdentifier
.- __init__(authorizationUrl, accessTokenUrl, manager[, parent=None])
- Parameters:
authorizationUrl –
QUrl
accessTokenUrl –
QUrl
manager –
QNetworkAccessManager
parent –
QObject
Constructs a
QOAuth2AuthorizationCodeFlow
object usingparent
as parent and setsmanager
as the network access manager. The authenticate URL is set toauthenticateUrl
and the access token URL is set toaccessTokenUrl
.- __init__(clientIdentifier, authorizationUrl, accessTokenUrl, manager[, parent=None])
- Parameters:
clientIdentifier – str
authorizationUrl –
QUrl
accessTokenUrl –
QUrl
manager –
QNetworkAccessManager
parent –
QObject
Constructs a
QOAuth2AuthorizationCodeFlow
object usingparent
as parent and setsmanager
as the network access manager. The client identifier is set toclientIdentifier
the authenticate URL is set toauthenticateUrl
and the access token URL is set toaccessTokenUrl
.Returns the URL used to request the access token.
See also
Getter of property
accessTokenUrlᅟ
.Notification signal of property
accessTokenUrlᅟ
.- buildAuthenticateUrl([parameters={}])¶
- Parameters:
parameters – .QMultiMapQString,QVariant
- Return type:
Generates an authentication URL to be used in the Authorization Request using
parameters
.- pkceMethod()¶
- Return type:
Returns the current PKCE method.
See also
- refreshAccessToken()¶
Call this function to refresh the token. Access tokens are not permanent. After a time specified along with the access token when it was obtained, the access token will become invalid.
If refreshing the token fails and an access token exists, the status is set to
Granted
, and toNotAuthenticated
otherwise.See also
- requestAccessToken(code)¶
- Parameters:
code – str
Requests an access token from the received
code
. Thecode
is received as a response when the user completes a successful authentication in the browser.Sets the URL used to request the access token to
accessTokenUrl
.See also
Setter of property
accessTokenUrlᅟ
.- setPkceMethod(method[, length=43])¶
- Parameters:
method –
PkceMethod
length – int
Sets the current PKCE method to
method
.Optionally, the
length
parameter can be used to set the length of thecode_verifier
. The value must be between 43 and 128 bytes. The ‘code verifier’ itself is random-generated by the library.See also