OIDCAuthorization#
- pydantic model gafaelfawr.models.oidc.OIDCAuthorization#
Represents an authorization for an OpenID Connect client.
This is the object created during login and stored in Redis. The returned authorization code points to it and allows it to be retrieved so that an OpenID Connect client can redeem the code for a JWT.
Notes
The authorization code is represented by the
OIDCAuthorizationCodeclass, which functions the same as, and has the same security properties as, aToken.The underlying user data is not stored directly in the entry for the code. Instead, it stores the user’s token for which the code was issued, and from which the user’s data can be retrieved.
- Parameters:
data (
Any) –
Show JSON schema
{ "title": "OIDCAuthorization", "description": "Represents an authorization for an OpenID Connect client.\n\nThis is the object created during login and stored in Redis. The returned\nauthorization code points to it and allows it to be retrieved so that an\nOpenID Connect client can redeem the code for a JWT.\n\nNotes\n-----\nThe authorization code is represented by the `OIDCAuthorizationCode`\nclass, which functions the same as, and has the same security properties\nas, a `~gafaelfawr.models.token.Token`.\n\nThe underlying user data is not stored directly in the entry for the code.\nInstead, it stores the user's token for which the code was issued, and\nfrom which the user's data can be retrieved.", "type": "object", "properties": { "code": { "allOf": [ { "$ref": "#/$defs/OIDCAuthorizationCode" } ], "title": "The authorization code" }, "client_id": { "title": "The client that is allowed to use this authorization", "type": "string" }, "redirect_uri": { "title": "The redirect URI for which this authorization is intended", "type": "string" }, "token": { "allOf": [ { "$ref": "#/$defs/Token" } ], "title": "The underlying authentication token for the user" }, "created_at": { "format": "date-time", "title": "When the authorization was created", "type": "string" } }, "$defs": { "OIDCAuthorizationCode": { "description": "An OpenID Connect authorization code.\n\nVery similar to a `~gafaelfawr.models.token.Token` in behavior, but with a\ndifferent serialization and a different type.", "properties": { "key": { "title": "Key", "type": "string" }, "secret": { "title": "Secret", "type": "string" } }, "title": "OIDCAuthorizationCode", "type": "object" }, "Token": { "description": "An opaque token.\n\nNotes\n-----\nA token consists of two parts, a semi-public key that is used as the Redis\nkey, and a secret that is only present in the token returned to the user\nand the encrypted session in Redis.\n\nThe serialized form of a token always starts with ``gt-``, short for\nGafaelfawr token, to make it easier to identify these tokens in logs.\n\nThe serialized form encodes the secret in URL-safe base64 with the padding\nstripped off (because equal signs can be parsed oddly in cookies).", "properties": { "key": { "title": "Key", "type": "string" }, "secret": { "title": "Secret", "type": "string" } }, "title": "Token", "type": "object" } }, "required": [ "client_id", "redirect_uri", "token" ] }
- Fields:
- Validators:
- field client_id: str [Required]#
- field code: OIDCAuthorizationCode [Optional]#
- field created_at: datetime [Optional]#
- Validated by:
- field redirect_uri: str [Required]#
- field token: Token [Required]#