frankie567/httpx-oauth

New endpoints

martincolladodev opened this issue · 2 comments

martincolladodev commented

I tried to create a branch and make a pull request but I thinks that is not available, so I open here for discussion. I think that would be nice to have accesible the endpoint information for userinfo, logout and jwt.

class BaseOAuth2(Generic[T]):

    name: str
    client_id: str
    client_secret: str
    authorize_endpoint: str
    access_token_endpoint: str
    refresh_token_endpoint: Optional[str]
    revoke_token_endpoint: Optional[str]
    user_info_endpoint: Optional[str]
    logout_endpoint: Optional[str]
    jwk_endpoint: Optional[str]
    base_scopes: Optional[List[str]]

    def __init__(
        self,
        client_id: str,
        client_secret: str,
        authorize_endpoint: str,
        access_token_endpoint: str,
        refresh_token_endpoint: Optional[str] = None,
        revoke_token_endpoint: Optional[str] = None,
        user_info_endpoint: Optional[str] = None,
        logout_endpoint: Optional[str] = None,
        jwk_endpoint: Optional[str] = None,
        name: str = "oauth2",
        base_scopes: Optional[List[str]] = None,
    ):
        self.client_id = client_id
        self.client_secret = client_secret
        self.authorize_endpoint = authorize_endpoint
        self.access_token_endpoint = access_token_endpoint
        self.refresh_token_endpoint = refresh_token_endpoint
        self.revoke_token_endpoint = revoke_token_endpoint
        self.user_info_endpoint = user_info_endpoint
        self.logout_endpoint = logout_endpoint
        self.jwk_endpoint = jwk_endpoint
        self.name = name
        self.base_scopes = base_scopes

What do you think? Later would be nice to add functionalities to those endpoints

frankie567 commented

Hi @martincolladofab! Thank you for the proposal. The thing is, all of those endpoints are not related to OAuth2 protocol. The only ones that RFC defines are the ones that are provided.

The goal here is to provide pure/simple OAuth2 authentication. The rest is more related to an "API wrapper" for a specific service. For example, python-gitlab is a library to help you access GitLab data once you have an access token.

  • 👍1
martincolladodev commented

Yes sure, just I though that would be nice to handle a little more of the OAuth and authorizations flows inside the library to complement the basic of the OAuth specifications (Similar to Authlib Probably consider to move to fastapi-users instead to handle advanced topics in auth?