Coverage for polar/oauth2/metadata.py: 95%

54 statements  

« prev     ^ index     » next       coverage.py v7.10.6, created at 2025-12-05 16:17 +0000

1from collections.abc import Callable 1a

2from typing import TYPE_CHECKING 1a

3 

4from pydantic import BaseModel 1a

5 

6from polar.auth.scope import SCOPES_SUPPORTED 1a

7from polar.config import settings 1a

8 

9from . import constants 1a

10 

11if TYPE_CHECKING: 11 ↛ 12line 11 didn't jump to line 12 because the condition on line 11 was never true1a

12 from .authorization_server import AuthorizationServer 

13 

14 

15class OAuth2AuthorizationServerMetadata(BaseModel): 1a

16 """ 

17 OAuth 2.0 Authorization Server Metadata 

18 

19 Conforms to RFC8414. 

20 https://datatracker.ietf.org/doc/html/rfc8414 

21 """ 

22 

23 issuer: str 1a

24 authorization_endpoint: str 1a

25 token_endpoint: str 1a

26 jwks_uri: str 1a

27 registration_endpoint: str | None = None 1a

28 scopes_supported: list[str] 1a

29 response_types_supported: list[str] 1a

30 response_modes_supported: list[str] | None = None 1a

31 grant_types_supported: list[str] | None = None 1a

32 token_endpoint_auth_methods_supported: list[str] | None = None 1a

33 token_endpoint_auth_signing_alg_values_supported: list[str] | None = None 1a

34 service_documentation: str | None = None 1a

35 ui_locales_supported: list[str] | None = None 1a

36 op_policy_uri: str | None = None 1a

37 op_tos_uri: str | None = None 1a

38 revocation_endpoint: str | None = None 1a

39 revocation_endpoint_auth_methods_supported: list[str] | None = None 1a

40 revocation_endpoint_auth_signing_alg_values_supported: list[str] | None = None 1a

41 introspection_endpoint: str | None = None 1a

42 introspection_endpoint_auth_methods_supported: list[str] | None = None 1a

43 introspection_endpoint_auth_signing_alg_values_supported: list[str] | None = None 1a

44 code_challenge_methods_supported: list[str] | None = None 1a

45 

46 

47class OpenIDProviderMetadata(OAuth2AuthorizationServerMetadata): 1a

48 """ 

49 OpenID Provider Metadata 

50 

51 Conforms to OpenID Connect Discovery 1.0 specification. 

52 https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata 

53 """ 

54 

55 userinfo_endpoint: str 1a

56 acr_values_supported: list[str] | None = None 1a

57 subject_types_supported: list[str] 1a

58 id_token_signing_alg_values_supported: list[str] 1a

59 id_token_encryption_alg_values_supported: list[str] | None = None 1a

60 id_token_encryption_enc_values_supported: list[str] | None = None 1a

61 userinfo_signing_alg_values_supported: list[str] | None = None 1a

62 userinfo_encryption_alg_values_supported: list[str] | None = None 1a

63 userinfo_encryption_enc_values_supported: list[str] | None = None 1a

64 request_object_signing_alg_values_supported: list[str] | None = None 1a

65 request_object_encryption_alg_values_supported: list[str] | None = None 1a

66 request_object_encryption_enc_values_supported: list[str] | None = None 1a

67 display_values_supported: list[str] | None = None 1a

68 claim_types_supported: list[str] | None = None 1a

69 claims_supported: list[str] | None = None 1a

70 claims_locales_supported: list[str] | None = None 1a

71 claims_parameter_supported: bool | None = None 1a

72 request_parameter_supported: bool | None = None 1a

73 request_uri_parameter_supported: bool | None = None 1a

74 require_request_uri_registration: bool | None = None 1a

75 

76 

77def get_server_metadata( 1a

78 authorization_server: "AuthorizationServer", url_for: Callable[[str], str] 

79) -> OpenIDProviderMetadata: 

80 return OpenIDProviderMetadata( 

81 issuer=constants.ISSUER, 

82 authorization_endpoint=f"{settings.FRONTEND_BASE_URL}/oauth2/authorize", 

83 token_endpoint=url_for("oauth2:request_token"), 

84 jwks_uri=url_for("well_known.jwks"), 

85 userinfo_endpoint=url_for("oauth2:userinfo"), 

86 registration_endpoint=url_for("oauth2:create_client"), 

87 scopes_supported=SCOPES_SUPPORTED, 

88 response_types_supported=authorization_server.response_types_supported, 

89 response_modes_supported=authorization_server.response_modes_supported, 

90 grant_types_supported=authorization_server.grant_types_supported, 

91 token_endpoint_auth_methods_supported=authorization_server.token_endpoint_auth_methods_supported, 

92 service_documentation=constants.SERVICE_DOCUMENTATION, 

93 revocation_endpoint=url_for("oauth2:revoke_token"), 

94 revocation_endpoint_auth_methods_supported=authorization_server.revocation_endpoint_auth_methods_supported, 

95 introspection_endpoint=url_for("oauth2:introspect_token"), 

96 introspection_endpoint_auth_methods_supported=authorization_server.introspection_endpoint_auth_methods_supported, 

97 code_challenge_methods_supported=authorization_server.code_challenge_methods_supported, 

98 subject_types_supported=constants.SUBJECT_TYPES_SUPPORTED, 

99 id_token_signing_alg_values_supported=constants.ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, 

100 claims_supported=constants.CLAIMS_SUPPORTED, 

101 )