wip

2025-08-08 13:32:37 -03:00
parent 78c4a4ad30
commit b7143ea634
8 changed files with 117 additions and 93 deletions
--- a/id.saladeaula.digital/app/oauth2.py
+++ b/id.saladeaula.digital/app/oauth2.py
@@ -5,7 +5,7 @@ from authlib.oidc.core import OpenIDCode as OpenIDCode_
 from authlib.oidc.core import UserInfo
 from layercake.dateutils import now, ttl
 from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
-from layercake.funcs import pick
+from layercake.funcs import omit, pick

 from boto3clients import dynamodb_client
 from config import ISSUER, JWT_ALGORITHM, OAUTH2_TABLE
@@ -124,10 +124,7 @@ class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
        authorization_code: OAuth2AuthorizationCode,
    ) -> None:
        oauth2_layer.delete_item(
-            KeyPair(
-                pk='OAUTH2#CODE',
-                sk=f'CODE#{authorization_code.code}',
-            ),
+            KeyPair(pk='OAUTH2#CODE', sk=f'CODE#{authorization_code.code}'),
        )

    def authenticate_user(
@@ -135,17 +132,18 @@ class AuthorizationCodeGrant(grants.AuthorizationCodeGrant):
        authorization_code: OAuth2AuthorizationCode,
    ) -> dict:
        user = oauth2_layer.get_item(
-            KeyPair(
-                pk=authorization_code.user_id,
-                sk='0',
-            ),
+            KeyPair(pk=authorization_code.user_id, sk='0'),
        )
        return pick(('id', 'name', 'email', 'email_verified'), user)


 class RefreshTokenGrant(grants.RefreshTokenGrant):
-    TOKEN_ENDPOINT_AUTH_METHODS = ['client_secret_basic', 'client_secret_post', 'none']
    INCLUDE_NEW_REFRESH_TOKEN = True
+    TOKEN_ENDPOINT_AUTH_METHODS = [
+        'client_secret_basic',
+        'client_secret_post',
+        'none',
+    ]

    def authenticate_refresh_token(self, refresh_token: str, **kwargs) -> TokenMixin:
        token = oauth2_layer.get_item(
@@ -156,26 +154,19 @@ class RefreshTokenGrant(grants.RefreshTokenGrant):
        )

        return OAuth2Token(
-            client_id=token['client_id'],
-            scope=token['scope'],
            expires_in=int(token['expires_in']),
            issued_at=int(token['issued_at']),
-            user=token['user'],
            refresh_token=refresh_token,
+            **omit(('expires_in', 'issued_at'), token),
        )

    def authenticate_user(self, refresh_token: TokenMixin):
        return refresh_token.get_user()

    def revoke_old_credential(self, refresh_token: TokenMixin) -> None:
-        refresh_token_ = getattr(refresh_token, 'refresh_token')
-
-        if refresh_token_:
+        if token := getattr(refresh_token, 'refresh_token', None):
            oauth2_layer.delete_item(
-                KeyPair(
-                    pk='OAUTH2#TOKEN',
-                    sk=f'REFRESH_TOKEN#{refresh_token_}',
-                )
+                KeyPair(pk='OAUTH2#TOKEN', sk=f'REFRESH_TOKEN#{token}')
            )