app.middlewares.valid_access_token module

class app.middlewares.valid_access_token.CustomOAuth2AuthorizationCodeBearer(authorizationUrl, tokenUrl, refreshUrl=None, scheme_name=None, scopes=None, description=None, auto_error=True)[source]

Bases: OAuth2AuthorizationCodeBearer

Parameters:

  • authorizationUrl (str)

  • tokenUrl (Annotated[str, Doc('\n The URL to obtain the OAuth2 token.\n ')])

  • refreshUrl (Annotated[str | None, Doc('\n The URL to refresh the token and obtain a new one.\n ')])

  • scheme_name (str)

  • scopes (Annotated[Dict[str, str] | None, Doc('\n The OAuth2 scopes that would be required by the *path operations* that\n use this dependency.\n ')])

  • description (Annotated[str | None, Doc('\n Security scheme description.\n\n It will be included in the generated OpenAPI (e.g. visible at `/docs`).\n ')])

  • auto_error (Annotated[bool, Doc('\n By default, if no HTTP Authorization header is provided, required for\n OAuth2 authentication, it will automatically cancel the request and\n send the client an error.\n\n If `auto_error` is set to `False`, when the HTTP Authorization header\n is not available, instead of erroring out, the dependency result will\n be `None`.\n\n This is useful when you want to have optional authentication.\n\n It is also useful when you want to have authentication that can be\n provided in one of multiple optional ways (for example, with OAuth2\n or in a cookie).\n ')])

async app.middlewares.valid_access_token.valid_access_token(access_token)[source]

Validate a Keycloak-issued JWT access token.

Fetches the realm signing key (offloaded to a worker thread so the JWKS roundtrip does not block the event loop) and verifies the token’s signature, expiry, issuer and audience. Each failure mode is mapped to an appropriate HTTP status carried inside the returned Response.

Parameters:

access_token (str) – The bearer token extracted by oauth_2_scheme.

Returns:

ResponseResponse.ok with the decoded/normalized claims on success; Response.fail wrapping an HTTPException (401/403/500) describing why validation failed.

Return type:

Response

async app.middlewares.valid_access_token.refresh_access_token(refresh_token)[source]

Refresh the access token using the refresh token.

Parameters:

refresh_token (str) – The refresh token to be used to generate a new access token.

Returns:

dict – The new access token and other related information.