authentik.providers.oauth2.api.tokens
OAuth2Provider API Views
1"""OAuth2Provider API Views""" 2 3from json import dumps 4 5from django_filters.rest_framework import DjangoFilterBackend 6from guardian.shortcuts import get_anonymous_user 7from rest_framework import mixins 8from rest_framework.fields import CharField, ListField, SerializerMethodField 9from rest_framework.filters import OrderingFilter, SearchFilter 10from rest_framework.viewsets import GenericViewSet 11 12from authentik.core.api.used_by import UsedByMixin 13from authentik.core.api.users import UserSerializer 14from authentik.core.api.utils import MetaNameSerializer, ModelSerializer 15from authentik.providers.oauth2.api.providers import OAuth2ProviderSerializer 16from authentik.providers.oauth2.models import AccessToken, AuthorizationCode, RefreshToken 17 18 19class ExpiringBaseGrantModelSerializer(ModelSerializer, MetaNameSerializer): 20 """Serializer for BaseGrantModel and ExpiringBaseGrant""" 21 22 user = UserSerializer() 23 provider = OAuth2ProviderSerializer() 24 scope = ListField(child=CharField()) 25 26 class Meta: 27 model = AuthorizationCode 28 fields = ["pk", "provider", "user", "is_expired", "expires", "scope"] 29 depth = 2 30 31 32class TokenModelSerializer(ExpiringBaseGrantModelSerializer): 33 """Serializer for BaseGrantModel and RefreshToken""" 34 35 id_token = SerializerMethodField() 36 37 def get_id_token(self, instance: RefreshToken) -> str: 38 """Get the token's id_token as JSON String""" 39 return dumps(instance.id_token.to_dict(), indent=4) 40 41 class Meta: 42 model = RefreshToken 43 fields = [ 44 "pk", 45 "provider", 46 "user", 47 "is_expired", 48 "expires", 49 "scope", 50 "id_token", 51 "revoked", 52 ] 53 depth = 2 54 55 56class AuthorizationCodeViewSet( 57 mixins.RetrieveModelMixin, 58 mixins.DestroyModelMixin, 59 UsedByMixin, 60 mixins.ListModelMixin, 61 GenericViewSet, 62): 63 """AuthorizationCode Viewset""" 64 65 queryset = AuthorizationCode.objects.including_expired().all() 66 serializer_class = ExpiringBaseGrantModelSerializer 67 filterset_fields = ["user", "provider"] 68 ordering = ["provider", "expires"] 69 filter_backends = [ 70 DjangoFilterBackend, 71 OrderingFilter, 72 SearchFilter, 73 ] 74 75 def get_queryset(self): 76 user = self.request.user if self.request else get_anonymous_user() 77 if user.is_superuser: 78 return super().get_queryset() 79 return super().get_queryset().filter(user=user.pk) 80 81 82class RefreshTokenViewSet( 83 mixins.RetrieveModelMixin, 84 mixins.DestroyModelMixin, 85 UsedByMixin, 86 mixins.ListModelMixin, 87 GenericViewSet, 88): 89 """RefreshToken Viewset""" 90 91 queryset = RefreshToken.objects.including_expired().all() 92 serializer_class = TokenModelSerializer 93 filterset_fields = ["user", "provider"] 94 ordering = ["provider", "expires"] 95 filter_backends = [ 96 DjangoFilterBackend, 97 OrderingFilter, 98 SearchFilter, 99 ] 100 101 def get_queryset(self): 102 user = self.request.user if self.request else get_anonymous_user() 103 if user.is_superuser: 104 return super().get_queryset() 105 return super().get_queryset().filter(user=user.pk) 106 107 108class AccessTokenViewSet( 109 mixins.RetrieveModelMixin, 110 mixins.DestroyModelMixin, 111 UsedByMixin, 112 mixins.ListModelMixin, 113 GenericViewSet, 114): 115 """AccessToken Viewset""" 116 117 queryset = AccessToken.objects.including_expired().all() 118 serializer_class = TokenModelSerializer 119 filterset_fields = ["user", "provider"] 120 ordering = ["provider", "expires"] 121 filter_backends = [ 122 DjangoFilterBackend, 123 OrderingFilter, 124 SearchFilter, 125 ] 126 127 def get_queryset(self): 128 user = self.request.user if self.request else get_anonymous_user() 129 if user.is_superuser: 130 return super().get_queryset() 131 return super().get_queryset().filter(user=user.pk)
class
ExpiringBaseGrantModelSerializer(authentik.core.api.utils.ModelSerializer, authentik.core.api.utils.MetaNameSerializer):
20class ExpiringBaseGrantModelSerializer(ModelSerializer, MetaNameSerializer): 21 """Serializer for BaseGrantModel and ExpiringBaseGrant""" 22 23 user = UserSerializer() 24 provider = OAuth2ProviderSerializer() 25 scope = ListField(child=CharField()) 26 27 class Meta: 28 model = AuthorizationCode 29 fields = ["pk", "provider", "user", "is_expired", "expires", "scope"] 30 depth = 2
Serializer for BaseGrantModel and ExpiringBaseGrant
class
ExpiringBaseGrantModelSerializer.Meta:
27 class Meta: 28 model = AuthorizationCode 29 fields = ["pk", "provider", "user", "is_expired", "expires", "scope"] 30 depth = 2
model =
<class 'authentik.providers.oauth2.models.AuthorizationCode'>
33class TokenModelSerializer(ExpiringBaseGrantModelSerializer): 34 """Serializer for BaseGrantModel and RefreshToken""" 35 36 id_token = SerializerMethodField() 37 38 def get_id_token(self, instance: RefreshToken) -> str: 39 """Get the token's id_token as JSON String""" 40 return dumps(instance.id_token.to_dict(), indent=4) 41 42 class Meta: 43 model = RefreshToken 44 fields = [ 45 "pk", 46 "provider", 47 "user", 48 "is_expired", 49 "expires", 50 "scope", 51 "id_token", 52 "revoked", 53 ] 54 depth = 2
Serializer for BaseGrantModel and RefreshToken
class
TokenModelSerializer.Meta:
42 class Meta: 43 model = RefreshToken 44 fields = [ 45 "pk", 46 "provider", 47 "user", 48 "is_expired", 49 "expires", 50 "scope", 51 "id_token", 52 "revoked", 53 ] 54 depth = 2
model =
<class 'authentik.providers.oauth2.models.RefreshToken'>
class
AuthorizationCodeViewSet(rest_framework.mixins.RetrieveModelMixin, rest_framework.mixins.DestroyModelMixin, authentik.core.api.used_by.UsedByMixin, rest_framework.mixins.ListModelMixin, rest_framework.viewsets.GenericViewSet):
57class AuthorizationCodeViewSet( 58 mixins.RetrieveModelMixin, 59 mixins.DestroyModelMixin, 60 UsedByMixin, 61 mixins.ListModelMixin, 62 GenericViewSet, 63): 64 """AuthorizationCode Viewset""" 65 66 queryset = AuthorizationCode.objects.including_expired().all() 67 serializer_class = ExpiringBaseGrantModelSerializer 68 filterset_fields = ["user", "provider"] 69 ordering = ["provider", "expires"] 70 filter_backends = [ 71 DjangoFilterBackend, 72 OrderingFilter, 73 SearchFilter, 74 ] 75 76 def get_queryset(self): 77 user = self.request.user if self.request else get_anonymous_user() 78 if user.is_superuser: 79 return super().get_queryset() 80 return super().get_queryset().filter(user=user.pk)
AuthorizationCode Viewset
serializer_class =
<class 'ExpiringBaseGrantModelSerializer'>
filter_backends =
[<class 'django_filters.rest_framework.backends.DjangoFilterBackend'>, <class 'rest_framework.filters.OrderingFilter'>, <class 'rest_framework.filters.SearchFilter'>]
def
get_queryset(self):
76 def get_queryset(self): 77 user = self.request.user if self.request else get_anonymous_user() 78 if user.is_superuser: 79 return super().get_queryset() 80 return super().get_queryset().filter(user=user.pk)
Get the list of items for this view.
This must be an iterable, and may be a queryset.
Defaults to using self.queryset.
This method should always be used rather than accessing self.queryset
directly, as self.queryset gets evaluated only once, and those results
are cached for all subsequent requests.
You may want to override this if you need to provide different querysets depending on the incoming request.
(Eg. return a list of items that is specific to the user)
Inherited Members
class
RefreshTokenViewSet(rest_framework.mixins.RetrieveModelMixin, rest_framework.mixins.DestroyModelMixin, authentik.core.api.used_by.UsedByMixin, rest_framework.mixins.ListModelMixin, rest_framework.viewsets.GenericViewSet):
83class RefreshTokenViewSet( 84 mixins.RetrieveModelMixin, 85 mixins.DestroyModelMixin, 86 UsedByMixin, 87 mixins.ListModelMixin, 88 GenericViewSet, 89): 90 """RefreshToken Viewset""" 91 92 queryset = RefreshToken.objects.including_expired().all() 93 serializer_class = TokenModelSerializer 94 filterset_fields = ["user", "provider"] 95 ordering = ["provider", "expires"] 96 filter_backends = [ 97 DjangoFilterBackend, 98 OrderingFilter, 99 SearchFilter, 100 ] 101 102 def get_queryset(self): 103 user = self.request.user if self.request else get_anonymous_user() 104 if user.is_superuser: 105 return super().get_queryset() 106 return super().get_queryset().filter(user=user.pk)
RefreshToken Viewset
serializer_class =
<class 'TokenModelSerializer'>
filter_backends =
[<class 'django_filters.rest_framework.backends.DjangoFilterBackend'>, <class 'rest_framework.filters.OrderingFilter'>, <class 'rest_framework.filters.SearchFilter'>]
def
get_queryset(self):
102 def get_queryset(self): 103 user = self.request.user if self.request else get_anonymous_user() 104 if user.is_superuser: 105 return super().get_queryset() 106 return super().get_queryset().filter(user=user.pk)
Get the list of items for this view.
This must be an iterable, and may be a queryset.
Defaults to using self.queryset.
This method should always be used rather than accessing self.queryset
directly, as self.queryset gets evaluated only once, and those results
are cached for all subsequent requests.
You may want to override this if you need to provide different querysets depending on the incoming request.
(Eg. return a list of items that is specific to the user)
Inherited Members
class
AccessTokenViewSet(rest_framework.mixins.RetrieveModelMixin, rest_framework.mixins.DestroyModelMixin, authentik.core.api.used_by.UsedByMixin, rest_framework.mixins.ListModelMixin, rest_framework.viewsets.GenericViewSet):
109class AccessTokenViewSet( 110 mixins.RetrieveModelMixin, 111 mixins.DestroyModelMixin, 112 UsedByMixin, 113 mixins.ListModelMixin, 114 GenericViewSet, 115): 116 """AccessToken Viewset""" 117 118 queryset = AccessToken.objects.including_expired().all() 119 serializer_class = TokenModelSerializer 120 filterset_fields = ["user", "provider"] 121 ordering = ["provider", "expires"] 122 filter_backends = [ 123 DjangoFilterBackend, 124 OrderingFilter, 125 SearchFilter, 126 ] 127 128 def get_queryset(self): 129 user = self.request.user if self.request else get_anonymous_user() 130 if user.is_superuser: 131 return super().get_queryset() 132 return super().get_queryset().filter(user=user.pk)
AccessToken Viewset
serializer_class =
<class 'TokenModelSerializer'>
filter_backends =
[<class 'django_filters.rest_framework.backends.DjangoFilterBackend'>, <class 'rest_framework.filters.OrderingFilter'>, <class 'rest_framework.filters.SearchFilter'>]
def
get_queryset(self):
128 def get_queryset(self): 129 user = self.request.user if self.request else get_anonymous_user() 130 if user.is_superuser: 131 return super().get_queryset() 132 return super().get_queryset().filter(user=user.pk)
Get the list of items for this view.
This must be an iterable, and may be a queryset.
Defaults to using self.queryset.
This method should always be used rather than accessing self.queryset
directly, as self.queryset gets evaluated only once, and those results
are cached for all subsequent requests.
You may want to override this if you need to provide different querysets depending on the incoming request.
(Eg. return a list of items that is specific to the user)