|
| 1 | +from __future__ import annotations |
| 2 | + |
| 3 | +from datetime import datetime |
| 4 | +from enum import StrEnum |
| 5 | + |
| 6 | +from pydantic import BaseModel |
| 7 | +from typing_extensions import TypedDict |
| 8 | + |
| 9 | + |
| 10 | +class UserInfo(BaseModel): |
| 11 | + sub: str # dirac generated vo:sub |
| 12 | + preferred_username: str |
| 13 | + dirac_group: str |
| 14 | + vo: str |
| 15 | + |
| 16 | + |
| 17 | +class TokenTypeHint(StrEnum): |
| 18 | + """Token type hints for RFC7009 revocation endpoint.""" |
| 19 | + |
| 20 | + access_token = "access_token" # noqa: S105 |
| 21 | + refresh_token = "refresh_token" # noqa: S105 |
| 22 | + |
| 23 | + |
| 24 | +class GrantType(StrEnum): |
| 25 | + """Grant types for OAuth2.""" |
| 26 | + |
| 27 | + authorization_code = "authorization_code" |
| 28 | + device_code = "urn:ietf:params:oauth:grant-type:device_code" |
| 29 | + refresh_token = "refresh_token" # noqa: S105 # False positive of Bandit about hard coded password |
| 30 | + |
| 31 | + |
| 32 | +class InitiateDeviceFlowResponse(TypedDict): |
| 33 | + """Response for the device flow initiation.""" |
| 34 | + |
| 35 | + user_code: str |
| 36 | + device_code: str |
| 37 | + verification_uri_complete: str |
| 38 | + verification_uri: str |
| 39 | + expires_in: int |
| 40 | + |
| 41 | + |
| 42 | +class OpenIDConfiguration(TypedDict): |
| 43 | + issuer: str |
| 44 | + token_endpoint: str |
| 45 | + userinfo_endpoint: str |
| 46 | + authorization_endpoint: str |
| 47 | + device_authorization_endpoint: str |
| 48 | + revocation_endpoint: str |
| 49 | + jwks_uri: str |
| 50 | + grant_types_supported: list[str] |
| 51 | + scopes_supported: list[str] |
| 52 | + response_types_supported: list[str] |
| 53 | + token_endpoint_auth_signing_alg_values_supported: list[str] |
| 54 | + token_endpoint_auth_methods_supported: list[str] |
| 55 | + code_challenge_methods_supported: list[str] |
| 56 | + |
| 57 | + |
| 58 | +class TokenPayload(TypedDict): |
| 59 | + jti: str |
| 60 | + exp: datetime |
| 61 | + dirac_policies: dict |
| 62 | + |
| 63 | + |
| 64 | +class TokenResponse(BaseModel): |
| 65 | + # Based on RFC 6749 |
| 66 | + access_token: str |
| 67 | + expires_in: int |
| 68 | + token_type: str = "Bearer" # noqa: S105 |
| 69 | + refresh_token: str | None = None |
| 70 | + |
| 71 | + |
| 72 | +class AccessTokenPayload(TokenPayload): |
| 73 | + sub: str |
| 74 | + vo: str |
| 75 | + iss: str |
| 76 | + dirac_properties: list[str] |
| 77 | + preferred_username: str |
| 78 | + dirac_group: str |
| 79 | + |
| 80 | + |
| 81 | +class RefreshTokenPayload(TokenPayload): |
| 82 | + legacy_exchange: bool |
| 83 | + |
| 84 | + |
| 85 | +class SupportInfo(TypedDict): |
| 86 | + message: str |
| 87 | + webpage: str | None |
| 88 | + email: str | None |
| 89 | + |
| 90 | + |
| 91 | +class GroupInfo(TypedDict): |
| 92 | + properties: list[str] |
| 93 | + |
| 94 | + |
| 95 | +class VOInfo(TypedDict): |
| 96 | + groups: dict[str, GroupInfo] |
| 97 | + support: SupportInfo |
| 98 | + default_group: str |
| 99 | + |
| 100 | + |
| 101 | +class Metadata(TypedDict): |
| 102 | + virtual_organizations: dict[str, VOInfo] |
0 commit comments