AuthorizationService

Inherits: Authorization

OAuth authorization implementation used by Page.login().

The service coordinates authorization URL generation, token exchange, token refresh, and optional user/group resolution using the configured OAuthProvider.

Parameters:

• provider (OAuthProvider) –

  Configured OAuthProvider describing OAuth endpoints, credentials, and optional user/group APIs.

• fetch_user (bool) –

  Whether to request provider user profile information.

• fetch_groups (bool) –

  Whether to request user groups/roles.

• scope (list[str] | None, default: None ) –

  Initial OAuth scopes. The service augments this list with provider defaults (provider.scopes) and, when enabled, provider user/group scopes.

Properties

• fetch_groups –
• fetch_user –
• provider –
• scope –
• user(User | None) –

Methods

• dehydrate_token –

  Restore and validate previously persisted token state.

• get_authorization_data –

  Generate authorization URL and CSRF state for OAuth redirect flow.

• get_token –

  Return current token after applying refresh logic when required.

• request_token –

  Exchange authorization code for access token and optional profile data.

Properties

fetch_groups instance-attribute

fetch_groups = fetch_groups

fetch_user instance-attribute

fetch_user = fetch_user

provider instance-attribute

provider = provider

scope instance-attribute

scope = scope if scope is not None else []

user instance-attribute

user: User | None = None

Methods

dehydrate_token async

dehydrate_token(saved_token: str)

Restore and validate previously persisted token state.

The token is deserialized, refreshed when expired, and optionally used to load user and group metadata.

Parameters:

• saved_token (str) –

  JSON-serialized token data produced by OAuthToken.to_json().

get_authorization_data

get_authorization_data() -> tuple[str, str]

Generate authorization URL and CSRF state for OAuth redirect flow.

Returns:

• tuple[str, str] –

  A tuple of (authorization_url, state).

get_token async

get_token()

Return current token after applying refresh logic when required.

Returns:

• –

  Current OAuthToken, or None if no token is available yet.

request_token async

request_token(code: str)

Exchange authorization code for access token and optional profile data.

Parameters:

• code (str) –

  Provider-issued authorization code returned to redirect URL.

Raises:

• HTTPStatusError –

  If token endpoint returns a non-success status.