pywry.auth.flow¶
OAuth2 authentication flow orchestrator.
AuthFlowManager¶
AuthFlowManager(provider: OAuthProvider, token_store: TokenStore | None = None, session_manager: SessionManager | None = None, use_pkce: bool = True, auth_timeout: float = 120.0)
Orchestrates OAuth2 authentication flows.
Supports two modes:
-
Native mode: Opens a dedicated auth window pointing at the provider's authorize URL, captures the redirect on an ephemeral localhost HTTP server, and exchanges the code for tokens.
-
Deploy mode: Returns the
/auth/loginURL for the frontend to navigate to. The server-side routes handle the actual flow.
| PARAMETER | DESCRIPTION |
|---|---|
provider
|
The configured OAuth2 provider.
TYPE:
|
token_store
|
Store for persisting tokens after successful auth.
TYPE:
|
session_manager
|
Session manager for token lifecycle.
TYPE:
|
use_pkce
|
Whether to use PKCE (default
TYPE:
|
auth_timeout
|
Seconds to wait for the auth callback (default
TYPE:
|
Initialize the auth flow manager.
Attributes¶
Functions¶
run_native(show_window: Any | None = None, close_window: Any | None = None, window_config: dict[str, Any] | None = None) -> AuthFlowResult
Run the OAuth2 flow in native window mode.
This method blocks until authentication completes, times out, or is cancelled.
| PARAMETER | DESCRIPTION |
|---|---|
show_window
|
Function to open the auth window. Signature:
TYPE:
|
close_window
|
Function to close the auth window. Signature:
TYPE:
|
window_config
|
Additional window configuration (title, width, height).
TYPE:
|
| RETURNS | DESCRIPTION |
|---|---|
AuthFlowResult
|
The result of the authentication flow. |
| RAISES | DESCRIPTION |
|---|---|
AuthFlowTimeout
|
If the callback is not received within the timeout. |
AuthFlowCancelled
|
If the user closes the auth window or aborts. |
AuthenticationError
|
If the provider returns an error. |
Get the login URL for deploy mode.
In deploy mode, the actual OAuth2 flow is handled server-side
by the routes in deploy_routes.py. This method simply
returns the URL that the frontend should navigate to.
| PARAMETER | DESCRIPTION |
|---|---|
base_url
|
The base URL of the deploy server (e.g.
TYPE:
|
| RETURNS | DESCRIPTION |
|---|---|
str
|
The |
authenticate(app: Any, show_window: Any | None = None, close_window: Any | None = None, window_config: dict[str, Any] | None = None) -> AuthFlowResult
Unified authentication entry point.
Detects the app mode and runs the appropriate flow.
| PARAMETER | DESCRIPTION |
|---|---|
app
|
The PyWry application instance.
TYPE:
|
show_window
|
Window opener for native mode.
TYPE:
|
close_window
|
Window closer for native mode.
TYPE:
|
window_config
|
Window configuration for native mode.
TYPE:
|
| RETURNS | DESCRIPTION |
|---|---|
AuthFlowResult
|
The authentication result. |
Cancel the current authentication flow.
Sets the cancellation event which unblocks _wait_for_callback_with_cancellation.
AuthFlowResult¶
dataclass
¶
AuthFlowResult(success: bool, tokens: OAuthTokenSet | None = None, error: str | None = None, user_info: dict[str, Any] | None = None)
Result of an OAuth2 authentication flow.
| ATTRIBUTE | DESCRIPTION |
|---|---|
success |
Whether authentication completed successfully.
TYPE:
|
tokens |
The token set if authentication succeeded.
TYPE:
|
error |
Error message if authentication failed.
TYPE:
|
user_info |
User profile information from the provider.
TYPE:
|
AuthFlowState¶
Bases: str, Enum
State of an OAuth2 authentication flow.