feat: oauth provider (#549)

* fix: files for oauth2 providers * fix: interface * fix: oauth2 interfaces * fix: update recipe.py * fix: login request impl * fix: query params for put request * fix: consent request * fix: more impl * fix: more impl * fix: recipe impl * fix: recipe impl * fix: validate_oauth2_access_token * fix: authorization * fix: token exchange * fix: frontend redirection url * fix: revoke token * fix: end session * fix: api stubs * fix: api structures and lint fixes * fix: remaining type fixes * fix: end session * fix: api endpoints * fix: remaining apis * fix: remaining impl * fix: typing * fix: type and lint * fix: types, exposed functions and cyclic import * fix: backend sdk tests * fix: default recipes and fixes for test * fix: tests * fix: tests * fix: tests * fix: tests * fix: tests * fix: tests * fix: openid and cookies * fix: roles and permissions for oauth2 * fix: auth react tests * fix: tests and changes for oauth2 provider (#551) * fix: cdi and fdi versions * fix: deps * fix: sdk version * fix: tests * fix: website reset * fix: website tests * fix: test scripts for oauth2 * fix: website tests * fix: unit test * fix: unit test * fix: django headers * fix: better types * fix: review comments * fix: test server * fix: changelog * fix: check lint output in pre-commit * fix: cyclic import * fix: cyclic import * fix: cyclic import * fix: cyclic import * fix: cyclic import * fix: cyclic import * fix: cyclic import * fix: cyclic import * fix: cyclic import * fix: cyclic import
supertokens · Dec 30, 2024 · 8f794c0 · 8f794c0
1 parent ee275a5
commit 8f794c0
Show file tree

Hide file tree

Showing 83 changed files with 6,034 additions and 68 deletions.
diff --git a/.circleci/config_continue.yml b/.circleci/config_continue.yml
@@ -34,6 +34,7 @@ jobs:
   test-backend-sdk-testing:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     parameters:
       cdi-version:
@@ -54,6 +55,7 @@ jobs:
   test-website-fastapi:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     parameters:
       fdi-version:
@@ -74,6 +76,7 @@ jobs:
   test-website-flask:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     parameters:
       fdi-version:
@@ -94,6 +97,7 @@ jobs:
   test-website-django:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     parameters:
       fdi-version:
@@ -114,6 +118,7 @@ jobs:
   test-website-drf-async:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     parameters:
       fdi-version:
@@ -134,6 +139,7 @@ jobs:
   test-website-drf-sync:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     parameters:
       fdi-version:
@@ -154,6 +160,7 @@ jobs:
   test-website-django2x:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     parameters:
       fdi-version:
@@ -174,6 +181,7 @@ jobs:
   test-website-flask-nest-asyncio:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     environment:
       SUPERTOKENS_NEST_ASYNCIO: "1"
@@ -197,6 +205,7 @@ jobs:
   test-authreact-fastapi:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     environment:
       MOCHA_FILE: /root/test_report/report_node-<< parameters.fdi-version >>.xml
     parameters:
@@ -227,6 +236,7 @@ jobs:
   test-authreact-flask:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     environment:
       MOCHA_FILE: /root/test_report/report_node-<< parameters.fdi-version >>.xml
@@ -258,6 +268,7 @@ jobs:
   test-authreact-django:
     docker:
       - image: python:<< parameters.python-version >>
+      - image: rishabhpoddar/oauth-server-cicd
     resource_class: large
     environment:
       MOCHA_FILE: /root/test_report/report_node-<< parameters.fdi-version >>.xml

diff --git a/.circleci/markDevTagAsTestNotPassed.sh b/.circleci/markDevTagAsTestNotPassed.sh
@@ -21,7 +21,7 @@ while IFS='"' read -ra ADDR; do
     done
 done <<< "$version"
 
-responseStatus=`curl -s -o /dev/null -w "%{http_code}" -X PUT \
+responseStatus=`curl -s -o out.bin -w "%{http_code}" -X PUT \
   https://api.supertokens.io/0/driver \
   -H 'Content-Type: application/json' \
   -H 'api-version: 0' \
@@ -35,5 +35,6 @@ responseStatus=`curl -s -o /dev/null -w "%{http_code}" -X PUT \
 if [ $responseStatus -ne "200" ]
 then
     echo "failed core PUT API status code: $responseStatus. Exiting!"
+    cat out.bin
 	exit 1
 fi
diff --git a/.circleci/setupAndTestBackendSDKWithFreeCore.sh b/.circleci/setupAndTestBackendSDKWithFreeCore.sh
@@ -43,6 +43,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithAuthReact.sh b/.circleci/setupAndTestWithAuthReact.sh
@@ -39,6 +39,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithAuthReactWithDjango.sh b/.circleci/setupAndTestWithAuthReactWithDjango.sh
@@ -41,6 +41,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithAuthReactWithFlask.sh b/.circleci/setupAndTestWithAuthReactWithFlask.sh
@@ -41,6 +41,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithFreeCore.sh b/.circleci/setupAndTestWithFreeCore.sh
@@ -43,6 +43,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithFrontend.sh b/.circleci/setupAndTestWithFrontend.sh
@@ -39,6 +39,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithFrontendWithDjango.sh b/.circleci/setupAndTestWithFrontendWithDjango.sh
@@ -39,6 +39,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithFrontendWithDjango2x.sh b/.circleci/setupAndTestWithFrontendWithDjango2x.sh
@@ -39,6 +39,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithFrontendWithDrfAsync.sh b/.circleci/setupAndTestWithFrontendWithDrfAsync.sh
@@ -39,6 +39,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithFrontendWithDrfSync.sh b/.circleci/setupAndTestWithFrontendWithDrfSync.sh
@@ -39,6 +39,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.circleci/setupAndTestWithFrontendWithFlask.sh b/.circleci/setupAndTestWithFrontendWithFlask.sh
@@ -39,6 +39,13 @@ echo -e "core,$1\nplugin-interface,$pluginInterfaceVersionXY" > modules.txt
 ./loadModules --ssh
 cd supertokens-core
 git checkout $coreTag
+
+# Update oauth provider config in devConfig.yaml
+sed -i 's/# oauth_provider_public_service_url:/oauth_provider_public_service_url: "http:\/\/localhost:4444"/' devConfig.yaml
+sed -i 's/# oauth_provider_admin_service_url:/oauth_provider_admin_service_url: "http:\/\/localhost:4445"/' devConfig.yaml
+sed -i 's/# oauth_provider_consent_login_base_url:/oauth_provider_consent_login_base_url: "http:\/\/localhost:3001\/auth"/' devConfig.yaml
+sed -i 's/# oauth_client_secret_encryption_key:/oauth_client_secret_encryption_key: "asdfasdfasdfasdfasdf"/' devConfig.yaml
+
 cd ../supertokens-plugin-interface
 git checkout $pluginInterfaceTag
 cd ../

diff --git a/.pylintrc b/.pylintrc
@@ -124,6 +124,7 @@ disable=raw-checker-failed,
         no-else-raise,
         too-many-nested-blocks,
         broad-exception-raised,
+        too-many-public-methods,
 
 
 # Enable the message, report, category or checker with the given id(s). You can

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.27.0] - 2024-12-30
+
+- Added OAuth2Provider recipe
+- Added support for FDIs: 4.0. Required by: auth-react >=0.48.0 and web-js>=0.14.0
+
 ## [0.26.1] - 2024-11-28
 
 - Fixes dependency for docs build

diff --git a/coreDriverInterfaceSupported.json b/coreDriverInterfaceSupported.json
@@ -1,6 +1,6 @@
 {
   "_comment": "contains a list of core-driver interfaces branch names that this core supports",
   "versions": [
-    "5.1"
+    "5.2"
   ]
 }
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -9,7 +9,7 @@ flask-cors==5.0.0
 nest-asyncio==1.6.0
 pdoc3==0.11.0
 pylint==3.2.7
-pyright==1.1.389
+pyright==1.1.391
 python-dotenv==1.0.1
 pytest==8.3.3
 pytest-asyncio==0.24.0

diff --git a/examples/with-flask/with-thirdpartyemailpassword/app.py b/examples/with-flask/with-thirdpartyemailpassword/app.py
@@ -15,8 +15,10 @@
     dashboard,
     emailverification,
     session,
+    usermetadata,
     thirdparty,
 )
+from supertokens_python.recipe.session import SessionContainer
 from supertokens_python.recipe.session.framework.flask import verify_session
 
 load_dotenv()
@@ -46,6 +48,7 @@ def get_website_domain():
         session.init(),
         dashboard.init(),
         emailverification.init("REQUIRED"),
+        usermetadata.init(),
         thirdparty.init(
             sign_in_and_up_feature=thirdparty.SignInAndUpFeature(
                 providers=[
@@ -156,7 +159,7 @@ def get_website_domain():
 @app.route("/sessioninfo", methods=["GET"])  # type: ignore
 @verify_session()
 def get_session_info():
-    session_: session.SessionContainer = g.supertokens
+    session_: SessionContainer = g.supertokens
     return jsonify(
         {
             "sessionHandle": session_.get_handle(),

diff --git a/frontendDriverInterfaceSupported.json b/frontendDriverInterfaceSupported.json
@@ -6,6 +6,7 @@
         "1.19",
         "2.0",
         "3.0",
-        "3.1"
+        "3.1",
+        "4.0"
     ]
 }
diff --git a/hooks/pre-commit.sh b/hooks/pre-commit.sh
@@ -21,7 +21,7 @@ then
    git stash push -k -u -- ${files_to_stash} >/dev/null 2>/dev/null
 fi
 
-make check-lint >/dev/null 2>/dev/null
+make check-lint
 linted=$?
 
 echo "$(tput setaf 3)* Properly linted?$(tput sgr 0)"

diff --git a/setup.py b/setup.py
@@ -83,7 +83,7 @@
 
 setup(
     name="supertokens_python",
-    version="0.26.1",
+    version="0.27.0",
     author="SuperTokens",
     license="Apache 2.0",
     author_email="[email protected]",
@@ -127,6 +127,7 @@
         "aiosmtplib>=1.1.6,<4.0.0",
         "pkce<1.1.0",
         "pyotp<3",
+        "python-dateutil<3",
     ],
     python_requires=">=3.8",
     include_package_data=True,

diff --git a/supertokens_python/auth_utils.py b/supertokens_python/auth_utils.py
@@ -536,7 +536,7 @@ async def check_auth_type_and_linking_status(
         if session_user_result.status == "SHOULD_AUTOMATICALLY_LINK_FALSE":
             if should_try_linking_with_session_user is True:
                 raise BadInputError(
-                    "should_do_automatic_account_linking returned false when creating primary user but shouldTryLinkingWithSessionUser is true"
+                    "shouldDoAutomaticAccountLinking returned false when making the session user primary but shouldTryLinkingWithSessionUser is true"
                 )
             return OkFirstFactorResponse()
         elif (
@@ -565,7 +565,7 @@ async def check_auth_type_and_linking_status(
         if isinstance(should_link, ShouldNotAutomaticallyLink):
             if should_try_linking_with_session_user is True:
                 raise BadInputError(
-                    "should_do_automatic_account_linking returned false when creating primary user but shouldTryLinkingWithSessionUser is true"
+                    "shouldDoAutomaticAccountLinking returned false when making the session user primary but shouldTryLinkingWithSessionUser is true"
                 )
             return OkFirstFactorResponse()
         else:

diff --git a/supertokens_python/constants.py b/supertokens_python/constants.py
@@ -14,8 +14,8 @@
 
 from __future__ import annotations
 
-SUPPORTED_CDI_VERSIONS = ["5.1"]
-VERSION = "0.26.1"
+SUPPORTED_CDI_VERSIONS = ["5.2"]
+VERSION = "0.27.0"
 TELEMETRY = "/telemetry"
 USER_COUNT = "/users/count"
 USER_DELETE = "/user/remove"

diff --git a/supertokens_python/framework/django/django_request.py b/supertokens_python/framework/django/django_request.py
@@ -57,6 +57,8 @@ def get_cookie(self, key: str) -> Union[str, None]:
 
     def get_header(self, key: str) -> Union[None, str]:
         key = key.replace("-", "_")
+        if key.upper() in self.request.META:
+            return self.request.META.get(key.upper())
         key = "HTTP_" + key
         return self.request.META.get(key.upper())
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
             "1.19",
             "2.0",
             "3.0",
-            "3.1"
+            "3.1",
+            "4.0"
         ]
     }