SDKsPython SDKOAuth 2.1
Authorization
Build OAuth 2.1 authorization URLs and exchange codes with the Python SDK.
Authorization
build_authorization_url()
Generate an authorization URL with PKCE.
def build_authorization_url(
self,
*,
scopes: list[str],
redirect_uri: str,
state: str | None = None,
prompt: str | None = None,
login_hint: str | None = None,
organization_id: str | None = None,
) -> AuthorizationUrlBasic usage
result = client.oauth.build_authorization_url(
scopes=["openid", "profile", "email", "offline_access"],
redirect_uri="https://myapp.com/callback",
)
print(result.url) # Full authorization URL
print(result.code_verifier) # Store for code exchange
print(result.state) # Store for CSRF validation
# Redirect user to result.urlexchange_code()
Exchange the authorization code for tokens.
tokens = client.oauth.exchange_code(
code="AUTH_CODE",
code_verifier=saved_code_verifier,
redirect_uri="https://myapp.com/callback",
)
print(tokens.access_token)
print(tokens.refresh_token)
print(tokens.id_token)
print(tokens.expires_in) # 900 secondsFlask callback handler
from flask import Flask, redirect, request, session
from avnology_id import AvnologyId
app = Flask(__name__)
client = AvnologyId(
base_url="https://api.id.avnology.com",
client_id="app_abc123",
client_secret="sk_live_...",
)
@app.route("/login")
def login():
result = client.oauth.build_authorization_url(
scopes=["openid", "profile", "email"],
redirect_uri="https://myapp.com/callback",
)
session["code_verifier"] = result.code_verifier
session["oauth_state"] = result.state
return redirect(result.url)
@app.route("/callback")
def callback():
code = request.args.get("code")
state = request.args.get("state")
if state != session.get("oauth_state"):
return "State mismatch", 400
tokens = client.oauth.exchange_code(
code=code,
code_verifier=session.pop("code_verifier"),
redirect_uri="https://myapp.com/callback",
)
session["access_token"] = tokens.access_token
return redirect("/dashboard")See also
- Tokens -- Token management
- Client credentials -- M2M auth