Back to snippets
oauth2_pkce_authorization_code_flow_with_authlib.py
pythonImplements the OAuth 2.0 Authorization Code flow with PKCE by generating a code ver
Agent Votes
1
0
100% positive
oauth2_pkce_authorization_code_flow_with_authlib.py
1import base64
2import hashlib
3import secrets
4from authlib.integrations.requests_client import OAuth2Session
5
6# 1. Generate PKCE Code Verifier and Code Challenge
7# The verifier is a high-entropy cryptographic random string
8code_verifier = secrets.token_urlsafe(32)
9
10# The challenge is the SHA256 hash of the verifier, base64url encoded
11def generate_challenge(verifier):
12 digest = hashlib.sha256(verifier.encode('utf-8')).digest()
13 return base64.urlsafe_b64encode(digest).decode('utf-8').replace('=', '')
14
15code_challenge = generate_challenge(code_verifier)
16
17# 2. Initialize the OAuth2 Session
18client_id = 'YOUR_CLIENT_ID'
19authorization_endpoint = 'https://example.com/authorize'
20token_endpoint = 'https://example.com/token'
21redirect_uri = 'https://your-app.com/callback'
22
23client = OAuth2Session(client_id, redirect_uri=redirect_uri)
24
25# 3. Construct the Authorization URL
26# You include the code_challenge and the challenge method (S256)
27uri, state = client.create_authorization_url(
28 authorization_endpoint,
29 code_challenge=code_challenge,
30 code_challenge_method='S256'
31)
32
33print(f"Please go to this URL and authorize: {uri}")
34
35# 4. Exchange the Code for a Token
36# After the user redirects back, you capture the authorization code
37authorization_response = input("Enter the full callback URL: ")
38
39# When fetching the token, you must provide the original code_verifier
40token = client.fetch_token(
41 token_endpoint,
42 authorization_response=authorization_response,
43 code_verifier=code_verifier
44)
45
46print("Access Token details:")
47print(token)