docs/oauth2/endpoints/metadata.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

===================
Metadata endpoint
===================

OAuth2.0 Authorization Server Metadata (`RFC8414`_) endpoint provide the metadata of your authorization server. Since the metadata results can be a combination of OAuthlib's Endpoint (see :doc:`preconfigured_servers`), the MetadataEndpoint's class takes a list of Endpoints in parameter, and aggregate the metadata in the response.

See below an example of usage with `bottle-oauthlib`_ when using a `LegacyApplicationServer` (password grant) endpoint:

.. code-block:: python

    import bottle
    from bottle_oauthlib.oauth2 import BottleOAuth2
    from oauthlib import oauth2

    app = bottle.Bottle()
    app.authmetadata = BottleOAuth2(app)

    oauthlib_server = oauth2.LegacyApplicationServer(oauth2.RequestValidator())
    app.authmetadata.initialize(oauth2.MetadataEndpoint([oauthlib_server], claims={
        "issuer": "https://xx",
        "token_endpoint": "https://xx/token",
        "revocation_endpoint": "https://xx/revoke",
        "introspection_endpoint": "https://xx/tokeninfo"
    }))


    @app.get('/.well-known/oauth-authorization-server')
    @app.authmetadata.create_metadata_response()
    def metadata():
        pass


    if __name__ == "__main__":
        app.run()  # pragma: no cover


Sample response's output:


.. code-block:: javascript

    $ curl -s http://localhost:8080/.well-known/oauth-authorization-server|jq .
    {
      "issuer": "https://xx",
      "token_endpoint": "https://xx/token",
      "revocation_endpoint": "https://xx/revoke",
      "introspection_endpoint": "https://xx/tokeninfo",
      "grant_types_supported": [
        "password",
        "refresh_token"
      ],
      "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
      ],
      "revocation_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
      ],
      "introspection_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
      ]
    }

        
.. autoclass:: oauthlib.oauth2.MetadataEndpoint
    :members:


.. _`RFC8414`: https://tools.ietf.org/html/rfc8414
.. _`bottle-oauthlib`: https://github.com/thomsonreuters/bottle-oauthli