swh.auth.utils module

swh.auth.utils.gen_oidc_pkce_codes() → Tuple[str, str]

Generates a code verifier and a code challenge to be used with the OpenID Connect authorization code flow with PKCE (“Proof Key for Code Exchange”, see https://tools.ietf.org/html/rfc7636).

PKCE replaces the static secret used in the standard authorization code flow with a temporary one-time challenge, making it feasible to use in public clients.

The implementation is inspired from that blog post: https://www.stefaanlippens.net/oauth-code-flow-pkce.html

swh.auth.utils.get_token_from_config(config: Dict[str, Any], realm_name: str, client_id: str) → str | None