Skip to main content

AuthorizationService

OAuth authorization implementation used by flet.Page.login.

The service coordinates authorization URL generation, token exchange, token refresh, and optional user/group resolution using the configured OAuthProvider.

Parameters:

  • provider (OAuthProvider) - Configured OAuthProvider describing OAuth endpoints, credentials, and optional user/group APIs.
  • fetch_user (bool) - Whether to request provider user profile information.
  • fetch_groups (bool) - Whether to request user groups/roles.
  • scope (Optional[list[str]], default: None) - Initial OAuth scopes. The service augments this list with provider defaults (provider.scopes) and, when enabled, provider user/group scopes.

Inherits: auth.Authorization

Properties

Methods

  • dehydrate_token - Restore and validate previously persisted token state.
  • get_authorization_data - Generate authorization URL and CSRF state for OAuth redirect flow.
  • get_token - Return current token after applying refresh logic when required.
  • request_token - Exchange authorization code for access token and optional profile data.

Properties

fetch_groupsinstance-attribute

fetch_userinstance-attribute

providerinstance-attribute

scopeinstance-attribute

userinstance-attribute

user: Optional[User] = None

Methods

dehydrate_tokenasync

dehydrate_token(saved_token: str)

Restore and validate previously persisted token state.

The token is deserialized, refreshed when expired, and optionally used to load user and group metadata.

Parameters:

get_authorization_data

get_authorization_data()

Generate authorization URL and CSRF state for OAuth redirect flow.

Returns:

  • tuple[str, str] - A tuple of (authorization_url, state).

get_tokenasync

get_token()

Return current token after applying refresh logic when required.

Returns:

  • Current (Optional[OAuthToken]) - class:~flet.auth.OAuthToken, or None if no token is available yet.

request_tokenasync

request_token(code: str)

Exchange authorization code for access token and optional profile data.

Parameters:

  • code (str) - Provider-issued authorization code returned to redirect URL.

Raises:

  • httpx.HTTPStatusError - If token endpoint returns a non-success status.