Change token in session

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

https://authlib.org/

BSD 3-Clause "New" or "Revised" License

4.39k stars 436 forks source link

Change token in session #653

Open devmitrandir opened 1 month ago

devmitrandir commented 1 month ago

Hello!

I don't need to add a token to the store. I want to set the updated token in request.session. Is it possible?

I use this demo https://github.com/authlib/demo-oauth-client/blob/master/fastapi-twitter-login/app.py

async def update_token(token, refresh_token=None, access_token=None):
    # I want this
    # request.session['token'] = token
    await asyncio.sleep(0)

oauth = OAuth()
oauth.register(
    ...,
    update_token=update_token
)

codespearhead commented 4 days ago

I don't need to add a token to the store.

Does this answer your question?

https://github.com/lepture/authlib/blob/0ad753cbe39e3cb5bee33ef93b7497020a33dea1/docs/client/frameworks.rst?plain=1#L261-L298

Not having a single source of truth will make handling the token, especially its lifecycle management, very hard, unless you make that session a global variable, which is an equally bad practice.