OAuth2AuthorizationCodeBearer Class — fastapi Architecture

Architecture documentation for the OAuth2AuthorizationCodeBearer class in oauth2.py from the fastapi codebase.

Class python Security

Entity Profile

Security→ OAuth2AuthorizationCodeBearer Class — fastapi Architecture

Dependency Diagram

graph TD
  79a687d7_9ba3_0c89_6872_bd0923acf64f["OAuth2AuthorizationCodeBearer"]
  f0e2889d_18fe_8d6f_c8d5_f009c8384bc4["OAuth2"]
  79a687d7_9ba3_0c89_6872_bd0923acf64f -->|extends| f0e2889d_18fe_8d6f_c8d5_f009c8384bc4
  efdd0530_d49f_83d3_f1d5_e8884b1b9602["oauth2.py"]
  79a687d7_9ba3_0c89_6872_bd0923acf64f -->|defined in| efdd0530_d49f_83d3_f1d5_e8884b1b9602
  d9eb2129_e2de_b7fe_afc9_066c79efc3d4["__init__()"]
  79a687d7_9ba3_0c89_6872_bd0923acf64f -->|method| d9eb2129_e2de_b7fe_afc9_066c79efc3d4
  792b0068_1314_2ef5_1e7b_e8b9a85e1c47["__call__()"]
  79a687d7_9ba3_0c89_6872_bd0923acf64f -->|method| 792b0068_1314_2ef5_1e7b_e8b9a85e1c47

Relationship Graph

Source Code

fastapi/security/oauth2.py lines 547–650

class OAuth2AuthorizationCodeBearer(OAuth2):
    """
    OAuth2 flow for authentication using a bearer token obtained with an OAuth2 code
    flow. An instance of it would be used as a dependency.
    """

    def __init__(
        self,
        authorizationUrl: str,
        tokenUrl: Annotated[
            str,
            Doc(
                """
                The URL to obtain the OAuth2 token.
                """
            ),
        ],
        refreshUrl: Annotated[
            Optional[str],
            Doc(
                """
                The URL to refresh the token and obtain a new one.
                """
            ),
        ] = None,
        scheme_name: Annotated[
            Optional[str],
            Doc(
                """
                Security scheme name.

                It will be included in the generated OpenAPI (e.g. visible at `/docs`).
                """
            ),
        ] = None,
        scopes: Annotated[
            Optional[dict[str, str]],
            Doc(
                """
                The OAuth2 scopes that would be required by the *path operations* that
                use this dependency.
                """
            ),
        ] = None,
        description: Annotated[
            Optional[str],
            Doc(
                """
                Security scheme description.

                It will be included in the generated OpenAPI (e.g. visible at `/docs`).
                """
            ),
        ] = None,
        auto_error: Annotated[
            bool,
            Doc(
                """
                By default, if no HTTP Authorization header is provided, required for
                OAuth2 authentication, it will automatically cancel the request and
                send the client an error.

                If `auto_error` is set to `False`, when the HTTP Authorization header
                is not available, instead of erroring out, the dependency result will
                be `None`.

                This is useful when you want to have optional authentication.

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, with OAuth2
                or in a cookie).
                """
            ),
        ] = True,
    ):
        if not scopes:
            scopes = {}
        flows = OAuthFlowsModel(
            authorizationCode=cast(
                Any,
                {