OAuth¶
See the OAuth guide for the full flow.
OAuth 2.0 helpers for Pennylane partner integrations.
Pennylane supports the authorization-code flow for multi-company partner apps (https://pennylane.readme.io/docs/oauth-20-walkthrough):
- Send the user to :meth:
OAuthApp.authorization_url. - Exchange the received code with :meth:
OAuthApp.exchange_code. - Use
Pennylane(api_token=tokens.access_token): access tokens expire after 24 hours (expires_in=86400). - Refresh with :meth:
OAuthApp.refresh.
.. warning:: Pennylane applies Refresh Token Rotation: every refresh invalidates BOTH previous tokens. Never run two refreshes concurrently, and persist the new pair immediately after every refresh. These helpers serialize refreshes within the current process (lock), but persistence across processes/restarts is your responsibility.
OAuthTokens ¶
Bases: PennylaneModel
Token pair returned by the Pennylane OAuth token endpoint.
The token values are excluded from repr/str so that logging the
object does not leak credentials; access them explicitly through
tokens.access_token / tokens.refresh_token.
expires_in
class-attribute
instance-attribute
¶
expires_in: int | None = None
Access token lifetime in seconds (Pennylane: 86400 = 24 hours).
OAuthApp ¶
OAuthApp(
client_id: str,
client_secret: str,
redirect_uri: str,
*,
authorize_url: str = DEFAULT_AUTHORIZE_URL,
token_url: str = DEFAULT_TOKEN_URL,
http_client: Client | None = None,
)
Bases: _BaseOAuthApp
Synchronous OAuth 2.0 helper. See the module docstring for the flow.
exchange_code ¶
exchange_code(code: str) -> OAuthTokens
Exchange the authorization code for the initial token pair.
refresh ¶
refresh(refresh_token: str) -> OAuthTokens
Get a new token pair (serialized: see Refresh Token Rotation).
Persist the returned pair immediately: the pair you passed in is now invalid.
AsyncOAuthApp ¶
AsyncOAuthApp(
client_id: str,
client_secret: str,
redirect_uri: str,
*,
authorize_url: str = DEFAULT_AUTHORIZE_URL,
token_url: str = DEFAULT_TOKEN_URL,
http_client: AsyncClient | None = None,
)
Bases: _BaseOAuthApp
Asynchronous OAuth 2.0 helper. See the module docstring for the flow.
exchange_code
async
¶
exchange_code(code: str) -> OAuthTokens
Exchange the authorization code for the initial token pair.
refresh
async
¶
refresh(refresh_token: str) -> OAuthTokens
Get a new token pair (serialized: see Refresh Token Rotation).
Persist the returned pair immediately: the pair you passed in is now invalid.