Aller au contenu

OAuth

See the OAuth guide for the full flow.

OAuth 2.0 helpers for Pennylane partner integrations.

Pennylane supports the authorization-code flow for multi-company partner apps (https://pennylane.readme.io/docs/oauth-20-walkthrough):

  1. Send the user to :meth:OAuthApp.authorization_url.
  2. Exchange the received code with :meth:OAuthApp.exchange_code.
  3. Use Pennylane(api_token=tokens.access_token): access tokens expire after 24 hours (expires_in=86400).
  4. Refresh with :meth:OAuthApp.refresh.

.. warning:: Pennylane applies Refresh Token Rotation: every refresh invalidates BOTH previous tokens. Never run two refreshes concurrently, and persist the new pair immediately after every refresh. These helpers serialize refreshes within the current process (lock), but persistence across processes/restarts is your responsibility.

OAuthTokens

Bases: PennylaneModel

Token pair returned by the Pennylane OAuth token endpoint.

The token values are excluded from repr/str so that logging the object does not leak credentials; access them explicitly through tokens.access_token / tokens.refresh_token.

expires_in class-attribute instance-attribute

expires_in: int | None = None

Access token lifetime in seconds (Pennylane: 86400 = 24 hours).

OAuthApp

OAuthApp(
    client_id: str,
    client_secret: str,
    redirect_uri: str,
    *,
    authorize_url: str = DEFAULT_AUTHORIZE_URL,
    token_url: str = DEFAULT_TOKEN_URL,
    http_client: Client | None = None,
)

Bases: _BaseOAuthApp

Synchronous OAuth 2.0 helper. See the module docstring for the flow.

exchange_code

exchange_code(code: str) -> OAuthTokens

Exchange the authorization code for the initial token pair.

refresh

refresh(refresh_token: str) -> OAuthTokens

Get a new token pair (serialized: see Refresh Token Rotation).

Persist the returned pair immediately: the pair you passed in is now invalid.

AsyncOAuthApp

AsyncOAuthApp(
    client_id: str,
    client_secret: str,
    redirect_uri: str,
    *,
    authorize_url: str = DEFAULT_AUTHORIZE_URL,
    token_url: str = DEFAULT_TOKEN_URL,
    http_client: AsyncClient | None = None,
)

Bases: _BaseOAuthApp

Asynchronous OAuth 2.0 helper. See the module docstring for the flow.

exchange_code async

exchange_code(code: str) -> OAuthTokens

Exchange the authorization code for the initial token pair.

refresh async

refresh(refresh_token: str) -> OAuthTokens

Get a new token pair (serialized: see Refresh Token Rotation).

Persist the returned pair immediately: the pair you passed in is now invalid.