MCPcopy Index your code
hub / github.com/fastapi-users/fastapi-users / callback

Function callback

fastapi_users/router/oauth.py:139–211  ·  view source on GitHub ↗
(
        request: Request,
        access_token_state: tuple[OAuth2Token, str] = Depends(
            oauth2_authorize_callback
        ),
        user_manager: BaseUserManager[models.UP, models.ID] = Depends(get_user_manager),
        strategy: Strategy[models.UP, models.ID] = Depends(backend.get_strategy),
    )

Source from the content-addressed store, hash-verified

137 },
138 )
139 async def callback(
140 request: Request,
141 access_token_state: tuple[OAuth2Token, str] = Depends(
142 oauth2_authorize_callback
143 ),
144 user_manager: BaseUserManager[models.UP, models.ID] = Depends(get_user_manager),
145 strategy: Strategy[models.UP, models.ID] = Depends(backend.get_strategy),
146 ):
147 token, state = access_token_state
148
149 try:
150 state_data = decode_jwt(state, state_secret, [STATE_TOKEN_AUDIENCE])
151 except jwt.DecodeError:
152 raise HTTPException(
153 status_code=status.HTTP_400_BAD_REQUEST,
154 detail=ErrorCode.ACCESS_TOKEN_DECODE_ERROR,
155 )
156 except jwt.ExpiredSignatureError:
157 raise HTTPException(
158 status_code=status.HTTP_400_BAD_REQUEST,
159 detail=ErrorCode.ACCESS_TOKEN_ALREADY_EXPIRED,
160 )
161
162 cookie_csrf_token = request.cookies.get(csrf_token_cookie_name)
163 state_csrf_token = state_data.get(CSRF_TOKEN_KEY)
164 if (
165 not cookie_csrf_token
166 or not state_csrf_token
167 or not secrets.compare_digest(cookie_csrf_token, state_csrf_token)
168 ):
169 raise HTTPException(
170 status_code=status.HTTP_400_BAD_REQUEST,
171 detail=ErrorCode.OAUTH_INVALID_STATE,
172 )
173
174 account_id, account_email = await oauth_client.get_id_email(
175 token["access_token"]
176 )
177
178 if account_email is None:
179 raise HTTPException(
180 status_code=status.HTTP_400_BAD_REQUEST,
181 detail=ErrorCode.OAUTH_NOT_AVAILABLE_EMAIL,
182 )
183
184 try:
185 user = await user_manager.oauth_callback(
186 oauth_client.name,
187 token["access_token"],
188 account_id,
189 account_email,
190 token.get("expires_at"),
191 token.get("refresh_token"),
192 request,
193 associate_by_email=associate_by_email,
194 is_verified_by_default=is_verified_by_default,
195 )
196 except UserAlreadyExists:

Callers

nothing calls this directly

Calls 6

decode_jwtFunction · 0.90
oauth_callbackMethod · 0.80
loginMethod · 0.80
on_after_loginMethod · 0.80
getMethod · 0.45

Tested by

no test coverage detected