Skip to content

Class tigrbl_auth.rfc.rfc8693.TokenExchangeRequest

tigrbl_auth.rfc.rfc8693.TokenExchangeRequest

TokenExchangeRequest(
    grant_type,
    subject_token,
    subject_token_type,
    *,
    actor_token=None,
    actor_token_type=None,
    resource=None,
    audience=None,
    scope=None,
    requested_token_type=None,
)

Represents a token exchange request per RFC 8693.

Initialize a token exchange request.

PARAMETER DESCRIPTION
grant_type

Must be TOKEN_EXCHANGE_GRANT_TYPE

TYPE: str

subject_token

The token representing the subject

TYPE: str

subject_token_type

Type URI of the subject token

TYPE: str

actor_token

Optional token representing the actor

TYPE: Optional[str] DEFAULT: None

actor_token_type

Type URI of the actor token (required if actor_token provided)

TYPE: Optional[str] DEFAULT: None

resource

Optional target resource(s)

TYPE: Optional[Union[str, List[str]]] DEFAULT: None

audience

Optional target audience(s)

TYPE: Optional[Union[str, List[str]]] DEFAULT: None

scope

Optional requested scope

TYPE: Optional[str] DEFAULT: None

requested_token_type

Optional requested token type

TYPE: Optional[str] DEFAULT: None

Source code in tigrbl_auth/rfc/rfc8693.py
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
def __init__(
    self,
    grant_type: str,
    subject_token: str,
    subject_token_type: str,
    *,
    actor_token: Optional[str] = None,
    actor_token_type: Optional[str] = None,
    resource: Optional[Union[str, List[str]]] = None,
    audience: Optional[Union[str, List[str]]] = None,
    scope: Optional[str] = None,
    requested_token_type: Optional[str] = None,
):
    """Initialize a token exchange request.

    Args:
        grant_type: Must be TOKEN_EXCHANGE_GRANT_TYPE
        subject_token: The token representing the subject
        subject_token_type: Type URI of the subject token
        actor_token: Optional token representing the actor
        actor_token_type: Type URI of the actor token (required if actor_token provided)
        resource: Optional target resource(s)
        audience: Optional target audience(s)
        scope: Optional requested scope
        requested_token_type: Optional requested token type
    """
    self.grant_type = grant_type
    self.subject_token = subject_token
    self.subject_token_type = subject_token_type
    self.actor_token = actor_token
    self.actor_token_type = actor_token_type
    self.resource = resource
    self.audience = audience
    self.scope = scope
    self.requested_token_type = requested_token_type

grant_type instance-attribute

grant_type = grant_type

subject_token instance-attribute

subject_token = subject_token

subject_token_type instance-attribute

subject_token_type = subject_token_type

actor_token instance-attribute

actor_token = actor_token

actor_token_type instance-attribute

actor_token_type = actor_token_type

resource instance-attribute

resource = resource

audience instance-attribute

audience = audience

scope instance-attribute

scope = scope

requested_token_type instance-attribute

requested_token_type = requested_token_type

validate

validate()

Validate the token exchange request per RFC 8693.

Source code in tigrbl_auth/rfc/rfc8693.py
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
def validate(self) -> None:
    """Validate the token exchange request per RFC 8693."""
    if self.grant_type != TOKEN_EXCHANGE_GRANT_TYPE:
        raise ValueError(f"Invalid grant_type: {self.grant_type}")

    if not self.subject_token:
        raise ValueError("subject_token is required")

    if not self.subject_token_type:
        raise ValueError("subject_token_type is required")

    if self.actor_token and not self.actor_token_type:
        raise ValueError(
            "actor_token_type is required when actor_token is provided"
        )

    if self.actor_token_type and not self.actor_token:
        raise ValueError(
            "actor_token is required when actor_token_type is provided"
        )