server/oauth2: add OpenAPI response schema to token endpoints

polarsource · Jul 9, 2024 · c0bcba4 · c0bcba4
1 parent 185e721
commit c0bcba4
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 1 deletion.
diff --git a/server/polar/oauth2/endpoints/oauth2.py b/server/polar/oauth2/endpoints/oauth2.py
@@ -24,13 +24,19 @@
 from ..schemas import (
     AuthorizeResponse,
     IntrospectTokenRequest,
+    IntrospectTokenResponse,
     OAuth2Client,
     OAuth2ClientConfiguration,
     OAuth2ClientConfigurationUpdate,
     RevokeTokenRequest,
+    RevokeTokenResponse,
     TokenRequestAdapter,
+    TokenResponse,
     authorize_response_adapter,
 )
+from ..schemas import (
+    UserInfo as UserInfoSchema,
+)
 from ..service.oauth2_client import oauth2_client as oauth2_client_service
 from ..sub_type import SubType
 from ..userinfo import UserInfo, generate_user_info
@@ -189,6 +195,7 @@ async def consent(
             },
         },
     },
+    response_model=TokenResponse,
 )
 async def request_token(
     request: Request,
@@ -215,6 +222,7 @@ async def request_token(
             },
         }
     },
+    response_model=RevokeTokenResponse,
 )
 async def revoke_token(
     request: Request,
@@ -243,6 +251,7 @@ async def revoke_token(
             },
         }
     },
+    response_model=IntrospectTokenResponse,
 )
 async def introspect_token(
     request: Request,
@@ -261,7 +270,7 @@ async def introspect_token(
     methods=["GET", "POST"],
     name="oauth2:userinfo",
     operation_id="oauth2:userinfo",
-    response_model=None,
+    response_model=UserInfoSchema,
     tags=[APITag.featured],
 )
 async def userinfo(token: OAuth2Token = Depends(get_token)) -> UserInfo:

diff --git a/server/polar/oauth2/schemas.py b/server/polar/oauth2/schemas.py
@@ -143,15 +143,55 @@ class RefreshTokenRequest(TokenRequestBase):
 TokenRequestAdapter: TypeAdapter[TokenRequest] = TypeAdapter(TokenRequest)
 
 
+class TokenResponse(Schema):
+    access_token: str
+    token_type: Literal["Bearer"]
+    expires_in: int
+    refresh_token: str | None = None
+    scope: str
+    id_token: str
+
+
 class RevokeTokenRequest(Schema):
     token: str
     token_type_hint: Literal["access_token", "refresh_token"] | None = None
     client_id: str
     client_secret: str
 
 
+class RevokeTokenResponse(Schema): ...
+
+
 class IntrospectTokenRequest(Schema):
     token: str
     token_type_hint: Literal["access_token", "refresh_token"] | None = None
     client_id: str
     client_secret: str
+
+
+class IntrospectTokenResponse(Schema):
+    active: bool
+    client_id: str
+    token_type: Literal["access_token", "refresh_token"]
+    scope: str
+    sub_type: SubType
+    sub: str
+    aud: str
+    iss: str
+    exp: int
+    iat: int
+
+
+class UserInfoUser(Schema):
+    sub: str
+    name: str | None = None
+    email: str | None = None
+    email_verified: bool | None = None
+
+
+class UserInfoOrganization(Schema):
+    sub: str
+    name: str | None = None
+
+
+UserInfo = UserInfoUser | UserInfoOrganization