Skip to content

auth

Helper methods for client authorisation.

You will only need to use these if you're planning to subclass the base client.

See also

This follows the OpenID Connect specification as described in the Google Identity documentation.

Scopes

Bases: Flag

An enum for API scopes.

Possible values are:

  • READONLY — Don't include revenue data from reports
  • MONETARY_READONLY — Only include revenue data from reports
  • ALL — Include all data in reports (this does not enable JWT scopes)
  • OPENID — Enable the OpenID scope
  • PROFILE — Include profile information in JWTs
  • EMAIL — Include email information in JWTs
  • ALL_JWT — Include all available information in JWTs
Changed in version 5.1
  • Added the OPENID, PROFILE, EMAIL, and ALL_JWT scopes
  • This now works like a flag enum rather than a normal one; this doesn't introduce any breaking changes (unless you're using analytix in a particularly unconventional way), but does mean you can now use a | to concatenate scopes
Source code in analytix/auth.py 
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
class Scopes(Flag):
    """An enum for API scopes.

    Possible values are:

    * `READONLY` — Don't include revenue data from reports
    * `MONETARY_READONLY` — Only include revenue data from reports
    * `ALL` — Include all data in reports (this does not enable JWT
      scopes)
    * `OPENID` — Enable the OpenID scope
    * `PROFILE` — Include profile information in JWTs
    * `EMAIL` — Include email information in JWTs
    * `ALL_JWT` — Include all available information in JWTs

    ???+ note "Changed in version 5.1"
        * Added the `OPENID`, `PROFILE`, `EMAIL`, and `ALL_JWT` scopes
        * This now works like a flag enum rather than a normal one; this
          doesn't introduce any breaking changes (unless you're using
          analytix in a particularly unconventional way), but does mean
          you can now use a `|` to concatenate scopes
    """

    READONLY = 1 << 0
    MONETARY_READONLY = 1 << 1
    ALL = READONLY | MONETARY_READONLY
    OPENID = 1 << 2
    PROFILE = 1 << 3
    EMAIL = 1 << 4
    ALL_JWT = OPENID | PROFILE | EMAIL

    @property
    def formatted(self) -> str:
        return " ".join(
            url for i, url in enumerate(SCOPE_URLS) if self.value & (1 << i)
        )

    def validate(self) -> None:
        if not (self.value & (1 << 0) or self.value & (1 << 1)):
            raise AuthorisationError(
                "the READONLY or MONETARY_READONLY scope must be provided",
            )

Secrets dataclass

A set of API secrets.

This should always be created using the load_from classmethod.

Parameters:

Name Type Description Default
type Literal['installed', 'web']

The application type. This will always be either "installed" or "web".

 required
client_id str

The client ID.

 required
project_id str

The name of the project.

 required
auth_uri str

The authorisation server endpoint URI.

 required
token_uri str

The token server endpoint URI.

 required
auth_provider_x509_cert_url str

The URL of the public x509 certificate, used to verify the signature on JWTs, such as ID tokens, signed by the authentication provider.

 required
client_secret str

The client secret.

 required
redirect_uris List[str]

A list of valid redirection endpoint URIs. This list should match the list entered for the client ID on the API Access pane of the Google APIs Console.

 required
Source code in analytix/auth.py 
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
@dataclass(frozen=True)
class Secrets:
    """A set of API secrets.

    This should always be created using the `load_from` classmethod.

    Parameters
    ----------
    type
        The application type. This will always be either "installed" or
        "web".
    client_id
        The client ID.
    project_id
        The name of the project.
    auth_uri
        The authorisation server endpoint URI.
    token_uri
        The token server endpoint URI.
    auth_provider_x509_cert_url
        The URL of the public x509 certificate, used to verify the
        signature on JWTs, such as ID tokens, signed by the
        authentication provider.
    client_secret
        The client secret.
    redirect_uris
        A list of valid redirection endpoint URIs. This list should
        match the list entered for the client ID on the API Access pane
        of the Google APIs Console.
    """

    __slots__ = (
        "type",
        "client_id",
        "project_id",
        "auth_uri",
        "token_uri",
        "auth_provider_x509_cert_url",
        "client_secret",
        "redirect_uris",
    )

    type: Literal["installed", "web"]
    client_id: str
    project_id: str
    auth_uri: str
    token_uri: str
    auth_provider_x509_cert_url: str
    client_secret: str
    redirect_uris: List[str]

    @classmethod
    def load_from(cls, path: PathLike) -> "Secrets":
        """Load secrets from a JSON file.

        ???+ note "Changed in version 5.0"
            This used to be `from_file`.

        Parameters
        ----------
        path
            The path to your secrets file.

        Returns
        -------
        Secrets
            Your secrets.

        Raises
        ------
        FileNotFoundError
            No secrets file exists at the given path.
        JSONDecodeError
            The given file is not a valid JSON file.

        Examples
        --------
        >>> Secrets.load_from("secrets.json")
        Secrets(type="installed", ...)
        """
        secrets_file = Path(path)

        if _log.isEnabledFor(logging.DEBUG):
            _log.debug("Loading secrets from %s", secrets_file.resolve())

        data = json.loads(secrets_file.read_text())
        key = next(iter(data.keys()))
        return cls(
            type=key,
            client_id=data[key]["client_id"],
            project_id=data[key]["project_id"],
            auth_uri=data[key]["auth_uri"],
            token_uri=data[key]["token_uri"],
            auth_provider_x509_cert_url=data[key]["auth_provider_x509_cert_url"],
            client_secret=data[key]["client_secret"],
            redirect_uris=data[key]["redirect_uris"],
        )

load_from classmethod 

load_from(path: PathLike) -> Secrets

Load secrets from a JSON file.

Changed in version 5.0

This used to be from_file.

Parameters:

Name Type Description Default
path PathLike

The path to your secrets file.

 required

Returns:

Type Description
Secrets

Your secrets.

Raises:

Type Description
FileNotFoundError

No secrets file exists at the given path.
JSONDecodeError

The given file is not a valid JSON file.

Examples:

>>> Secrets.load_from("secrets.json")
Secrets(type="installed", ...)
Source code in analytix/auth.py 
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
@classmethod
def load_from(cls, path: PathLike) -> "Secrets":
    """Load secrets from a JSON file.

    ???+ note "Changed in version 5.0"
        This used to be `from_file`.

    Parameters
    ----------
    path
        The path to your secrets file.

    Returns
    -------
    Secrets
        Your secrets.

    Raises
    ------
    FileNotFoundError
        No secrets file exists at the given path.
    JSONDecodeError
        The given file is not a valid JSON file.

    Examples
    --------
    >>> Secrets.load_from("secrets.json")
    Secrets(type="installed", ...)
    """
    secrets_file = Path(path)

    if _log.isEnabledFor(logging.DEBUG):
        _log.debug("Loading secrets from %s", secrets_file.resolve())

    data = json.loads(secrets_file.read_text())
    key = next(iter(data.keys()))
    return cls(
        type=key,
        client_id=data[key]["client_id"],
        project_id=data[key]["project_id"],
        auth_uri=data[key]["auth_uri"],
        token_uri=data[key]["token_uri"],
        auth_provider_x509_cert_url=data[key]["auth_provider_x509_cert_url"],
        client_secret=data[key]["client_secret"],
        redirect_uris=data[key]["redirect_uris"],
    )

Tokens dataclass

OAuth tokens.

This should always be created using one of the available classmethods.

Parameters:

Name Type Description Default
access_token str

A token that can be sent to a Google API.

 required
expires_in int

The remaining lifetime of the access token in seconds.

 required
scope str

The scopes of access granted by the access_token expressed as a list of space-delimited, case-sensitive strings.

 required
token_type Literal['Bearer']

Identifies the type of token returned. This will always be "Bearer".

 required
refresh_token str

A token that can be used to refresh your access token.

 required
id_token Optional[str]

A JWT that contains identity information about the user that is digitally signed by Google. This will be None if you did not specifically request JWT tokens when authorising.

 None
Warnings

The expires_in field is never updated by analytix, and as such will always be 3599 unless you update it yourself.

Source code in analytix/auth.py 
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
@dataclass(**({"slots": True} if sys.version_info >= (3, 10) else {}))
class Tokens:
    """OAuth tokens.

    This should always be created using one of the available
    classmethods.

    Parameters
    ----------
    access_token
        A token that can be sent to a Google API.
    expires_in
        The remaining lifetime of the access token in seconds.
    scope
        The scopes of access granted by the access_token expressed as a
        list of space-delimited, case-sensitive strings.
    token_type
        Identifies the type of token returned. This will always be
        "Bearer".
    refresh_token
        A token that can be used to refresh your access token.
    id_token
        A JWT that contains identity information about the user that is
        digitally signed by Google. This will be `None` if you did not
        specifically request JWT tokens when authorising.

    Warnings
    --------
    The `expires_in` field is never updated by analytix, and as such
    will always be `3599` unless you update it yourself.
    """

    access_token: str
    expires_in: int
    scope: str
    token_type: Literal["Bearer"]
    refresh_token: str
    id_token: Optional[str] = None

    @classmethod
    def load_from(cls, path: PathLike) -> "Tokens":
        """Load tokens from a JSON file.

        ???+ note "Changed in version 5.0"
            This used to be `from_file`.

        Parameters
        ----------
        path
            The path to your tokens file.

        Returns
        -------
        Tokens
            Your tokens.

        Raises
        ------
        FileNotFoundError
            No tokens file exists at the given path.
        JSONDecodeError
            The given file is not a valid JSON file.

        Examples
        --------
        >>> Tokens.load_from("tokens.json")
        Tokens(access_token="1234567890", ...)
        """
        tokens_file = Path(path)

        if _log.isEnabledFor(logging.DEBUG):
            _log.debug("Loading tokens from %s", tokens_file.resolve())

        return cls.from_json(tokens_file.read_text())

    @classmethod
    def from_json(cls, data: Union[str, bytes]) -> "Tokens":
        """Load tokens from raw JSON data.

        Parameters
        ----------
        data
            Your tokens in JSON form.

        Returns
        -------
        Tokens
            Your tokens.

        Raises
        ------
        JSONDecodeError
            The given file is not a valid JSON file.

        Examples
        --------
        >>> Tokens.from_json('{"access_token": "1234567890", ...}')
        Tokens(access_token="1234567890", ...)
        """
        return cls(**json.loads(data))

    def save_to(self, path: PathLike) -> None:
        """Save your tokens to disk.

        ???+ note "Changed in version 5.0"
            This used to be `write`.

        Parameters
        ----------
        path
            The path to save your tokens to.

        Returns
        -------
        None
            This method doesn't return anything.

        Examples
        --------
        >>> Tokens.save_to("tokens.json")
        """
        tokens_file = Path(path)

        if _log.isEnabledFor(logging.DEBUG):
            _log.debug("Saving tokens to %s", tokens_file.resolve())

        attrs = {
            "access_token": self.access_token,
            "expires_in": self.expires_in,
            "scope": self.scope,
            "token_type": self.token_type,
            "refresh_token": self.refresh_token,
            **({"id_token": self.id_token} if self.id_token else {}),
        }
        tokens_file.write_text(json.dumps(attrs))

    def refresh(self, data: Union[str, bytes]) -> "Tokens":
        """Updates your tokens to match those you refreshed.

        ???+ note "Changed in version 5.0"
            This used to be `update`.

        Parameters
        ----------
        data
            Your refreshed tokens in JSON form. These will not entirely
            replace your previous tokens, but instead update any
            out-of-date keys.

        Returns
        -------
        Tokens
            Your refreshed tokens.

        See Also
        --------
        * This method does not actually refresh your access token;
          for that, you'll need to use `Client.refresh_access_token`.
        * To save tokens, you'll need the `save_to` method.

        Examples
        --------
        >>> Tokens.refresh('{"access_token": "abcdefghij", ...}')
        Tokens(access_token="abcdefghij", ...)
        """
        attrs = json.loads(data)
        for key, value in attrs.items():
            setattr(self, key, value)
        return self

from_json classmethod 

from_json(data: Union[str, bytes]) -> Tokens

Load tokens from raw JSON data.

Parameters:

Name Type Description Default
data Union[str, bytes]

Your tokens in JSON form.

 required

Returns:

Type Description
Tokens

Your tokens.

Raises:

Type Description
JSONDecodeError

The given file is not a valid JSON file.

Examples:

>>> Tokens.from_json('{"access_token": "1234567890", ...}')
Tokens(access_token="1234567890", ...)
Source code in analytix/auth.py 
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
@classmethod
def from_json(cls, data: Union[str, bytes]) -> "Tokens":
    """Load tokens from raw JSON data.

    Parameters
    ----------
    data
        Your tokens in JSON form.

    Returns
    -------
    Tokens
        Your tokens.

    Raises
    ------
    JSONDecodeError
        The given file is not a valid JSON file.

    Examples
    --------
    >>> Tokens.from_json('{"access_token": "1234567890", ...}')
    Tokens(access_token="1234567890", ...)
    """
    return cls(**json.loads(data))

load_from classmethod 

load_from(path: PathLike) -> Tokens

Load tokens from a JSON file.

Changed in version 5.0

This used to be from_file.

Parameters:

Name Type Description Default
path PathLike

The path to your tokens file.

 required

Returns:

Type Description
Tokens

Your tokens.

Raises:

Type Description
FileNotFoundError

No tokens file exists at the given path.
JSONDecodeError

The given file is not a valid JSON file.

Examples:

>>> Tokens.load_from("tokens.json")
Tokens(access_token="1234567890", ...)
Source code in analytix/auth.py 
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
@classmethod
def load_from(cls, path: PathLike) -> "Tokens":
    """Load tokens from a JSON file.

    ???+ note "Changed in version 5.0"
        This used to be `from_file`.

    Parameters
    ----------
    path
        The path to your tokens file.

    Returns
    -------
    Tokens
        Your tokens.

    Raises
    ------
    FileNotFoundError
        No tokens file exists at the given path.
    JSONDecodeError
        The given file is not a valid JSON file.

    Examples
    --------
    >>> Tokens.load_from("tokens.json")
    Tokens(access_token="1234567890", ...)
    """
    tokens_file = Path(path)

    if _log.isEnabledFor(logging.DEBUG):
        _log.debug("Loading tokens from %s", tokens_file.resolve())

    return cls.from_json(tokens_file.read_text())

refresh 

refresh(data: Union[str, bytes]) -> Tokens

Updates your tokens to match those you refreshed.

Changed in version 5.0

This used to be update.

Parameters:

Name Type Description Default
data Union[str, bytes]

Your refreshed tokens in JSON form. These will not entirely replace your previous tokens, but instead update any out-of-date keys.

 required

Returns:

Type Description
Tokens

Your refreshed tokens.
See Also
  • This method does not actually refresh your access token; for that, you'll need to use Client.refresh_access_token.
  • To save tokens, you'll need the save_to method.

Examples:

>>> Tokens.refresh('{"access_token": "abcdefghij", ...}')
Tokens(access_token="abcdefghij", ...)
Source code in analytix/auth.py 
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
def refresh(self, data: Union[str, bytes]) -> "Tokens":
    """Updates your tokens to match those you refreshed.

    ???+ note "Changed in version 5.0"
        This used to be `update`.

    Parameters
    ----------
    data
        Your refreshed tokens in JSON form. These will not entirely
        replace your previous tokens, but instead update any
        out-of-date keys.

    Returns
    -------
    Tokens
        Your refreshed tokens.

    See Also
    --------
    * This method does not actually refresh your access token;
      for that, you'll need to use `Client.refresh_access_token`.
    * To save tokens, you'll need the `save_to` method.

    Examples
    --------
    >>> Tokens.refresh('{"access_token": "abcdefghij", ...}')
    Tokens(access_token="abcdefghij", ...)
    """
    attrs = json.loads(data)
    for key, value in attrs.items():
        setattr(self, key, value)
    return self

save_to 

save_to(path: PathLike) -> None

Save your tokens to disk.

Changed in version 5.0

This used to be write.

Parameters:

Name Type Description Default
path PathLike

The path to save your tokens to.

 required

Returns:

Type Description
None

This method doesn't return anything.

Examples:

>>> Tokens.save_to("tokens.json")
Source code in analytix/auth.py 
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
def save_to(self, path: PathLike) -> None:
    """Save your tokens to disk.

    ???+ note "Changed in version 5.0"
        This used to be `write`.

    Parameters
    ----------
    path
        The path to save your tokens to.

    Returns
    -------
    None
        This method doesn't return anything.

    Examples
    --------
    >>> Tokens.save_to("tokens.json")
    """
    tokens_file = Path(path)

    if _log.isEnabledFor(logging.DEBUG):
        _log.debug("Saving tokens to %s", tokens_file.resolve())

    attrs = {
        "access_token": self.access_token,
        "expires_in": self.expires_in,
        "scope": self.scope,
        "token_type": self.token_type,
        "refresh_token": self.refresh_token,
        **({"id_token": self.id_token} if self.id_token else {}),
    }
    tokens_file.write_text(json.dumps(attrs))

auth_uri 

auth_uri(secrets: Secrets, scopes: Scopes, port: int) -> UriParams

Returns the authentication URI and parameters.

Changed in version 5.0
  • This now takes scopes as a parameter
  • This now returns headers (albeit always empty) to be more consistent with other functions
  • The redirect URI to use is now chosen more intelligently -- it will be the first in the list not intended to be used in OOB authorisation.

Parameters:

Name Type Description Default
secrets Secrets

Your secrets.

 required
scopes Scopes

The scopes to allow in requests.

 required
port int

The websocket port you wish to use.

 required

Returns:

Name Type Description
auth_uri str

The computed authentication URI.
params Dict[str, str]

The query parameters as a dictionary.
headers Dict[str, str]

Necessary request headers. This is always empty.
Source code in analytix/auth.py 
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
def auth_uri(secrets: Secrets, scopes: Scopes, port: int) -> UriParams:
    """Returns the authentication URI and parameters.

    ???+ note "Changed in version 5.0"
        * This now takes scopes as a parameter
        * This now returns headers (albeit always empty) to be more
          consistent with other functions
        * The redirect URI to use is now chosen more intelligently --
          it will be the first in the list not intended to be used in
          OOB authorisation.

    Parameters
    ----------
    secrets
        Your secrets.
    scopes
        The scopes to allow in requests.
    port
        The websocket port you wish to use.

    Returns
    -------
    auth_uri : str
        The computed authentication URI.
    params : Dict[str, str]
        The query parameters as a dictionary.
    headers : Dict[str, str]
        Necessary request headers. This is always empty.
    """
    redirect_uri = next(
        uri
        for uri in secrets.redirect_uris
        if uri != "oob" and "urn:ietf:wg:oauth:2.0:oob" not in uri
    )

    params = {
        "client_id": secrets.client_id,
        "nonce": state_token(),
        "response_type": "code",
        "redirect_uri": redirect_uri + (f":{port}" if port != 80 else ""),
        "scope": scopes.formatted,
        "state": state_token(),
        "access_type": "offline",
    }

    return f"{secrets.auth_uri}?{urlencode(params)}", params, {}

refresh_uri 

refresh_uri(secrets: Secrets, token: str) -> UriParams

Returns the refresh URI, data, and headers.

Parameters:

Name Type Description Default
secrets Secrets

Your secrets.

 required
token str

Your refresh token.

 required

Returns:

Name Type Description
token_uri str

Your token URI.
data Dict[str, str]

Necessary request data.
headers Dict[str, str]

Necessary request headers.
Source code in analytix/auth.py 
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
def refresh_uri(secrets: Secrets, token: str) -> UriParams:
    """Returns the refresh URI, data, and headers.

    Parameters
    ----------
    secrets
        Your secrets.
    token
        Your refresh token.

    Returns
    -------
    token_uri : str
        Your token URI.
    data : Dict[str, str]
        Necessary request data.
    headers : Dict[str, str]
        Necessary request headers.
    """
    data = {
        "client_id": secrets.client_id,
        "client_secret": secrets.client_secret,
        "refresh_token": token,
        "grant_type": "refresh_token",
    }
    headers = {"Content-Type": "application/x-www-form-urlencoded"}
    return secrets.token_uri, data, headers

run_flow 

run_flow(auth_params: Dict[str, str]) -> str

Start a webserver and listen for an authentication code.

Changed in version 5.0

This used to be authenticate.

Parameters:

Name Type Description Default
auth_params Dict[str, str]

The parameters generated from the auth_uri method.

 required

Returns:

Type Description
str

Your authentication code.

Raises:

Type Description
AuthorisationError
  • You provided an invalid redirect URI
  • The received state does not match the generated one
Source code in analytix/auth.py 
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
def run_flow(auth_params: Dict[str, str]) -> str:
    """Start a webserver and listen for an authentication code.

    ???+ note "Changed in version 5.0"
        This used to be `authenticate`.

    Parameters
    ----------
    auth_params
        The parameters generated from the `auth_uri` method.

    Returns
    -------
    str
        Your authentication code.

    Raises
    ------
    AuthorisationError
        * You provided an invalid redirect URI
        * The received state does not match the generated one
    """
    if not (match := REDIRECT_URI_PATTERN.match(auth_params["redirect_uri"])):
        raise AuthorisationError("invalid redirect URI")

    class RequestHandler(BaseHTTPRequestHandler):
        def log_request(
            self,
            code: Union[int, str] = "-",
            _: Union[int, str] = "-",
        ) -> None:
            _log.debug(f"Received request ({code})")

        def do_GET(self) -> None:  # noqa: N802
            self.send_response(200)
            self.send_header("Content-Type", "text/html")
            self.end_headers()

            self.server: Server
            self.server.query_params = dict(parse_qsl(self.path.split("?")[1]))
            self.wfile.write((Path(__file__).parent / "landing.html").read_bytes())

    class Server(HTTPServer):
        def __init__(self, address: str, port: int) -> None:
            super().__init__((address, port), RequestHandler)
            self.query_params: Dict[str, str] = {}
            _log.debug("Started webserver on %s:%d", self.server_name, self.server_port)

        def server_close(self) -> None:
            super().server_close()
            _log.debug("Closed webserver")

    host, port = match.groups()
    ws = Server(host, int(port or 80))

    try:
        ws.handle_request()
    except KeyboardInterrupt as exc:
        raise exc
    finally:
        ws.server_close()

    if auth_params["state"] != ws.query_params["state"]:
        raise AuthorisationError("invalid state")

    return ws.query_params["code"]

state_token 

state_token() -> str

Generates a state token.

Returns:

Type Description
str

A new state token.

Examples:

>>> state_token()
'385cdc1c6e9410120755ecf1c0558299be58bd3bcc6f515addaa817df5e10fd2'
Source code in analytix/auth.py 
398
399
400
401
402
403
404
405
406
407
408
409
410
411
def state_token() -> str:
    """Generates a state token.

    Returns
    -------
    str
        A new state token.

    Examples
    --------
    >>> state_token()
    '385cdc1c6e9410120755ecf1c0558299be58bd3bcc6f515addaa817df5e10fd2'
    """
    return secrets.token_hex()

token_uri 

token_uri(secrets: Secrets, code: str, redirect_uri: str) -> UriParams

Returns the token URI, data, and headers.

Parameters:

Name Type Description Default
secrets Secrets

Your secrets.

 required
code str

Your authentication code.

 required
redirect_uri str

Your redirect URI. This should be identical to the one you generated in auth_uri.

 required

Returns:

Name Type Description
token_uri str

Your token URI.
data Dict[str, str]

Necessary request data.
headers Dict[str, str]

Necessary request headers.
Source code in analytix/auth.py 
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
def token_uri(secrets: Secrets, code: str, redirect_uri: str) -> UriParams:
    """Returns the token URI, data, and headers.

    Parameters
    ----------
    secrets
        Your secrets.
    code
        Your authentication code.
    redirect_uri
        Your redirect URI. This should be identical to the one you
        generated in `auth_uri`.

    Returns
    -------
    token_uri : str
        Your token URI.
    data : Dict[str, str]
        Necessary request data.
    headers : Dict[str, str]
        Necessary request headers.
    """
    data = {
        "code": code,
        "client_id": secrets.client_id,
        "client_secret": secrets.client_secret,
        "redirect_uri": redirect_uri,
        "grant_type": "authorization_code",
    }
    headers = {"Content-Type": "application/x-www-form-urlencoded"}
    return secrets.token_uri, data, headers