nat.front_ends.fastapi.auth_flow_handlers.http_flow_handler#

Attributes#

`logger`
`_oauth_execution_ctx`

Classes#

`_OAuthExecutionContext`	Per-execution context for OAuth, stored in a task-local context var.
`HTTPAuthenticationFlowHandler`	HTTP-based authentication flow handler.

Module Contents#

logger#

class _OAuthExecutionContext#

Per-execution context for OAuth, stored in a task-local context var.

execution_id: str#

store: nat.front_ends.fastapi.execution_store.ExecutionStore#

stream_queue: asyncio.Queue[nat.data_models.api_server.ResponseSerializable | None] | None = None#

_oauth_execution_ctx: contextvars.ContextVar[_OAuthExecutionContext | None]#

class HTTPAuthenticationFlowHandler( add_flow_cb: collections.abc.Callable[[str, nat.front_ends.fastapi.auth_flow_handlers.websocket_flow_handler.FlowState], collections.abc.Awaitable[None]] | None = None, remove_flow_cb: collections.abc.Callable[[str], collections.abc.Awaitable[None]] | None = None, auth_timeout_seconds: float = 300.0, )#

Bases: nat.authentication.interfaces.FlowHandlerBase

HTTP-based authentication flow handler.

When an execution context is set (via set_execution_context()), the handler supports the OAuth2 Authorization Code flow by:

Creating the OAuth client and authorization URL.
Registering the flow with the worker’s _add_flow / _remove_flow callbacks (same FlowState as the WebSocket handler).
Publishing oauth_required to the execution store (and optionally pushing a StreamOAuthEvent onto a stream queue).
Awaiting flow_state.future – the background task blocks here until the existing redirect_uri endpoint resolves the future.

Without an execution context the handler falls back to raising NotImplementedError (preserving existing behaviour).

The execution context is stored in a contextvars variable so concurrent executions sharing the same handler instance do not race.

_add_flow_cb = None#

_remove_flow_cb = None#

_auth_timeout_seconds = 300.0#

static set_execution_context( execution_id: str, store: nat.front_ends.fastapi.execution_store.ExecutionStore, stream_queue: asyncio.Queue[nat.data_models.api_server.ResponseSerializable | None] | None = None, ) → None#

Attach the current execution context so authenticate can coordinate.

Uses a contextvars.ContextVar so each asyncio.Task (i.e. each execution) has its own isolated context.

static clear_execution_context() → None#

async authenticate( config: nat.data_models.authentication.AuthProviderBaseConfig, method: nat.data_models.authentication.AuthFlowType, ) → nat.data_models.authentication.AuthenticatedContext#

Perform the authentication process for the client.

This method handles the necessary steps to authenticate the client with the target API service, which may include obtaining tokens, refreshing credentials, or completing multistep authentication flows.

Raises:: NotImplementedError: Must be implemented by subclasses.

_create_oauth_client( config: nat.authentication.oauth2.oauth2_auth_code_flow_provider_config.OAuth2AuthCodeFlowProviderConfig, ) → authlib.integrations.httpx_client.AsyncOAuth2Client#

_create_authorization_url( client: authlib.integrations.httpx_client.AsyncOAuth2Client, config: nat.authentication.oauth2.oauth2_auth_code_flow_provider_config.OAuth2AuthCodeFlowProviderConfig, state: str, verifier: str | None = None, challenge: str | None = None, ) → str#

async _handle_oauth2_auth_code_flow( config: nat.authentication.oauth2.oauth2_auth_code_flow_provider_config.OAuth2AuthCodeFlowProviderConfig, ctx: _OAuthExecutionContext, ) → nat.data_models.authentication.AuthenticatedContext#