graph LR
AuthenticationService["AuthenticationService"]
OAuth2FlowBase["OAuth2FlowBase"]
OAuth2FlowNoRedirect["OAuth2FlowNoRedirect"]
OAuth2FlowRedirect["OAuth2FlowRedirect"]
OAuth2FlowResults["OAuth2FlowResults"]
OAuth2FlowExceptions["OAuth2FlowExceptions"]
AuthErrors["AuthErrors"]
AuthenticationService -- "orchestrates" --> OAuth2FlowNoRedirect
AuthenticationService -- "orchestrates" --> OAuth2FlowRedirect
AuthenticationService -- "handles" --> AuthErrors
AuthenticationService -- "handles" --> OAuth2FlowExceptions
OAuth2FlowNoRedirect -- "inherits from" --> OAuth2FlowBase
OAuth2FlowRedirect -- "inherits from" --> OAuth2FlowBase
OAuth2FlowNoRedirect -- "produces" --> OAuth2FlowResults
OAuth2FlowRedirect -- "produces" --> OAuth2FlowResults
OAuth2FlowBase -- "raises" --> OAuth2FlowExceptions
OAuth2FlowRedirect -- "validates with" --> OAuth2FlowExceptions
AuthErrors -- "groups" --> AccessError
AuthErrors -- "groups" --> AuthError
The AuthenticationService subsystem in Dropbox manages secure user authentication and authorization using OAuth2, including PKCE. It provides distinct flows for redirect-based (web) and no-redirect (command-line) applications, ensuring proper handling of authorization codes, access tokens, and refresh tokens. The subsystem also defines a comprehensive set of exceptions to manage various authentication and access-related errors, providing clear error handling for different failure scenarios.
Manages user authentication and authorization flows, including OAuth2 and PKCE, and defines various authentication-related errors. It ensures secure access to Dropbox resources.
Related Classes/Methods:
dropbox.oauth.DropboxOAuth2FlowBase(119:263)dropbox.oauth.DropboxOAuth2FlowNoRedirect(266:350)dropbox.oauth.DropboxOAuth2Flow(353:536)dropbox.auth.AccessError(10:100)dropbox.auth.AuthError(104:229)
This component provides the foundational logic for all OAuth2 authorization flows, handling common tasks like URL construction, parameter encoding, and PKCE (Proof Key for Code Exchange) operations. It serves as the base class for specific flow implementations.
Related Classes/Methods:
dropbox.oauth.DropboxOAuth2FlowBase(119:263)dropbox.oauth._params_to_urlencoded(604:622)dropbox.oauth._generate_pkce_code_verifier(624:629)dropbox.oauth._generate_pkce_code_challenge(631:635)
This component specializes in OAuth2 authorization for applications that do not use a redirect URI, such as command-line tools. It extends the base OAuth2 flow functionality to support this specific use case.
Related Classes/Methods:
This component handles OAuth2 authorization for web applications that rely on a redirect URI. It includes mechanisms for CSRF protection and manages the state throughout the authorization process.
Related Classes/Methods:
This component defines the data structures used to encapsulate the results of successful OAuth2 authorization flows. OAuth2FlowNoRedirectResult is a general result type, and OAuth2FlowResult is a specific result that inherits from it, providing access tokens, account information, and other relevant details.
Related Classes/Methods:
This component groups all exceptions specific to the OAuth2 authorization process, providing distinct error types for various failure scenarios like bad input, invalid requests, state mismatches, or user denial.
Related Classes/Methods:
dropbox.oauth.BadInputException(585:592)dropbox.oauth.BadRequestException(539:545)dropbox.oauth.BadStateException(548:555)dropbox.oauth.CsrfException(558:565)dropbox.oauth.NotApprovedException(568:572)dropbox.oauth.ProviderException(575:582)
This component defines exceptions related to general authentication and access control, distinct from the OAuth2 flow-specific errors.
Related Classes/Methods: