fix

Author: aldbr

diracx-logic/src/diracx/logic/auth/authorize_code_flow.py

@@ -18,7 +18,7 @@
 )
 
 
-async def authorization_flow(
+async def initiate_authorization_flow(
     request_url: str,
     code_challenge: str,
     code_challenge_method: Literal["S256"],
@@ -67,7 +67,7 @@ async def authorization_flow(
     return authorization_flow_url
 
 
-async def authorization_flow_complete(
+async def complete_authorization_flow(
     code: str,
     state: str,
     request_url: str,

diracx-logic/src/diracx/logic/auth/management.py

@@ -1,8 +1,4 @@
-"""This module contains the auth management endpoints.
-
-These endpoints are used to manage the user's authentication tokens and
-to get information about the user's identity.
-"""
+"""This module contains the auth management functions."""
 
 from __future__ import annotations
 
@@ -15,8 +11,8 @@ async def get_refresh_tokens(
     auth_db: AuthDB,
     subject: str | None,
 ) -> list:
-    """Get all refresh tokens for the user. If the user has the `proxy_management` property, then
-    the subject is not used to filter the refresh tokens.
+    """Get all refresh tokens bound to a given subject. If there is no subject, then
+    all the refresh tokens are retrieved.
     """
     return await auth_db.get_user_refresh_tokens(subject)
 
@@ -26,9 +22,7 @@ async def revoke_refresh_token(
     subject: str | None,
     jti: UUID,
 ) -> str:
-    """Revoke a refresh token. If the user has the `proxy_management` property, then
-    the subject is not used to filter the refresh tokens.
-    """
+    """Revoke a refresh token. If a subject is provided, then the refresh token must be owned by that subject."""
     res = await auth_db.get_refresh_token(jti)
 
     if subject and subject != res["Sub"]:

diracx-logic/src/diracx/logic/auth/token.py

@@ -30,7 +30,7 @@
 )
 
 
-async def token(
+async def get_oidc_token(
     grant_type: GrantType,
     client_id: str,
     auth_db: AuthDB,
@@ -200,7 +200,7 @@ async def get_oidc_token_info_from_refresh_flow(
 LEGACY_EXCHANGE_PATTERN = rf"Bearer diracx:legacy:({BASE_64_URL_SAFE_PATTERN})"
 
 
-async def legacy_exchange(
+async def perform_legacy_exchange(
     expected_api_key: str,
     preferred_username: str,
     scope: str,

diracx-logic/src/diracx/logic/auth/well_known.py

@@ -5,7 +5,7 @@
 from diracx.core.settings import AuthSettings, DevelopmentSettings
 
 
-async def openid_configuration(
+async def get_openid_configuration(
     token_endpoint: str,
     userinfo_endpoint: str,
     authorization_endpoint: str,
@@ -38,7 +38,7 @@ async def openid_configuration(
     }
 
 
-async def installation_metadata(
+async def get_installation_metadata(
     config: Config,
     dev_settings: DevelopmentSettings,
 ) -> Metadata:

diracx-routers/src/diracx/routers/auth/authorize_code_flow.py

@@ -45,10 +45,10 @@
 
 from diracx.core.exceptions import AuthorizationError, IAMClientError, IAMServerError
 from diracx.logic.auth.authorize_code_flow import (
-    authorization_flow as authorization_flow_bl,
+    complete_authorization_flow as complete_authorization_flow_bl,
 )
 from diracx.logic.auth.authorize_code_flow import (
-    authorization_flow_complete as authorization_flow_complete_bl,
+    initiate_authorization_flow as initiate_authorization_flow_bl,
 )
 
 from ..dependencies import (
@@ -63,7 +63,7 @@
 
 
 @router.get("/authorize")
-async def authorization_flow(
+async def initiate_authorization_flow(
     request: Request,
     response_type: Literal["code"],
     code_challenge: str,
@@ -97,7 +97,7 @@ async def authorization_flow(
     user authorize flow.
     """
     try:
-        redirect_uri = await authorization_flow_bl(
+        redirect_uri = await initiate_authorization_flow_bl(
             request_url=f"{request.url.replace(query='')}",
             code_challenge=code_challenge,
             code_challenge_method=code_challenge_method,
@@ -120,7 +120,7 @@ async def authorization_flow(
 
 
 @router.get("/authorize/complete")
-async def authorization_flow_complete(
+async def complete_authorization_flow(
     code: str,
     state: str,
     request: Request,
@@ -135,7 +135,7 @@ async def authorization_flow_complete(
     The user is then redirected to the client's redirect URI.
     """
     try:
-        redirect_uri = await authorization_flow_complete_bl(
+        redirect_uri = await complete_authorization_flow_bl(
             code=code,
             state=state,
             request_url=str(request.url.replace(query="")),

diracx-routers/src/diracx/routers/auth/token.py

@@ -1,4 +1,4 @@
-"""Token endpoint implementation."""
+"""Token endpoint."""
 
 from __future__ import annotations
 
@@ -21,8 +21,10 @@
     TokenResponse,
 )
 from diracx.logic.auth.token import create_token
-from diracx.logic.auth.token import legacy_exchange as legacy_exchange_bl
-from diracx.logic.auth.token import token as token_bl
+from diracx.logic.auth.token import get_oidc_token as get_oidc_token_bl
+from diracx.logic.auth.token import (
+    perform_legacy_exchange as perform_legacy_exchange_bl,
+)
 from diracx.routers.access_policies import BaseAccessPolicy
 
 from ..dependencies import AuthDB, AuthSettings, AvailableSecurityProperties, Config
@@ -66,7 +68,7 @@ async def mint_token(
 
 
 @router.post("/token")
-async def token(
+async def get_oidc_token(
     # Autorest does not support the GrantType annotation
     # We need to specify each option with Literal[]
     grant_type: Annotated[
@@ -108,7 +110,7 @@ async def token(
     This is the endpoint being pulled by dirac-login when doing the device flow.
     """
     try:
-        access_payload, refresh_payload = await token_bl(
+        access_payload, refresh_payload = await get_oidc_token_bl(
             grant_type,
             client_id,
             auth_db,
@@ -164,7 +166,7 @@ async def token(
 
 
 @router.get("/legacy-exchange", include_in_schema=False)
-async def legacy_exchange(
+async def perform_legacy_exchange(
     preferred_username: str,
     scope: str,
     authorization: Annotated[str, Header()],
@@ -207,7 +209,7 @@ async def legacy_exchange(
         )
 
     try:
-        access_payload, refresh_payload = await legacy_exchange_bl(
+        access_payload, refresh_payload = await perform_legacy_exchange_bl(
             expected_api_key=expected_api_key,
             preferred_username=preferred_username,
             scope=scope,

diracx-routers/src/diracx/routers/auth/well_known.py

@@ -5,10 +5,10 @@
 from diracx.core.models import Metadata, OpenIDConfiguration
 from diracx.core.settings import AuthSettings
 from diracx.logic.auth.well_known import (
-    installation_metadata as installation_metadata_bl,
+    get_installation_metadata as get_installation_metadata_bl,
 )
 from diracx.logic.auth.well_known import (
-    openid_configuration as openid_configuration_bl,
+    get_openid_configuration as get_openid_configuration_bl,
 )
 
 from ..dependencies import Config, DevelopmentSettings
@@ -18,13 +18,13 @@
 
 
 @router.get("/openid-configuration")
-async def openid_configuration(
+async def get_openid_configuration(
     request: Request,
     config: Config,
     settings: AuthSettings,
 ) -> OpenIDConfiguration:
     """OpenID Connect discovery endpoint."""
-    return await openid_configuration_bl(
+    return await get_openid_configuration_bl(
         request.url_for("token"),
         request.url_for("userinfo"),
         request.url_for("authorize"),
@@ -35,9 +35,9 @@ async def openid_configuration(
 
 
 @router.get("/dirac-metadata")
-async def installation_metadata(
+async def get_installation_metadata(
     config: Config,
     dev_settings: DevelopmentSettings,
 ) -> Metadata:
     """Get metadata about the dirac installation."""
-    return await installation_metadata_bl(config, dev_settings)
+    return await get_installation_metadata_bl(config, dev_settings)

docs/SERVICES.md

@@ -61,7 +61,7 @@ Usage example:
 
 ```python
 @router.get("/openid-configuration")
-async def openid_configuration(settings: AuthSettings):
+async def get_openid_configuration(settings: AuthSettings):
     ...
 ```