fix: apply fixes on accepted Copilot suggestions

Update frappe/integrations/oauth2.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Update frappe/integrations/README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Update frappe/integrations/utils.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Update frappe/integrations/utils.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-07-03 14:48:54 +05:30 · 2025-07-03 14:48:54 +05:30 · c174e9cbdc
commit c174e9cbdc
parent befca37299
3 changed files with 16 additions and 11 deletions
--- a/frappe/integrations/README.md
+++ b/frappe/integrations/README.md
@ -2,7 +2,7 @@

 ## OAuth 2

-Frappe Framwork uses [`oauthlib`](https://github.com/oauthlib/oauthlib) to manage OAuth2 requirements. A Frappe instance can function as all of these:
+Frappe Framework uses [`oauthlib`](https://github.com/oauthlib/oauthlib) to manage OAuth2 requirements. A Frappe instance can function as all of these:

 1. **Resource Server**: contains resources, for example the data in your DocTypes.
 2. **Authorization Server**: server that issues tokens to access some resource.
--- a/frappe/integrations/oauth2.py
+++ b/frappe/integrations/oauth2.py
@ -444,14 +444,19 @@ def _get_protected_resource_metadata():


 def is_oauth_metadata_enabled(label: Literal["resource", "auth_server"]):
-	fieldname = (
-		"show_auth_server_metadata" if label == "authorization" else "show_protected_resource_metadata"
-	)
+	if label not in ["resource", "auth_server"]:
+		return False

-	return frappe.get_cached_value(
-		"OAuth Settings",
-		"OAuth Settings",
-		fieldname,
+	fieldname = "show_auth_server_metadata"
+	if label == "resource":
+		fieldname = "show_protected_resource_metadata"
+
+	return bool(
+		frappe.get_cached_value(
+			"OAuth Settings",
+			"OAuth Settings",
+			fieldname,
+		)
 	)


--- a/frappe/integrations/utils.py
+++ b/frappe/integrations/utils.py
@ -210,11 +210,11 @@ def validate_dynamic_client_metadata(client: OAuth2DynamicClientMetadata):
 	if client.token_endpoint_auth_method not in ["client_secret_basic"]:
 		invalidation_reasons.append("only client_secret_basic token_endpoint_auth_method is supported")

-	if client.grant_types not in ["authorization_code"]:
+	if client.grant_types and not set(client.grant_types).issubset({"authorization_code", "refresh_token"}):
 		invalidation_reasons.append("only authorization_code and refresh_token grant types are supported")

-	if client.response_types not in ["code"]:
-		invalidation_reasons.append("only code response_type is supported")
+	if client.response_types and not all(rt == "code" for rt in client.response_types):
+		invalidation_reasons.append("only 'code' response_type is supported")

 	if not frappe.conf.developer_mode and any(c.scheme != "https" for c in client.redirect_uris):
 		invalidation_reasons.append("redirect_uris must be https")