vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
seitime-frappe/frappe/integrations
History
Aarol D'Souza c55ff193a6
fix: add type hints to whitelisted methods 3 (#37149) 
* fix(apps): add type hints to whitelisted methods

* fix(recorder): add type hints to whitelisted methods

* fix(comments): add type hints to whitelisted methods

* fix(oauth2): add type hints to whitelisted methods

* fix(google_calendar): add type hints to whitelisted methods

* fix(print): add type hints to whitelisted methods

* fix(print_format_builder): add type hints to whitelisted methods

* refactor(network_printer_settings): remove unused args

* fix(document): add type hints to whitelisted methods

* fix(user_settings): add type hints to whitelisted methods

* fix(mapper): add type hints to whitelisted methods

* fix(connected_app): add type hints to whitelisted methods

* fix(google_contacts): add type hints to whitelisted methods

* fix(frappecloud_billing): add type hints to whitelisted methods

* test: rewrite test to fit the strict type check

* fix(social_login_key): add type hints to whitelisted methods

* fix(share): add type hints to whitelisted methods

* fix(webhook): add type hints to whitelisted methods

* fix(workflow): add type hints to whitelisted methods

* fix(workflow main): add type hints to whitelisted methods

* fix(workflow_action): add type hints to whitelisted methods

* fix: flexible type hint

* fix(client): add type hints to whitelisted methods

* fix: fix some of the tighter types

* fix(frappecloud_billing): add str typehint to whitelisted endpoint

* fix: target_doc can be dict/json string

---------

Co-authored-by: Ankush Menat <ankush@frappe.io>
2026-02-20 06:50:19 +00:00
..
doctype fix: add type hints to whitelisted methods 3 (#37149) 2026-02-20 06:50:19 +00:00
frappe_providers fix: add type hints to whitelisted methods 3 (#37149) 2026-02-20 06:50:19 +00:00
workspace/integrations fix: Remove specific links from Integrations workspace and reindex (#33285) 2025-07-16 12:14:15 +05:30
__init__.py Moved Backup Manager and Social Login keys to the new Integrations Module, prepared frappe for Mandrill Integration 2015-08-11 12:03:13 +05:30
google_oauth.py chore: more renames to /desk 2025-12-18 20:45:04 +05:30
oauth2.py fix: add type hints to whitelisted methods 3 (#37149) 2026-02-20 06:50:19 +00:00
oauth2_logins.py feat(auth): added keycloak as a social login provider 2024-09-06 10:13:18 +00:00
README.md chore: update readme 2025-07-04 15:24:44 +05:30
utils.py fix: support public client 2025-07-04 15:05:50 +05:30

README.md

Integrations

OAuth 2

Frappe Framework uses oauthlib to manage OAuth2 requirements. A Frappe instance can function as all of these:

  1. Resource Server: contains resources, for example the data in your DocTypes.
  2. Authorization Server: server that issues tokens to access some resource.
  3. Client: app that requires access to some resource on a resource server.

DocTypes pertaining to the above roles:

  1. Common
    • OAuth Settings: allows configuring certain OAuth features pertaining to the three roles.
  2. Authorization Server
    • OAuth Client: keeps records of clients registered with the frappe instance.
    • OAuth Bearer Token: tokens given out to registered clients are maintained here.
    • OAuth Authorization Code: keeps track of OAuth codes a client responds with in exchange for a token.
    • OAuth Provider Settings: allows skipping authorization. [DEPRECATED] use OAuth Settings instead.
  3. Client
    • Connected App: keeps records of authorization servers against whom this frappe instance is registered as a client so some resource can be accessed. Eg. a users Google Drive account.
    • Social Key Login: similar to Connected App, but for the purpose of logging into the frappe instance. Eg. a users Google account to enable "Login with Google".
    • Token Cache: tokens received by the Frappe instance when accessing a Connected App.

Features

Additional features over oauthlib that have implemented in the Framework:

  • Dynamic Client Registration: allows a client to register itself without manual configuration by the resource owner. RFC7591
  • Authorization Server Metadata Discovery: allows a client to view the instance's auth server (itself) metadata such as auth end points. RFC8414
  • Resource Server Metadata Discovery: allows a client to view the instance's resource server metadata such as documentation, auth servers, etc. RFC9728

Additional Docs

Documentation of various OAuth2 features:

  1. How to setup OAuth 2?
  2. OAuth 2
  3. Token Based Authentication
  4. Using Frappe as OAuth Service
  5. Social Login Key
  6. Connected App

Warning

Some of these might be outdated, it is always recommended to check the code when in doubt.

OAuth Settings

A Single doctype that allows configuring OAuth2 related features. It is recommended to open the DocType page itself as each field and section has a sufficiently descriptive help text.

The settings allow toggling the following features:

  • Authorization check when active token is present using the Skip Authorization field. Note: Keep this unchecked in production.
  • Authorization Server Metadata Discovery: by toggling the Show Auth Server Metadata field.
  • Dynamic Client Registration: by toggling the Enable Dynamic Client Registration field.
  • Resource Server Metadata Discovery: by toggling the Show Protected Resource Metadata.

The remaining fields (in the Resource section) are used only when responding to requests on /.well-known/oauth-protected-resource

Regarding Public Clients

Public clients, for example an SPA, have restricted access by default. This restriction is applied by use of CORS.

To side-step this restriction for certain trusted clients, you may add their hostnames to the Allowed Public Client Origins field.