History

Ayush Chaudhari 761751f269 feat: App-Defined Workflow Tasks and Server Scripts on Transition (#33255 ) * feat: add workflow task doctypes * chore: add Workflow Task to Script Type of Server Scripts * chore: add description for Workflow Tasks * feat: fetch dotted paths and corresponding names from hooks * fix: use Select field instead of Autocomplete * feat: execute tasks in the background on state transition * fix: throw error when task not found * fix: naming for transition task set by user * fix: child table views * feat: support for server scripts * chore: comments and description * fix: change the casing of docevent options * fix: change test casing * feat: Add Workflow Transition field to webhooks * fix: temporarily remove filter * feat: add webhooks as workflow actions * test: test execution of synchronous app-defined methods and server scripts * chore: shorten the description and change the fieldname of the field 'execute_asynchronously' to 'asynchronous' * test: server script executipn * fix: add field to UI * test: change customer to domain * test: change Customer to Domain * fix: patch for change in webhook fields * chore: fetch only used fields in get_all * fix: don't run test logic in application code 🙂 * test: separate tests for workflow tasks * Revert "fix: patch for change in webhook fields" This reverts commit 2e9c51c43ca2b3698991fbe75cc4032368ab174c. * chore: break into smaller functions * test: webhooks with workflow tasks isolate mock responses to test_sync_tasks * Revert "fix: change test casing" This reverts commit e2bad96ed01dea0a26d002ea44a1e0175525ed31. * Revert "fix: change the casing of docevent options" This reverts commit ddfc81bf775fad74225f25815b8e3e7b255dc9eb. * fix: webhook casing * fix: type hint for doc		2025-07-29 11:01:44 +05:30
..
doctype	feat: App-Defined Workflow Tasks and Server Scripts on Transition (#33255 )	2025-07-29 11:01:44 +05:30
frappe_providers	feat: initialise and preload system settings and user for setup wizard (#32108 )	2025-04-15 18:30:39 +05:30
workspace/integrations	fix: Remove specific links from Integrations workspace and reindex (#33285 )	2025-07-16 12:14:15 +05:30
__init__.py	Moved Backup Manager and Social Login keys to the new Integrations Module, prepared frappe for Mandrill Integration	2015-08-11 12:03:13 +05:30
google_oauth.py	fix: add a better config dict to GoogleOAuth instead of args	2025-06-14 23:59:22 +05:30
oauth2.py	fix: support public client	2025-07-04 15:05:50 +05:30
oauth2_logins.py	feat(auth): added keycloak as a social login provider	2024-09-06 10:13:18 +00:00
README.md	chore: update readme	2025-07-04 15:24:44 +05:30
utils.py	fix: support public client	2025-07-04 15:05:50 +05:30

README.md

Integrations

OAuth 2

Frappe Framework uses oauthlib to manage OAuth2 requirements. A Frappe instance can function as all of these:

Resource Server: contains resources, for example the data in your DocTypes.
Authorization Server: server that issues tokens to access some resource.
Client: app that requires access to some resource on a resource server.

DocTypes pertaining to the above roles:

Common
- OAuth Settings: allows configuring certain OAuth features pertaining to the three roles.
Authorization Server
- OAuth Client: keeps records of clients registered with the frappe instance.
- OAuth Bearer Token: tokens given out to registered clients are maintained here.
- OAuth Authorization Code: keeps track of OAuth codes a client responds with in exchange for a token.
- OAuth Provider Settings: allows skipping authorization. [DEPRECATED] use OAuth Settings instead.
Client
- Connected App: keeps records of authorization servers against whom this frappe instance is registered as a client so some resource can be accessed. Eg. a users Google Drive account.
- Social Key Login: similar to Connected App, but for the purpose of logging into the frappe instance. Eg. a users Google account to enable "Login with Google".
- Token Cache: tokens received by the Frappe instance when accessing a Connected App.

Features

Additional features over oauthlib that have implemented in the Framework:

Dynamic Client Registration: allows a client to register itself without manual configuration by the resource owner. RFC7591
Authorization Server Metadata Discovery: allows a client to view the instance's auth server (itself) metadata such as auth end points. RFC8414
Resource Server Metadata Discovery: allows a client to view the instance's resource server metadata such as documentation, auth servers, etc. RFC9728

Additional Docs

Documentation of various OAuth2 features:

Warning

Some of these might be outdated, it is always recommended to check the code when in doubt.

OAuth Settings

A Single doctype that allows configuring OAuth2 related features. It is recommended to open the DocType page itself as each field and section has a sufficiently descriptive help text.

The settings allow toggling the following features:

Authorization check when active token is present using the Skip Authorization field. Note: Keep this unchecked in production.
Authorization Server Metadata Discovery: by toggling the Show Auth Server Metadata field.
Dynamic Client Registration: by toggling the Enable Dynamic Client Registration field.
Resource Server Metadata Discovery: by toggling the Show Protected Resource Metadata.

The remaining fields (in the Resource section) are used only when responding to requests on /.well-known/oauth-protected-resource

Regarding Public Clients

Public clients, for example an SPA, have restricted access by default. This restriction is applied by use of CORS.

To side-step this restriction for certain trusted clients, you may add their hostnames to the Allowed Public Client Origins field.