Skip to content

auth

Auth

Bases: Resource

A collection of authentication related API endpoints

These endpoints allow for various functionality related to authentication.

Source code in nylas/resources/auth.py 
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
class Auth(Resource):
    """
    A collection of authentication related API endpoints

    These endpoints allow for various functionality related to authentication.
    """

    def url_for_oauth2(self, config: URLForAuthenticationConfig) -> str:
        """
        Build the URL for authenticating users to your application via Hosted Authentication.

        Args:
            config: The configuration for building the URL.

        Returns:
            The URL for hosted authentication.
        """
        query = _build_query(config)

        return self._url_auth_builder(query)

    def exchange_code_for_token(
        self, request: CodeExchangeRequest, overrides: RequestOverrides = None
    ) -> CodeExchangeResponse:
        """
        Exchange an authorization code for an access token.

        Args:
            request: The request parameters for the code exchange
            overrides: The request overrides to use for the request.

        Returns:
            Information about the Nylas application
        """
        if "client_secret" not in request:
            request["client_secret"] = self._http_client.api_key

        request_body = dict(request)
        request_body["grant_type"] = "authorization_code"

        return self._get_token(request_body, overrides)

    def custom_authentication(
        self, request_body: CreateGrantRequest, overrides: RequestOverrides = None
    ) -> Response[Grant]:
        """
        Create a Grant via Custom Authentication.

        Args:
            request_body: The values to create the Grant with.
            overrides: The request overrides to use for the request.

        Returns:
            The created Grant.
        """

        json_response = self._http_client._execute(
            method="POST",
            path="/v3/connect/custom",
            request_body=request_body,
            overrides=overrides,
        )
        return Response.from_dict(json_response, Grant)

    def refresh_access_token(
        self, request: TokenExchangeRequest, overrides: RequestOverrides = None
    ) -> CodeExchangeResponse:
        """
        Refresh an access token.

        Args:
            request: The refresh token request.
            overrides: The request overrides to use for the request.

        Returns:
            The response containing the new access token.
        """
        if "client_secret" not in request:
            request["client_secret"] = self._http_client.api_key

        request_body = dict(request)
        request_body["grant_type"] = "refresh_token"

        return self._get_token(request_body, overrides)

    def id_token_info(
        self, id_token: str, overrides: RequestOverrides = None
    ) -> Response[TokenInfoResponse]:
        """
        Get info about an ID token.

        Args:
            id_token: The ID token to query.
            overrides: The request overrides to use for the request.

        Returns:
            The API response with the token information.
        """

        query_params = {
            "id_token": id_token,
        }

        return self._get_token_info(query_params, overrides)

    def validate_access_token(
        self, access_token: str, overrides: RequestOverrides = None
    ) -> Response[TokenInfoResponse]:
        """
        Get info about an access token.

        Args:
            access_token: The access token to query.
            overrides: The request overrides to use for the request.

        Returns:
            The API response with the token information.
        """

        query_params = {
            "access_token": access_token,
        }

        return self._get_token_info(query_params, overrides)

    def url_for_oauth2_pkce(self, config: URLForAuthenticationConfig) -> PkceAuthUrl:
        """
        Build the URL for authenticating users to your application via Hosted Authentication with PKCE.

        IMPORTANT: YOU WILL NEED TO STORE THE 'secret' returned to use it inside the CodeExchange flow

        Args:
            config: The configuration for the authentication request.

        Returns:
            The URL for hosted authentication with secret & hashed secret.
        """
        secret = str(uuid.uuid4())
        secret_hash = _hash_pkce_secret(secret)
        query = _build_query_with_pkce(config, secret_hash)

        return PkceAuthUrl(secret, secret_hash, self._url_auth_builder(query))

    def url_for_admin_consent(self, config: URLForAdminConsentConfig) -> str:
        """Build the URL for admin consent authentication for Microsoft.

        Args:
            config: The configuration for the authentication request.

        Returns:
            The URL for hosted authentication.
        """
        config_with_provider = {"provider": "microsoft", **config}
        query = _build_query_with_admin_consent(config_with_provider)

        return self._url_auth_builder(query)

    def revoke(self, token: str, overrides: RequestOverrides = None) -> True:
        """Revoke a single access token.

        Args:
            token: The access token to revoke.
            overrides: The request overrides to use for the request.

        Returns:
            True: If the token was revoked successfully.
        """
        self._http_client._execute(
            method="POST",
            path="/v3/connect/revoke",
            query_params={"token": token},
            overrides=overrides,
        )

        return True

    def detect_provider(
        self, params: ProviderDetectParams, overrides: RequestOverrides = None
    ) -> Response[ProviderDetectResponse]:
        """
        Detect provider from email address.

        Args:
            params: The parameters to include in the request
            overrides: The request overrides to use for the request.

        Returns:
            The detected provider, if found.
        """

        json_response = self._http_client._execute(
            method="POST",
            path="/v3/providers/detect",
            query_params=params,
            overrides=overrides,
        )
        return Response.from_dict(json_response, ProviderDetectResponse)

    def _url_auth_builder(self, query: dict) -> str:
        base = f"{self._http_client.api_server}/v3/connect/auth"
        return _build_query_params(base, query)

    def _get_token(
        self, request_body: dict, overrides: RequestOverrides
    ) -> CodeExchangeResponse:
        json_response = self._http_client._execute(
            method="POST",
            path="/v3/connect/token",
            request_body=request_body,
            overrides=overrides,
        )
        return CodeExchangeResponse.from_dict(json_response)

    def _get_token_info(
        self, query_params: dict, overrides: RequestOverrides
    ) -> Response[TokenInfoResponse]:
        json_response = self._http_client._execute(
            method="GET",
            path="/v3/connect/tokeninfo",
            query_params=query_params,
            overrides=overrides,
        )
        return Response.from_dict(json_response, TokenInfoResponse)

custom_authentication(request_body, overrides=None)

Create a Grant via Custom Authentication.

Parameters:

Name Type Description Default
request_body CreateGrantRequest

The values to create the Grant with.

 required
overrides RequestOverrides

The request overrides to use for the request.

 None

Returns:

Type Description
Response[Grant]

The created Grant.
Source code in nylas/resources/auth.py 
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
def custom_authentication(
    self, request_body: CreateGrantRequest, overrides: RequestOverrides = None
) -> Response[Grant]:
    """
    Create a Grant via Custom Authentication.

    Args:
        request_body: The values to create the Grant with.
        overrides: The request overrides to use for the request.

    Returns:
        The created Grant.
    """

    json_response = self._http_client._execute(
        method="POST",
        path="/v3/connect/custom",
        request_body=request_body,
        overrides=overrides,
    )
    return Response.from_dict(json_response, Grant)

detect_provider(params, overrides=None)

Detect provider from email address.

Parameters:

Name Type Description Default
params ProviderDetectParams

The parameters to include in the request

 required
overrides RequestOverrides

The request overrides to use for the request.

 None

Returns:

Type Description
Response[ProviderDetectResponse]

The detected provider, if found.
Source code in nylas/resources/auth.py 
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
def detect_provider(
    self, params: ProviderDetectParams, overrides: RequestOverrides = None
) -> Response[ProviderDetectResponse]:
    """
    Detect provider from email address.

    Args:
        params: The parameters to include in the request
        overrides: The request overrides to use for the request.

    Returns:
        The detected provider, if found.
    """

    json_response = self._http_client._execute(
        method="POST",
        path="/v3/providers/detect",
        query_params=params,
        overrides=overrides,
    )
    return Response.from_dict(json_response, ProviderDetectResponse)

exchange_code_for_token(request, overrides=None)

Exchange an authorization code for an access token.

Parameters:

Name Type Description Default
request CodeExchangeRequest

The request parameters for the code exchange

 required
overrides RequestOverrides

The request overrides to use for the request.

 None

Returns:

Type Description
CodeExchangeResponse

Information about the Nylas application
Source code in nylas/resources/auth.py 
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
def exchange_code_for_token(
    self, request: CodeExchangeRequest, overrides: RequestOverrides = None
) -> CodeExchangeResponse:
    """
    Exchange an authorization code for an access token.

    Args:
        request: The request parameters for the code exchange
        overrides: The request overrides to use for the request.

    Returns:
        Information about the Nylas application
    """
    if "client_secret" not in request:
        request["client_secret"] = self._http_client.api_key

    request_body = dict(request)
    request_body["grant_type"] = "authorization_code"

    return self._get_token(request_body, overrides)

id_token_info(id_token, overrides=None)

Get info about an ID token.

Parameters:

Name Type Description Default
id_token str

The ID token to query.

 required
overrides RequestOverrides

The request overrides to use for the request.

 None

Returns:

Type Description
Response[TokenInfoResponse]

The API response with the token information.
Source code in nylas/resources/auth.py 
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
def id_token_info(
    self, id_token: str, overrides: RequestOverrides = None
) -> Response[TokenInfoResponse]:
    """
    Get info about an ID token.

    Args:
        id_token: The ID token to query.
        overrides: The request overrides to use for the request.

    Returns:
        The API response with the token information.
    """

    query_params = {
        "id_token": id_token,
    }

    return self._get_token_info(query_params, overrides)

refresh_access_token(request, overrides=None)

Refresh an access token.

Parameters:

Name Type Description Default
request TokenExchangeRequest

The refresh token request.

 required
overrides RequestOverrides

The request overrides to use for the request.

 None

Returns:

Type Description
CodeExchangeResponse

The response containing the new access token.
Source code in nylas/resources/auth.py 
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
def refresh_access_token(
    self, request: TokenExchangeRequest, overrides: RequestOverrides = None
) -> CodeExchangeResponse:
    """
    Refresh an access token.

    Args:
        request: The refresh token request.
        overrides: The request overrides to use for the request.

    Returns:
        The response containing the new access token.
    """
    if "client_secret" not in request:
        request["client_secret"] = self._http_client.api_key

    request_body = dict(request)
    request_body["grant_type"] = "refresh_token"

    return self._get_token(request_body, overrides)

revoke(token, overrides=None)

Revoke a single access token.

Parameters:

Name Type Description Default
token str

The access token to revoke.

 required
overrides RequestOverrides

The request overrides to use for the request.

 None

Returns:

Name Type Description
True True

If the token was revoked successfully.
Source code in nylas/resources/auth.py 
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
def revoke(self, token: str, overrides: RequestOverrides = None) -> True:
    """Revoke a single access token.

    Args:
        token: The access token to revoke.
        overrides: The request overrides to use for the request.

    Returns:
        True: If the token was revoked successfully.
    """
    self._http_client._execute(
        method="POST",
        path="/v3/connect/revoke",
        query_params={"token": token},
        overrides=overrides,
    )

    return True

Build the URL for admin consent authentication for Microsoft.

Parameters:

Name Type Description Default
config URLForAdminConsentConfig

The configuration for the authentication request.

 required

Returns:

Type Description
str

The URL for hosted authentication.
Source code in nylas/resources/auth.py 
204
205
206
207
208
209
210
211
212
213
214
215
216
def url_for_admin_consent(self, config: URLForAdminConsentConfig) -> str:
    """Build the URL for admin consent authentication for Microsoft.

    Args:
        config: The configuration for the authentication request.

    Returns:
        The URL for hosted authentication.
    """
    config_with_provider = {"provider": "microsoft", **config}
    query = _build_query_with_admin_consent(config_with_provider)

    return self._url_auth_builder(query)

url_for_oauth2(config)

Build the URL for authenticating users to your application via Hosted Authentication.

Parameters:

Name Type Description Default
config URLForAuthenticationConfig

The configuration for building the URL.

 required

Returns:

Type Description
str

The URL for hosted authentication.
Source code in nylas/resources/auth.py 
68
69
70
71
72
73
74
75
76
77
78
79
80
def url_for_oauth2(self, config: URLForAuthenticationConfig) -> str:
    """
    Build the URL for authenticating users to your application via Hosted Authentication.

    Args:
        config: The configuration for building the URL.

    Returns:
        The URL for hosted authentication.
    """
    query = _build_query(config)

    return self._url_auth_builder(query)

url_for_oauth2_pkce(config)

Build the URL for authenticating users to your application via Hosted Authentication with PKCE.

IMPORTANT: YOU WILL NEED TO STORE THE 'secret' returned to use it inside the CodeExchange flow

Parameters:

Name Type Description Default
config URLForAuthenticationConfig

The configuration for the authentication request.

 required

Returns:

Type Description
PkceAuthUrl

The URL for hosted authentication with secret & hashed secret.
Source code in nylas/resources/auth.py 
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
def url_for_oauth2_pkce(self, config: URLForAuthenticationConfig) -> PkceAuthUrl:
    """
    Build the URL for authenticating users to your application via Hosted Authentication with PKCE.

    IMPORTANT: YOU WILL NEED TO STORE THE 'secret' returned to use it inside the CodeExchange flow

    Args:
        config: The configuration for the authentication request.

    Returns:
        The URL for hosted authentication with secret & hashed secret.
    """
    secret = str(uuid.uuid4())
    secret_hash = _hash_pkce_secret(secret)
    query = _build_query_with_pkce(config, secret_hash)

    return PkceAuthUrl(secret, secret_hash, self._url_auth_builder(query))

validate_access_token(access_token, overrides=None)

Get info about an access token.

Parameters:

Name Type Description Default
access_token str

The access token to query.

 required
overrides RequestOverrides

The request overrides to use for the request.

 None

Returns:

Type Description
Response[TokenInfoResponse]

The API response with the token information.
Source code in nylas/resources/auth.py 
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
def validate_access_token(
    self, access_token: str, overrides: RequestOverrides = None
) -> Response[TokenInfoResponse]:
    """
    Get info about an access token.

    Args:
        access_token: The access token to query.
        overrides: The request overrides to use for the request.

    Returns:
        The API response with the token information.
    """

    query_params = {
        "access_token": access_token,
    }

    return self._get_token_info(query_params, overrides)