def get_access_token(self, request_args):
code = request_args.get("code")
state = request_args.get("state")
expected_state = get_state(self.user_pool_id, self.user_pool_client_id)
if state != expected_state:
raise FlaskAWSCognitoError("State for CSRF is not correct ")
access_token = self.cognito_service.exchange_code_for_token(code)
return access_token
def get_sign_in_url(self):
quoted_redirect_url = quote(self.redirect_url)
state = get_state(self.user_pool_id, self.user_pool_client_id)
full_url = (f"{self.domain}/login"
f"?response_type=code"
f"&client_id={self.user_pool_client_id}"
f"&redirect_uri={quoted_redirect_url}"
f"&state={state}")
return full_url
def get_refreshed_access_token(self, request_args, refresh_token):
if self._access_token:
return self._access_token
code = request_args.get("code")
state = request_args.get("state")
expected_state = get_state(self.user_pool_id, self.user_pool_client_id)
if state != expected_state:
raise FlaskAWSCognitoError("State for CSRF is not correct ")
tokens = self.cognito_service.refresh_token(code, refresh_token)
return tokens
