docstrings

TeskaLabs · Apr 12, 2024 · 6779ed9 · 6779ed9
1 parent 9a3ca40
commit 6779ed9
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 9 deletions.
diff --git a/seacatauth/authn/m2m.py b/seacatauth/authn/m2m.py
@@ -122,7 +122,9 @@ async def _authenticate_request(self, request, client_id):
 
 	async def nginx(self, request):
 		"""
-		Authenticate M2M call
+		M2M (machine-to-machine) introspection
+
+		**Internal endpoint for Nginx auth_request**
 
 		If introspection is successful, Basic auth header is replaced with Bearer token.
 

diff --git a/seacatauth/batman/handler.py b/seacatauth/batman/handler.py
@@ -36,9 +36,11 @@ def __init__(self, app, batman_svc):
 
 	async def batman_nginx(self, request):
 		"""
-		Validate Batman cookie and respond with Basic Authorization header
+		Cookie introspection for basic auth apps
 
-		**Internal endpoint for Nginx auth_request.**
+		**Internal endpoint for Nginx auth_request**
+
+		Validate Seacat Auth cookie and respond with Basic Authorization header.
 
 		---
 		tags: ["Nginx"]

diff --git a/seacatauth/cookie/handler.py b/seacatauth/cookie/handler.py
@@ -110,13 +110,15 @@ def __init__(self, app, cookie_svc, session_svc, credentials_svc):
 
 	async def nginx(self, request):
 		"""
+		Cookie introspection
+
+		**Internal endpoint for Nginx auth_request**
+
 		Authenticate (and optionally authorize) the incoming request by its Cookie + Client ID and respond with
 		corresponding ID token. If the auth fails, respond with 401 or 403.
 
 		Optionally check for resource access and/or add requested user info to headers.
 
-		**Internal endpoint for Nginx auth_request.**
-
 		---
 		tags: ["Nginx"]
 		parameters:
@@ -179,7 +181,10 @@ async def nginx(self, request):
 
 	async def nginx_anonymous(self, request):
 		"""
-		**Internal endpoint for Nginx auth_request.**
+		Anonymous (guest) cookie introspection
+
+		**Internal endpoint for Nginx auth_request**
+
 		Authenticate (and optionally authorize) the incoming request by its Cookie + Client ID and respond with
 		corresponding ID token. If the auth fails with 401, initialize an "unauthenticated" anonymous session
 		and set a session cookie in the response.

diff --git a/seacatauth/openidconnect/handler/introspect.py b/seacatauth/openidconnect/handler/introspect.py
@@ -94,7 +94,7 @@ async def _authenticate_request(self, request):
 
 	async def introspect_nginx(self, request):
 		"""
-		Access token introspection for Nginx
+		Access token introspection
 
 		Non-standard version of RFC7662 chapter 2.Introspection Endpoint that is usable with Nginx auth_request module.
 

diff --git a/seacatauth/openidconnect/handler/token.py b/seacatauth/openidconnect/handler/token.py
@@ -239,9 +239,9 @@ async def _token_request_authorization_code(self, request, qs_data):
 	})
 	async def token_revoke(self, request, *, json_data):
 		"""
-		https://tools.ietf.org/html/rfc7009
+		OAuth 2.0 Token revocation
 
-		2.1.  Revocation Request
+		https://tools.ietf.org/html/rfc7009
 		"""
 		# TODO: Confidential clients must authenticate (query params or Authorization header)
 		# TODO: Public clients are not allowed to revoke other clients' tokens