Issue with validate_token Function Not Found in Flask-OIDC 2.1.1

[SayedAbou]

Hello everyone !

I'm currently integrating Flask-OIDC 2.1.1 in my project and have encountered an issue where the validate_token function does not seem to be available. This is critical as it affects the security and functionality of our application.

Here is a simplified snippet of how I'm trying to use the function:

@main.route('/landing_page')
@oidc.require_login
def landing_page():
oidc_auth_token = session.get('oidc_auth_token')
access_token = oidc_auth_token.get('access_token')

# Attempting to validate the access token
is_valid = oidc.validate_token(access_token, scopes_required='form-admin')

if not is_valid:
    current_app.logger.error("Invalid access token.")
    return redirect(url_for('.login'))

# Additional code to handle valid token scenario
return render_template('landing_page.html')

When invoking validate_token, the application logs indicate that the function is not found:

ERROR:app: AttributeError: 'OIDC' object has no attribute 'validate_token'

I've confirmed that the OIDC client is instantiated correctly and other functions in the library are working as expected. Could this be a compatibility issue with version 2.1.1, or is there an update or workaround available that I might have missed?

[abompard]

Hi, sorry for the delay.
If you want to manually validate the validity of a token, you can use the accept_token decorator as explain in this paragraph of the docs. It also links to Authlib's ResourceProtector doc for more details.