Access Token

class oauthlib.oauth1.AccessTokenEndpoint(request_validator, token_generator=None)[source]

An endpoint responsible for providing OAuth 1 access tokens.

Typical use is to instantiate with a request validator and invoke the create_access_token_response from a view function. The tuple returned has all information necessary (body, status, headers) to quickly form and return a proper response. See Request Validator for details on which validator methods to implement for this endpoint.

create_access_token(request, credentials)[source]

Create and save a new access token.

Similar to OAuth 2, indication of granted scopes will be included as a space separated list in oauth_authorized_realms.

Parameters:request (oauthlib.common.Request) – OAuthlib request.
Returns:The token as an urlencoded string.
create_access_token_response(uri, http_method='GET', body=None, headers=None, credentials=None)[source]

Create an access token response, with a new request token if valid.

Parameters:
  • uri – The full URI of the token request.
  • http_method – A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
  • body – The request body as a string.
  • headers – The request headers as a dict.
  • credentials – A list of extra credentials to include in the token.
Returns:

A tuple of 3 elements. 1. A dict of headers to set on the response. 2. The response body as a string. 3. The response status code as an integer.

An example of a valid request:

>>> from your_validator import your_validator
>>> from oauthlib.oauth1 import AccessTokenEndpoint
>>> endpoint = AccessTokenEndpoint(your_validator)
>>> h, b, s = endpoint.create_access_token_response(
...     'https://your.provider/access_token?foo=bar',
...     headers={
...         'Authorization': 'OAuth oauth_token=234lsdkf....'
...     },
...     credentials={
...         'my_specific': 'argument',
...     })
>>> h
{'Content-Type': 'application/x-www-form-urlencoded'}
>>> b
'oauth_token=lsdkfol23w54jlksdef&oauth_token_secret=qwe089234lkjsdf&oauth_authorized_realms=movies+pics&my_specific=argument'
>>> s
200

An response to invalid request would have a different body and status:

>>> b
'error=invalid_request&description=missing+resource+owner+key'
>>> s
400

The same goes for an an unauthorized request:

>>> b
''
>>> s
401
validate_access_token_request(request)[source]

Validate an access token request.

Parameters:request (oauthlib.common.Request) – OAuthlib request.
Raises:OAuth1Error if the request is invalid.
Returns:A tuple of 2 elements. 1. The validation result (True or False). 2. The request object.