Resource authorization

class oauthlib.oauth1.ResourceEndpoint(request_validator, token_generator=None)[source]

An endpoint responsible for protecting resources.

Typical use is to instantiate with a request validator and invoke the validate_protected_resource_request in a decorator around a view function. If the request is valid, invoke and return the response of the view. If invalid create and return an error response directly from the decorator.

See Request Validator for details on which validator methods to implement for this endpoint.

An example decorator:

from functools import wraps
from your_validator import your_validator
from oauthlib.oauth1 import ResourceEndpoint
endpoint = ResourceEndpoint(your_validator)

def require_oauth(realms=None):
    def decorator(f):
        @wraps(f)
        def wrapper(request, *args, **kwargs):
            v, r = provider.validate_protected_resource_request(
                    request.url,
                    http_method=request.method,
                    body=request.data,
                    headers=request.headers,
                    realms=realms or [])
            if v:
                return f(*args, **kwargs)
            else:
                return abort(403)
validate_protected_resource_request(uri, http_method='GET', body=None, headers=None, realms=None)[source]

Create a request token response, with a new request token if valid.

Parameters:
  • uri – The full URI of the token request.
  • http_method – A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
  • body – The request body as a string.
  • headers – The request headers as a dict.
  • realms – A list of realms the resource is protected under. This will be supplied to the validate_realms method of the request validator.
Returns:

A tuple of 2 elements. 1. True if valid, False otherwise. 2. An oauthlib.common.Request object.