Access Token¶
-
class
oauthlib.oauth1.
AccessTokenEndpoint
(request_validator, token_generator=None)[source]¶ An endpoint responsible for providing OAuth 1 access tokens.
Typical use is to instantiate with a request validator and invoke the
create_access_token_response
from a view function. The tuple returned has all information necessary (body, status, headers) to quickly form and return a proper response. See Request Validator for details on which validator methods to implement for this endpoint.-
create_access_token
(request, credentials)[source]¶ Create and save a new access token.
Similar to OAuth 2, indication of granted scopes will be included as a space separated list in
oauth_authorized_realms
.Parameters: request – An oauthlib.common.Request object. Returns: The token as an urlencoded string.
-
create_access_token_response
(uri, http_method='GET', body=None, headers=None, credentials=None)[source]¶ Create an access token response, with a new request token if valid.
Parameters: - uri – The full URI of the token request.
- http_method – A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
- body – The request body as a string.
- headers – The request headers as a dict.
- credentials – A list of extra credentials to include in the token.
Returns: A tuple of 3 elements. 1. A dict of headers to set on the response. 2. The response body as a string. 3. The response status code as an integer.
An example of a valid request:
>>> from your_validator import your_validator >>> from oauthlib.oauth1 import AccessTokenEndpoint >>> endpoint = AccessTokenEndpoint(your_validator) >>> h, b, s = endpoint.create_access_token_response( ... 'https://your.provider/access_token?foo=bar', ... headers={ ... 'Authorization': 'OAuth oauth_token=234lsdkf....' ... }, ... credentials={ ... 'my_specific': 'argument', ... }) >>> h {'Content-Type': 'application/x-www-form-urlencoded'} >>> b 'oauth_token=lsdkfol23w54jlksdef&oauth_token_secret=qwe089234lkjsdf&oauth_authorized_realms=movies+pics&my_specific=argument' >>> s 200
An response to invalid request would have a different body and status:
>>> b 'error=invalid_request&description=missing+resource+owner+key' >>> s 400
The same goes for an an unauthorized request:
>>> b '' >>> s 401
-