Request Token

class oauthlib.oauth1.RequestTokenEndpoint(request_validator, token_generator=None)[source]

An endpoint responsible for providing OAuth 1 request tokens.

Typical use is to instantiate with a request validator and invoke the create_request_token_response from a view function. The tuple returned has all information necessary (body, status, headers) to quickly form and return a proper response. See Request Validator for details on which validator methods to implement for this endpoint.

create_request_token(request, credentials)[source]

Create and save a new request token.

Parameters:
  • request (oauthlib.common.Request) – OAuthlib request.
  • credentials – A dict of extra token credentials.
Returns:

The token as an urlencoded string.

create_request_token_response(uri, http_method='GET', body=None, headers=None, credentials=None)[source]

Create a request token response, with a new request token if valid.

Parameters:
  • uri – The full URI of the token request.
  • http_method – A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
  • body – The request body as a string.
  • headers – The request headers as a dict.
  • credentials – A list of extra credentials to include in the token.
Returns:

A tuple of 3 elements. 1. A dict of headers to set on the response. 2. The response body as a string. 3. The response status code as an integer.

An example of a valid request:

>>> from your_validator import your_validator
>>> from oauthlib.oauth1 import RequestTokenEndpoint
>>> endpoint = RequestTokenEndpoint(your_validator)
>>> h, b, s = endpoint.create_request_token_response(
...     'https://your.provider/request_token?foo=bar',
...     headers={
...         'Authorization': 'OAuth realm=movies user, oauth_....'
...     },
...     credentials={
...         'my_specific': 'argument',
...     })
>>> h
{'Content-Type': 'application/x-www-form-urlencoded'}
>>> b
'oauth_token=lsdkfol23w54jlksdef&oauth_token_secret=qwe089234lkjsdf&oauth_callback_confirmed=true&my_specific=argument'
>>> s
200

An response to invalid request would have a different body and status:

>>> b
'error=invalid_request&description=missing+callback+uri'
>>> s
400

The same goes for an an unauthorized request:

>>> b
''
>>> s
401
validate_request_token_request(request)[source]

Validate a request token request.

Parameters:request (oauthlib.common.Request) – OAuthlib request.
Raises:OAuth1Error if the request is invalid.
Returns:A tuple of 2 elements. 1. The validation result (True or False). 2. The request object.