Custom Validators¶

class oauthlib.oauth2.rfc6749.grant_types.base.ValidatorsContainer(post_auth, post_token, pre_auth, pre_token)[source]¶

Container object for holding custom validator callables to be invoked as part of the grant type validate_authorization_request() or validate_authorization_request() methods on the various grant types.

Authorization validators must be callables that take a request object and return a dict, which may contain items to be added to the request_info returned from the grant_type after validation.

Token validators must be callables that take a request object and return None.

Both authorization validators and token validators may raise OAuth2 exceptions if validation conditions fail.

Authorization validators added to pre_auth will be run BEFORE the standard validations (but after the critical ones that raise fatal errors) as part of validate_authorization_request()

Authorization validators added to post_auth will be run AFTER the standard validations as part of validate_authorization_request()

Token validators added to pre_token will be run BEFORE the standard validations as part of validate_token_request()

Token validators added to post_token will be run AFTER the standard validations as part of validate_token_request()

For example:

>>> def my_auth_validator(request):
...    return {'myval': True}
>>> auth_code_grant = AuthorizationCodeGrant(request_validator)
>>> auth_code_grant.custom_validators.pre_auth.append(my_auth_validator)
>>> def my_token_validator(request):
...     if not request.everything_okay:
...         raise errors.OAuth2Error("uh-oh")
>>> auth_code_grant.custom_validators.post_token.append(my_token_validator)