oauth2.store — Storing and retrieving data

Store adapters to persist and retrieve data during the OAuth 2.0 process or for later use. This module provides base classes that can be extended to implement your own solution specific to your needs. It also includes implementations for popular storage systems like memcache.

Data Types

class oauth2.datatype.AccessToken(client_id, grant_type, token, data={}, expires_at=None, refresh_token=None, refresh_expires_at=None, scopes=[], user_id=None)[source]

An access token and associated data.

class oauth2.datatype.AuthorizationCode(client_id, code, expires_at, redirect_uri, scopes, data=None, user_id=None)[source]

Holds an authorization code and additional information.

class oauth2.datatype.Client(identifier, secret, authorized_grants=None, authorized_response_types=None, redirect_uris=None)[source]

Representation of a client application.

Base Classes

class oauth2.store.AccessTokenStore[source]

Base class for persisting an access token after it has been generated. Used by two-legged and three-legged authentication flows.

delete_refresh_token(refresh_token)[source]

Deletes an access token from the store using its refresh token to identify it. This invalidates both the access token and the refresh token.

Parameters:refresh_token – A string containing the refresh token.
Returns:None.
Raises:oauth2.error.AccessTokenNotFound if no data could be retrieved for given refresh_token.
fetch_by_refresh_token(refresh_token)[source]

Fetches an access token from the store using its refresh token to identify it.

Parameters:refresh_token – A string containing the refresh token.
Returns:An instance of oauth2.datatype.AccessToken.
Raises:oauth2.error.AccessTokenNotFound if no data could be retrieved for given refresh_token.
fetch_existing_token_of_user(client_id, grant_type, user_id)[source]

Fetches an access token identified by its client id, type of grant and user id. This method must be implemented to make use of unique access tokens.

Parameters:
  • client_id – Identifier of the client a token belongs to.
  • grant_type – The type of the grant that created the token
  • user_id – Identifier of the user a token belongs to.
Returns:

An instance of oauth2.datatype.AccessToken.
Raises:

oauth2.error.AccessTokenNotFound if no data could be retrieved.
save_token(access_token)[source]

Stores an access token and additional data.

Parameters:access_token – An instance of oauth2.datatype.AccessToken.
class oauth2.store.AuthCodeStore[source]

Base class for persisting and retrieving an auth token during the Authorization Code Grant flow.

delete_code(code)[source]

Deletes an authorization code after it’s use per section 4.1.2.

http://tools.ietf.org/html/rfc6749#section-4.1.2

Parameters:code – The authorization code.
fetch_by_code(code)[source]

Returns an AuthorizationCode fetched from a storage.

Parameters:code – The authorization code.
Returns:An instance of oauth2.datatype.AuthorizationCode.
Raises:oauth2.error.AuthCodeNotFound if no data could be retrieved for given code.
save_code(authorization_code)[source]

Stores the data belonging to an authorization code token.

Parameters:authorization_code – An instance of oauth2.datatype.AuthorizationCode.
class oauth2.store.ClientStore[source]

Base class for handling OAuth2 clients.

fetch_by_client_id(client_id)[source]

Retrieve a client by its identifier.

Parameters:client_id – Identifier of a client app.
Returns:An instance of oauth2.datatype.Client.
Raises:oauth2.error.ClientNotFoundError if no data could be retrieved for given client_id.