The OAuth 2.0 Authorization Framework: Bearer Token Usage

This section contains the generic implementation of RFC6750.

Bearer Token

class authlib.specs.rfc6750.BearerToken(access_token_generator, refresh_token_generator=None, expires_generator=None)

Bearer Token generator which can create the payload for token response by OAuth 2 server. A typical token response would be:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
    "access_token":"mF_9.B5f-4.1JqM",
    "token_type":"Bearer",
    "expires_in":3600,
    "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA"
}
Parameters:
  • access_token_generator – a function to generate access_token.
  • refresh_token_generator – a function to generate refresh_token, if not provided, refresh_token will not be added into token response.
  • expires_generator

    The expires_generator can be an int value or a function. If it is int, all token expires_in will be this value. If it is function, it can generate expires_in depending on client and grant_type:

    def expires_generator(client, grant_type):
        if is_official_client(client):
            return 3600 * 1000
        if grant_type == 'implicit':
            return 3600
        return 3600 * 10
    
Returns:

Callable

When BearerToken is initialized, it will be callable:

token_generator = BearerToken(access_token_generator)
token = token_generator(client, grant_type, expires_in=None,
            scope=None, include_refresh_token=True)

The callable function that BearerToken created accepts these parameters:

Parameters:
  • client – the client that making the request.
  • grant_type – current requested grant_type.
  • expires_in – if provided, use this value as expires_in.
  • scope – current requested scope.
  • include_refresh_token – should refresh_token be included.
Returns:

Token dict