OAuth2.Strategy.AuthCode (OAuth2 v2.1.0) View Source

The Authorization Code Strategy.

http://tools.ietf.org/html/rfc6749#section-1.3.1

The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. Instead of requesting authorization directly from the resource owner, the client directs the resource owner to an authorization server (via its user-agent as defined in [RFC2616]), which in turn directs the resource owner back to the client with the authorization code.

Before directing the resource owner back to the client with the authorization code, the authorization server authenticates the resource owner and obtains authorization. Because the resource owner only authenticates with the authorization server, the resource owner's credentials are never shared with the client.

The authorization code provides a few important security benefits, such as the ability to authenticate the client, as well as the transmission of the access token directly to the client without passing it through the resource owner's user-agent and potentially exposing it to others, including the resource owner.

Link to this section Summary

Functions

The authorization URL endpoint of the provider. params additional query parameters for the URL

Retrieve an access token given the specified validation code.

Link to this section Functions

Link to this function

authorize_url(client, params)

View Source

The authorization URL endpoint of the provider. params additional query parameters for the URL

Link to this function

get_token(client, params, headers)

View Source

Retrieve an access token given the specified validation code.