def token():
refresh_token = request.values.get('refresh_token')
if refresh_token is None:
abort(requests.codes.bad_request)
if not OAUTH_HAVE_REFRESH_TOKEN:
return dict(
refresh_token='',
access_token=refresh_token,
expires_at=float('inf')
)
session = _create_session()
try:
resp = session.refresh_token(
token_url=OAUTH_ACCESS_TOKEN_URL,
client_id=OAUTH_CLIENT_ID, # Why??? The session object already has it!
client_secret=OAUTH_CLIENT_SECRET,
refresh_token=refresh_token
)
except OAuth2Error as ex:
return dict(error=ex.error)
return dict(
refresh_token=resp['refresh_token'],
access_token=resp['access_token'],
expires_at=resp['expires_at']
)
### API routes ###
# Allow CORS requests to API routes.
# The "*" origin is more secure than specific origins because it blocks cookies.
# Cache the settings for a day to avoid pre-flight requests.
评论列表
文章目录
