OAuth2

`rblxopencloud.OAuth2App(id, secret, redirect_uri, openid_certs_cache_seconds=3600)`

Represents an OAuth2 app. It is used to exchange codes, refresh tokens, and access the API for authenticated users.

Parameters:

Name	Type	Description	Default
`id`	`int`	The app's client ID.	required
`secret`	`str`	The app's client secret.	required
`redirect_uri`	`str`	The redirect URI that is being used for authorization. If you need to use multiple, you must make seperate objects.	required
`openid_certs_cache_seconds`	`int`	The number of seconds to cache Roblox's OpenID certs. You can ignore this if you don't know what it does.	`3600`

Attributes:

Name	Type	Description
`id`	`int`	The app's client ID.
`redirect_uri`	`str`	The app's redirect URI.
`openid_certs_cache_seconds`	`int`	The number of seconds to cache the OpenID certs.

`generate_code_verifier(length=128)`

Generates a code verifier which can be provided OAuth2App.generate_uri() and OAuth2App.exchange_code() to add extra security to the OAuth2 flow. If a code verifier is used, it must be provided to both methods, and it should also be unique.

Parameters:

Name	Type	Description	Default
`length`	`Optional[int]`	How long the code verifier should be.	`128`

Returns:

Type	Description
`str`	A random string consisting of characters a-z, A-Z, 0-9, `-`, `.`, `_`, and `~`.

`generate_uri(scope, state=None, generate_code=True, code_verifier=None)`

Creates an authorization URI to redirect users to with the client information prefilled.

Parameters:

Name	Type	Description	Default
`scope`	`Union[str, list[str]]`	A string, or list of strings specifying the scopes for authorization. For example `['openid', 'profile']`	required
`state`	`Optional[str]`	A string that will be returned on the otherside of authorization. It isn't required, but is recommend for security.	`None`
`generate_code`	`Optional[bool]`	Wether to generate a code on return.	`True`
`code_verifier`	`Optional[str]`	The optional code verifier generated using `OAuth2App.generate_code_verifier()`	`None`

Returns:

Type	Description
`str`	A URI string starting with `https://apis.roblox.com/oauth/v1/authorize` and the generated parameters.

`from_access_token_string(access_token)`

Creates a rblxopencloud.PartialAccessToken from an access token string, fairly useless due to these tokens expiring after 15 minutes.

It is also advised the refresh token instead of the access token, and refresh the token each time you need to access information instead of the access token to improve security.

Parameters:

Name	Type	Description	Default
`access_token`	`str`	The access token string.	required

Returns:

Type	Description
`PartialAccessToken`	The Access Token without any metadata such as the scopes, user object, or the refresh token.

`exchange_code(code, code_verifier=None)`

Creates a rblxopencloud.AccessToken from an authorization code returned from Roblox.

Parameters:

Name	Type	Description	Default
`code`	`str`	The code from the authorization server.	required
`code_verifier`	`Optional[str]`	The string for this OAuth2 flow generated by `OAuth2App.generate_code_verifier()`.	`None`

Returns:

Type	Description
`AccessToken`	An Access Token with all metadata including the user object.

Raises:

Type	Description
`InvalidKey`	The client ID, secret or redirect URI is invalid.
`InvalidCode`	The code is invalid, or the code verifier is missing/invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response, or you have jwt installed.

`refresh_token(refresh_token)`

Creates a rblxopencloud.AccessToken from a refresh token which is returned in a previous authorization code.

Parameters:

Name	Type	Description	Default
`refresh_token`	`str`	The refresh token to be used.	required

Returns:

Type	Description
`AccessToken`	An Access Token with all metadata including the user object.

Raises:

Type	Description
`InvalidKey`	The client ID, secret or redirect URI is invalid.
`InvalidCode`	The code is invalid, or the code verifier is missing/invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response, or you have jwt installed.

Warning

After refreshing a token, you will get a new refresh token in the rblxopencloud.AccessToken that you need to save.

`revoke_token(token)`

Revokes the authorization for a given access token or refresh token.

Parameters:

Name	Type	Description	Default
`token`	`str`	The access token or refresh token to revoke.	required

Raises:

Type	Description
`InvalidKey`	The client ID or client secret is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

Warning

Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.

Tip

Both AccessToken and PartialAccessToken have shortcuts for this method. So instead, for exmaple, you could use AccessToken.revoke() to revoke the token.

`rblxopencloud.AccessToken`

Bases: PartialAccessToken

Represents access via OAuth2 consent. It allows access to all resources authorized by the user.

Warning

This class isn't designed to be created by users. It is returned by OAuth2App.exchange_code(), and OAuth2App.refresh_token().

Attributes:

Name	Type	Description
`app`	`OAuth2App`	The app this access token belongs to.
`token`	`str`	The string access token. It can be used with `OAuth2App.from_access_token_string`
`refresh_token`	`str`	The access token's refresh token. This can be used with `OAuth2App.refresh_token` to fetch a new refresh token after this access token expires.
`scope`	`list[str]`	A list of scopes that were granted.
`expires_at`	`datetime`	The estimated timestamp the access token will expire at.
`user`	`Optional[User]`	If `openid` scope is granted, then this will be the user object. there's rare circumstances where this will be `None` even with the `openid` scope.

`fetch_userinfo()`

Returns a rblxopencloud.User representing the authorzed user.

Returns:

Type	Description
`User`	The user object representing the authorized user, it will include `profile` info in the `profile` scope was included.

Raises:

Type	Description
`InsufficientScope`	The `openid` scope was not granted.
`InvalidKey`	The access token has expired or is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

`fetch_resources()`

Returns a rblxopencloud.Resources containing all authorized accounts and expirences.

Returns:

Type	Description
`Resources`	Contains all resources authorized by the user.

Raises:

Type	Description
`InsufficientScope`	The `openid` scope was not granted.
`InvalidKey`	The access token has expired or is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

`fetch_token_info()`

Fetches metadata about the token, such as when it was issued, the user's ID and the token's unique ID.

Returns:

Type	Description
`AccessTokenInfo`	Contains the information about access token.

Raises:

Type	Description
`InsufficientScope`	The `openid` scope was not granted.
`InvalidKey`	The access token has expired or is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

`revoke()`

Shortcut for OAuth2App.revoke_token() to revoke the access token.

Raises:

Type	Description
`InvalidKey`	The client ID or client secret is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

Warning

Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.

`revoke_refresh_token()`

Shortcut for OAuth2App.revoke_token() to revoke the refresh token.

Raises:

Type	Description
`InvalidKey`	The client ID or client secret is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

Warning

Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.

`rblxopencloud.PartialAccessToken`

Represents a partial access via OAuth2 consent. It allows access to all resources authorized by the user, but not other information like the refresh token.

Warning

This class isn't designed to be created by users. It is returned by OAuth2App.from_access_token_string().

Attributes:

Name	Type	Description
`app`	`OAuth2App`	The app this access token belongs to.
`token`	`str`	The string access token. It can be used with `OAuth2App.from_access_token_string`

`fetch_userinfo()`

Returns a rblxopencloud.User representing the authorzed user.

Returns:

Type	Description
`User`	The user object representing the authorized user, it will include `profile` info in the `profile` scope was included.

Raises:

Type	Description
`InsufficientScope`	The `openid` scope was not granted.
`InvalidKey`	The access token has expired or is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

`fetch_resources()`

Returns a rblxopencloud.Resources containing all authorized accounts and expirences.

Returns:

Type	Description
`Resources`	Contains all resources authorized by the user.

Raises:

Type	Description
`InsufficientScope`	The `openid` scope was not granted.
`InvalidKey`	The access token has expired or is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

`fetch_token_info()`

Fetches metadata about the token, such as when it was issued, the user's ID and the token's unique ID.

Returns:

Type	Description
`AccessTokenInfo`	Contains the information about access token.

Raises:

Type	Description
`InsufficientScope`	The `openid` scope was not granted.
`InvalidKey`	The access token has expired or is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

`revoke()`

Shortcut for OAuth2App.revoke_token() to revoke the access token.

Raises:

Type	Description
`InvalidKey`	The client ID or client secret is invalid.
`ServiceUnavailable`	The Roblox servers ran into an error, or are unavailable right now.
`rblx_opencloudException`	Roblox gave an unexpected response.

Warning

Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.

`rblxopencloud.Resources`

Data class that contains all the authorized users, groups, and experiences.

Warning

This class isn't designed to be created by users. It is returned by AccessToken.fetch_resources().

Attributes:

Name	Type	Description
`experiences`	`list[Experience]`	A list of authorized experiences. These experiences will have the `owner` attribute filled.
`accounts`	`list[Union[User, Group]]`	A list of authorized users, groups (aka 'accounts', or 'creators').

`rblxopencloud.AccessTokenInfo`

Data class that contains information about the access token.

Warning

This class isn't designed to be created by users. It is returned by AccessToken.fetch_token_info().

Attributes:

Name	Type	Description
`active`	`bool`	Wether the token is still active.
`id`	`str`	A unqiue string for every authorization and user.
`client_id`	`int`	The app's client ID.
`user_id`	`int`	The authorized user's ID.
`scope`	`list[str]`	A list of authorized scopes.
`expires_at`	`datetime`	The time the access token will expire at.
`issued_at`	`datetime`	The time the access token was issued.