OAuth2
rblxopencloud.OAuth2App(id, secret, redirect_uri, openid_certs_cache_seconds=3600)
Represents an OAuth2 app. It is used to exchange codes, refresh tokens, and access the API for authenticated users.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
id |
int
|
The app's client ID. |
required |
secret |
str
|
The app's client secret. |
required |
redirect_uri |
str
|
The redirect URI that is being used for authorization. If you need to use multiple, you must make seperate objects. |
required |
openid_certs_cache_seconds |
int
|
The number of seconds to cache Roblox's OpenID certs. You can ignore this if you don't know what it does. |
3600
|
Attributes:
Name | Type | Description |
---|---|---|
id |
int
|
The app's client ID. |
redirect_uri |
str
|
The app's redirect URI. |
openid_certs_cache_seconds |
int
|
The number of seconds to cache the OpenID certs. |
generate_code_verifier(length=128)
Generates a code verifier which can be provided OAuth2App.generate_uri()
and OAuth2App.exchange_code()
to add extra security to the OAuth2 flow. If a code verifier is used, it must be provided to both methods, and it should also be unique.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
length |
Optional[int]
|
How long the code verifier should be. |
128
|
Returns:
Type | Description |
---|---|
str
|
A random string consisting of characters a-z, A-Z, 0-9, |
generate_uri(scope, state=None, generate_code=True, code_verifier=None)
Creates an authorization URI to redirect users to with the client information prefilled.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
scope |
Union[str, list[str]]
|
A string, or list of strings specifying the scopes for authorization. For example |
required |
state |
Optional[str]
|
A string that will be returned on the otherside of authorization. It isn't required, but is recommend for security. |
None
|
generate_code |
Optional[bool]
|
Wether to generate a code on return. |
True
|
code_verifier |
Optional[str]
|
The optional code verifier generated using |
None
|
Returns:
Type | Description |
---|---|
str
|
A URI string starting with |
from_access_token_string(access_token)
Creates a rblxopencloud.PartialAccessToken
from an access token string, fairly useless due to these tokens expiring after 15 minutes.
It is also advised the refresh token instead of the access token, and refresh the token each time you need to access information instead of the access token to improve security.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
access_token |
str
|
The access token string. |
required |
Returns:
Type | Description |
---|---|
PartialAccessToken
|
The Access Token without any metadata such as the scopes, user object, or the refresh token. |
exchange_code(code, code_verifier=None)
Creates a rblxopencloud.AccessToken
from an authorization code returned from Roblox.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
code |
str
|
The code from the authorization server. |
required |
code_verifier |
Optional[str]
|
The string for this OAuth2 flow generated by |
None
|
Returns:
Type | Description |
---|---|
AccessToken
|
An Access Token with all metadata including the user object. |
Raises:
Type | Description |
---|---|
InvalidKey
|
The client ID, secret or redirect URI is invalid. |
InvalidCode
|
The code is invalid, or the code verifier is missing/invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response, or you have jwt installed. |
refresh_token(refresh_token)
Creates a rblxopencloud.AccessToken
from a refresh token which is returned in a previous authorization code.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
refresh_token |
str
|
The refresh token to be used. |
required |
Returns:
Type | Description |
---|---|
AccessToken
|
An Access Token with all metadata including the user object. |
Raises:
Type | Description |
---|---|
InvalidKey
|
The client ID, secret or redirect URI is invalid. |
InvalidCode
|
The code is invalid, or the code verifier is missing/invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response, or you have jwt installed. |
Warning
After refreshing a token, you will get a new refresh token in the rblxopencloud.AccessToken
that you need to save.
revoke_token(token)
Revokes the authorization for a given access token or refresh token.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
token |
str
|
The access token or refresh token to revoke. |
required |
Raises:
Type | Description |
---|---|
InvalidKey
|
The client ID or client secret is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
Warning
Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.
Tip
Both AccessToken
and PartialAccessToken
have shortcuts for this method. So instead, for exmaple, you could use AccessToken.revoke()
to revoke the token.
rblxopencloud.AccessToken
Bases: PartialAccessToken
Represents access via OAuth2 consent. It allows access to all resources authorized by the user.
Warning
This class isn't designed to be created by users. It is returned by OAuth2App.exchange_code()
, and OAuth2App.refresh_token()
.
Attributes:
Name | Type | Description |
---|---|---|
app |
OAuth2App
|
The app this access token belongs to. |
token |
str
|
The string access token. It can be used with |
refresh_token |
str
|
The access token's refresh token. This can be used with |
scope |
list[str]
|
A list of scopes that were granted. |
expires_at |
datetime
|
The estimated timestamp the access token will expire at. |
user |
Optional[User]
|
If |
fetch_userinfo()
Returns a rblxopencloud.User
representing the authorzed user.
Returns:
Type | Description |
---|---|
User
|
The user object representing the authorized user, it will include |
Raises:
Type | Description |
---|---|
InsufficientScope
|
The |
InvalidKey
|
The access token has expired or is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
fetch_resources()
Returns a rblxopencloud.Resources
containing all authorized accounts and expirences.
Returns:
Type | Description |
---|---|
Resources
|
Contains all resources authorized by the user. |
Raises:
Type | Description |
---|---|
InsufficientScope
|
The |
InvalidKey
|
The access token has expired or is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
fetch_token_info()
Fetches metadata about the token, such as when it was issued, the user's ID and the token's unique ID.
Returns:
Type | Description |
---|---|
AccessTokenInfo
|
Contains the information about access token. |
Raises:
Type | Description |
---|---|
InsufficientScope
|
The |
InvalidKey
|
The access token has expired or is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
revoke()
Shortcut for OAuth2App.revoke_token()
to revoke the access token.
Raises:
Type | Description |
---|---|
InvalidKey
|
The client ID or client secret is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
Warning
Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.
revoke_refresh_token()
Shortcut for OAuth2App.revoke_token()
to revoke the refresh token.
Raises:
Type | Description |
---|---|
InvalidKey
|
The client ID or client secret is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
Warning
Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.
rblxopencloud.PartialAccessToken
Represents a partial access via OAuth2 consent. It allows access to all resources authorized by the user, but not other information like the refresh token.
Warning
This class isn't designed to be created by users. It is returned by OAuth2App.from_access_token_string()
.
Attributes:
Name | Type | Description |
---|---|---|
app |
OAuth2App
|
The app this access token belongs to. |
token |
str
|
The string access token. It can be used with |
fetch_userinfo()
Returns a rblxopencloud.User
representing the authorzed user.
Returns:
Type | Description |
---|---|
User
|
The user object representing the authorized user, it will include |
Raises:
Type | Description |
---|---|
InsufficientScope
|
The |
InvalidKey
|
The access token has expired or is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
fetch_resources()
Returns a rblxopencloud.Resources
containing all authorized accounts and expirences.
Returns:
Type | Description |
---|---|
Resources
|
Contains all resources authorized by the user. |
Raises:
Type | Description |
---|---|
InsufficientScope
|
The |
InvalidKey
|
The access token has expired or is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
fetch_token_info()
Fetches metadata about the token, such as when it was issued, the user's ID and the token's unique ID.
Returns:
Type | Description |
---|---|
AccessTokenInfo
|
Contains the information about access token. |
Raises:
Type | Description |
---|---|
InsufficientScope
|
The |
InvalidKey
|
The access token has expired or is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
revoke()
Shortcut for OAuth2App.revoke_token()
to revoke the access token.
Raises:
Type | Description |
---|---|
InvalidKey
|
The client ID or client secret is invalid. |
ServiceUnavailable
|
The Roblox servers ran into an error, or are unavailable right now. |
rblx_opencloudException
|
Roblox gave an unexpected response. |
Warning
Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.
rblxopencloud.Resources
Data class that contains all the authorized users, groups, and experiences.
Warning
This class isn't designed to be created by users. It is returned by AccessToken.fetch_resources()
.
Attributes:
Name | Type | Description |
---|---|---|
experiences |
list[Experience]
|
A list of authorized experiences. These experiences will have the |
accounts |
list[Union[User, Group]]
|
A list of authorized users, groups (aka 'accounts', or 'creators'). |
rblxopencloud.AccessTokenInfo
Data class that contains information about the access token.
Warning
This class isn't designed to be created by users. It is returned by AccessToken.fetch_token_info()
.
Attributes:
Name | Type | Description |
---|---|---|
active |
bool
|
Wether the token is still active. |
id |
str
|
A unqiue string for every authorization and user. |
client_id |
int
|
The app's client ID. |
user_id |
int
|
The authorized user's ID. |
scope |
list[str]
|
A list of authorized scopes. |
expires_at |
datetime
|
The time the access token will expire at. |
issued_at |
datetime
|
The time the access token was issued. |