Skip to content

OAuth2

Contains required classes to handle the OAuth2 flow. See the OAuth2 guide for implementation.

rblxopencloud.OAuth2App(id, secret, redirect_uri, openid_certs_cache_seconds=3600)

Represents an OAuth2 app. It is used to exchange codes, refresh tokens, and access the API for authenticated users.

Parameters:

Name Type Description Default
id int

The app's client ID.

required
secret str

The app's client secret.

required
redirect_uri str

The redirect URI that is being used for authorization. If you need to use multiple, you must make seperate objects.

required
openid_certs_cache_seconds int

The number of seconds to cache the OpenID certs. You can ignore this if you don't know what it does.

3600

Attributes:

Name Type Description
if int

The app's client ID.

secret str

The app's client secret.

redirect_uri str

The redirect URI being used for authorization.

openid_certs_cache_seconds int

The number of seconds to cache the OpenID certs.

generate_code_verifier(length=128)

Generates a code verifier which can be provided to OAuth2App.generate_uri and OAuth2App.exchange_code to add extra security to the OAuth2 flow.

If a code verifier is used, it must be provided to both methods and should also be unique.

Parameters:

Name Type Description Default
length Optional[int]

How long the code verifier should be.

128

Returns:

Type Description
str

A string with a length of length containing cryptographically generated characters from ascii letters (a-z, A-Z), digits (0-9), -, ., _, and ~.

generate_uri(scope, state=None, generate_code=True, code_verifier=None)

Creates an authorization uri with the client information prefilled.

Parameters:

Name Type Description Default
scope Union[str, list[str]]

A string, or list of strings specifying the scopes for authorization. For example ['openid', 'profile']

required
state str

A string that will be returned on the otherside of authorization. It isn't required, but is recommend for security.

None
generate_code bool

Wether to generate a code on return.

True
code_verifier str

The code verifier generated using generate_code_verifier

None

Returns:

Type Description
str

The authorization URI starting with https://apis.roblox.com/oauth/v1/authorize

from_access_token_string(access_token)

Creates a PartialAccessToken from an access token string, fairly useless due to these tokens expiring after 15 minutes.

It is also advised the refresh token instead of the access token, and refresh the token each time you need to access information instead of the access_token to improve security.

Parameters:

Name Type Description Default
access_token str

the access token string.

required

Returns:

Type Description
PartialAccessToken

A partial access token for the provided access token string.

exchange_code(code, code_verifier=None)

Exchanges an authorization code for an access token which can utilize granted scopes.

Attributes:

Name Type Description
code

The code from the authorization server.

code_verifier

The code verifier string for this OAuth2 flow generated by generate_code_verifier

Returns:

Type Description
AccessToken

The access token created from the provided code.

refresh_token(refresh_token)

Refrehes an access token for a new access token with a refresh token. After refreshing, a new refresh token is provided to be stored.

Attributes:

Name Type Description
refresh_token

The refresh token to refresh.

Returns:

Type Description
AccessToken

The new access token from the refresh token.

revoke_token(token)

Revokes the authorization for a given access or refresh token.

Parameters:

Name Type Description Default
token str

The access or refresh token to revoke.

required

Non-creatable Dataclasses

rblxopencloud.AccessToken

Bases: PartialAccessToken

Represents access via OAuth2 consent. It allows access to all resources authorized by the user.

Attributes:

Name Type Description
app OAuth2App

The app which this access token belongs to.

token str

The string token which can be stored in a database and later used with OAuth2App.from_access_token_string to access the resources again.

refresh_token str

The string token which can be stored in a database and later used with OAuth2App.refresh_token to get a new refresh token.

scope list[str]

A list of the string scopes authorized for this access token.

expires_at datetime

The approximate time this access token will expire at.

user Optional[User]

If openid was authorized, the user who granted access.

fetch_userinfo()

Fetches user information for this access token.

Returns:

Type Description
User

The user information with the access token to access authorized apis (such as uploading files).

fetch_resources()

Fetches the authorized accounts (users and groups) and experiences.

Returns:

Type Description
Resources

The objects for authorized accounts and experiences.

fetch_token_info()

Fetches token information such as the user's id, the authorized scope, and it's expiry time.

Returns:

Type Description
AccessTokenInfo

The information about the access token.

revoke()

Shortcut to revoke the access token.

revoke_refresh_token()

Shortcut for OAuth2App.revoke_token() to revoke the refresh token. Raises: InvalidKey: The client ID or client secret is invalid. ServiceUnavailable: The Roblox servers ran into an error, or are unavailable right now. rblx_opencloudException: Roblox gave an unexpected response.

Warning

Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.

rblxopencloud.AccessTokenInfo

Contains information about a access token.

Attributes:

Name Type Description
active bool

Wether this access token has not yet expired. Will be True even if the authorization has been revoked by the user.

id str

The unique ID for this access token.

client_id int

The ID of the application that the access token belongs to.

user_id int

The ID of the user that the access token belongs to.

scope list[str]

A list of string scopes that were authorized for this access token.

expires_at datetime

The time this token will expire at, usually 15 minutes after issued_at.

issued_at datetime

The time this token was created by either exchanging a code or refreshing the refresh token.

rblxopencloud.PartialAccessToken

Represents an access token via OAuth2 consent without all information. It allows access to all resources authorized by the user, but not other information like the refresh token.

Attributes:

Name Type Description
app OAuth2App

The app which this access token belongs to.

token str

The string token which can be stored in a database and later used with OAuth2App.from_access_token_string to access the resources again.

fetch_userinfo()

Fetches user information for this access token.

Returns:

Type Description
User

The user information with the access token to access authorized apis (such as uploading files).

fetch_resources()

Fetches the authorized accounts (users and groups) and experiences.

Returns:

Type Description
Resources

The objects for authorized accounts and experiences.

fetch_token_info()

Fetches token information such as the user's id, the authorized scope, and it's expiry time.

Returns:

Type Description
AccessTokenInfo

The information about the access token.

revoke()

Shortcut to revoke the access token.

rblxopencloud.Resources

Contains the authorized users, groups, and experiences for the authorization.

Attributes:

Name Type Description
experiences list[Experience]

A list of authorized Experience objects.

accounts list[Union[User, Group]]

A list of authorized User and Group objects for asset uploading.