OAuth2
Contains required classes to handle the OAuth2 flow. See the OAuth2 guide for implementation.
rblxopencloud.OAuth2App(id, secret, redirect_uri, openid_certs_cache_seconds=3600)
Represents an OAuth2 app. It is used to exchange codes, refresh tokens, and access the API for authenticated users.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
id
|
int
|
The app's client ID. |
required |
secret
|
str
|
The app's client secret. |
required |
redirect_uri
|
str
|
The redirect URI that is being used for authorization. If you need to use multiple, you must make seperate objects. |
required |
openid_certs_cache_seconds
|
int
|
The number of seconds to cache the OpenID certs. You can ignore this if you don't know what it does. |
3600
|
Attributes:
| Name | Type | Description |
|---|---|---|
if |
int
|
The app's client ID. |
secret |
str
|
The app's client secret. |
redirect_uri |
str
|
The redirect URI being used for authorization. |
openid_certs_cache_seconds |
int
|
The number of seconds to cache the OpenID certs. |
generate_code_verifier(length=128)
Generates a code verifier which can be provided to OAuth2App.generate_uri and OAuth2App.exchange_code to add extra security to the OAuth2 flow.
If a code verifier is used, it must be provided to both methods and should also be unique.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
length
|
Optional[int]
|
How long the code verifier should be. |
128
|
Returns:
| Type | Description |
|---|---|
str
|
A string with a length of |
generate_uri(scope, state=None, generate_code=True, code_verifier=None)
Creates an authorization uri with the client information prefilled.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
scope
|
Union[str, list[str]]
|
A string, or list of strings specifying the scopes for authorization. For example |
required |
state
|
str
|
A string that will be returned on the otherside of authorization. It isn't required, but is recommend for security. |
None
|
generate_code
|
bool
|
Wether to generate a code on return. |
True
|
code_verifier
|
str
|
The code verifier generated using |
None
|
Returns:
| Type | Description |
|---|---|
str
|
The authorization URI starting with |
from_access_token_string(access_token)
Creates a PartialAccessToken from an access token string, fairly useless due to these tokens expiring after 15 minutes.
It is also advised the refresh token instead of the access token, and refresh the token each time you need to access information instead of the access_token to improve security.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
access_token
|
str
|
the access token string. |
required |
Returns:
| Type | Description |
|---|---|
PartialAccessToken
|
A partial access token for the provided access token string. |
exchange_code(code, code_verifier=None)
Exchanges an authorization code for an access token which can utilize granted scopes.
Attributes:
| Name | Type | Description |
|---|---|---|
code |
The code from the authorization server. |
|
code_verifier |
The code verifier string for this OAuth2 flow generated by |
Returns:
| Type | Description |
|---|---|
AccessToken
|
The access token created from the provided code. |
refresh_token(refresh_token)
Refrehes an access token for a new access token with a refresh token. After refreshing, a new refresh token is provided to be stored.
Attributes:
| Name | Type | Description |
|---|---|---|
refresh_token |
The refresh token to refresh. |
Returns:
| Type | Description |
|---|---|
AccessToken
|
The new access token from the refresh token. |
revoke_token(token)
Revokes the authorization for a given access or refresh token.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
token
|
str
|
The access or refresh token to revoke. |
required |
Non-creatable Dataclasses
rblxopencloud.AccessToken
Bases: PartialAccessToken
Represents access via OAuth2 consent. It allows access to all resources authorized by the user.
Attributes:
| Name | Type | Description |
|---|---|---|
app |
OAuth2App
|
The app which this access token belongs to. |
token |
str
|
The string token which can be stored in a database and later used with |
refresh_token |
str
|
The string token which can be stored in a database and later used with |
scope |
list[str]
|
A list of the string scopes authorized for this access token. |
expires_at |
datetime
|
The approximate time this access token will expire at. |
user |
Optional[User]
|
If |
fetch_userinfo()
Fetches user information for this access token.
Returns:
| Type | Description |
|---|---|
User
|
The user information with the access token to access authorized apis (such as uploading files). |
fetch_resources()
Fetches the authorized accounts (users and groups) and experiences.
Returns:
| Type | Description |
|---|---|
Resources
|
The objects for authorized accounts and experiences. |
fetch_token_info()
Fetches token information such as the user's id, the authorized scope, and it's expiry time.
Returns:
| Type | Description |
|---|---|
AccessTokenInfo
|
The information about the access token. |
revoke()
Shortcut to revoke the access token.
revoke_refresh_token()
Shortcut for OAuth2App.revoke_token() to revoke the refresh token.
Raises:
InvalidKey: The client ID or client secret is invalid.
ServiceUnavailable: The Roblox servers ran into an error, or are unavailable right now.
rblx_opencloudException: Roblox gave an unexpected response.
Warning
Revoking an access token or refresh token will also invalidate it's pair, so you should only revoke a token once you're completely done with it.
rblxopencloud.AccessTokenInfo
Contains information about a access token.
Attributes:
| Name | Type | Description |
|---|---|---|
active |
bool
|
Wether this access token has not yet expired. Will be |
id |
str
|
The unique ID for this access token. |
client_id |
int
|
The ID of the application that the access token belongs to. |
user_id |
int
|
The ID of the user that the access token belongs to. |
scope |
list[str]
|
A list of string scopes that were authorized for this access token. |
expires_at |
datetime
|
The time this token will expire at, usually 15 minutes after |
issued_at |
datetime
|
The time this token was created by either exchanging a code or refreshing the refresh token. |
rblxopencloud.PartialAccessToken
Represents an access token via OAuth2 consent without all information. It allows access to all resources authorized by the user, but not other information like the refresh token.
Attributes:
| Name | Type | Description |
|---|---|---|
app |
OAuth2App
|
The app which this access token belongs to. |
token |
str
|
The string token which can be stored in a database and later used with |
fetch_userinfo()
Fetches user information for this access token.
Returns:
| Type | Description |
|---|---|
User
|
The user information with the access token to access authorized apis (such as uploading files). |
fetch_resources()
Fetches the authorized accounts (users and groups) and experiences.
Returns:
| Type | Description |
|---|---|
Resources
|
The objects for authorized accounts and experiences. |
fetch_token_info()
Fetches token information such as the user's id, the authorized scope, and it's expiry time.
Returns:
| Type | Description |
|---|---|
AccessTokenInfo
|
The information about the access token. |
revoke()
Shortcut to revoke the access token.
rblxopencloud.Resources
Contains the authorized users, groups, and experiences for the authorization.
Attributes:
| Name | Type | Description |
|---|---|---|
experiences |
list[Experience]
|
A list of authorized |
accounts |
list[Union[User, Group]]
|