oauth_map = OAuthMap.get_from_request_token(token.key_)
if not oauth_map:
raise OAuthError("Unable to find oauth_map from request token during authorization.")
# Get user from oauth map using either FB or Google access token
user_data = oauth_map.get_user_data()
if not user_data:
return oauth_error_response(OAuthError("User not logged in during authorize_token process."))
try:
# For now we don't require user intervention to authorize our tokens,
# since the user already authorized FB/Google. If we need to do this
# for security reasons later, there's no reason we can't.
token = oauth_server.authorize_token(token, user_data.user)
oauth_map.verifier = token.verifier
oauth_map.put()
return custom_scheme_redirect(oauth_map.callback_url_with_request_token_params(include_verifier=True))
except OAuthError, e:
return oauth_error_response(e)
# Access token endpoint
#
# Flask-friendly version of oauth_providers.oauth_request.AccessTokenHandler
# that creates our access token and then hands off to Google/Facebook to let them
# create theirs before associating the two.
@route("/api/auth/access_token", methods=["GET", "POST"])
def access_token():
