def decorated_view(*args, **kwargs): # validate that the json exists and is valid try: if not request.json: return jsonify(**error_responses_all('json_invalid')) except JSONDecodeError: return jsonify(**error_responses_all('json_invalid')) # validate that token exists token = request.json.get('access_token', None) if not token: return jsonify(**error_responses_all('access_token_missing')) # validate that an authorization exists matching the provided token # the token should have been obtained from the /authorize endpoint # per the oauth 2 draft spec auth = Authorization.get_with_token(token) # obviosly if there's no matching authorization break and notify if not auth: return jsonify(**error_responses_all('access_token_invalid')) return route(auth.authorizer, *args, **kwargs)