def token(): post_data = get_post_data() is_invalid, error_message = _is_invalid_data(post_data) if is_invalid: abort(400, {'error': error_message }) app = ClientApplication.find_by_credentials(post_data['client_key'], post_data['client_secret']) if app is None: abort(400, {'error': APP_NOT_FOUND }) allowed_grant_types = app.grant_type.split(',') if post_data['grant_type'] not in allowed_grant_types: abort(400, {'error': GRANT_TYPE_NOT_ALLOWED }) today = datetime.datetime.now() expires_at = today + datetime.timedelta(days=1) a = AccessToken() a.client_application = app.key a.expires_at = expires_at a.token = ah.generate_random_string() a.token_type = post_data['grant_type'] if post_data['lead_token']: a.lead_token = post_data['lead_token'] a.put() time.sleep(1) return jsonify(data=a.to_json()), 201