This module contains a Session
class for each OAuth2 flow.
These classes are wrappers for a requests_oauthlib.OAuth2Session
.
The hierarchy of the session classes is the following:
ClientCredentialsSession
and AuthorizationCodeSession
are refreshable sessions, meaning that
once the access token expires, a new one can be obtained automatically.
So, if you make a request and your token is expired, a new token is automatically obtained
and the request is carried out without problems.
On the other hand, an ImplicitGrantSession
is not “refreshable”, at least not in the same sense.
When the token expires, the authorization URL must be opened in the browser. Despite that, the user
should not need to type anything since the app was already authorized.
Still, an interaction with the browser is needed: the new token cannot be obtained totally “behind
the scene” (in Python) as in the case of the other two flows. That’s why ImplicitGrantSession
has not the auto-refresh feature. Nonetheless, you can still register a listener to the
“token_expired” event to handle that.
Classes
|
Session for authorization code flow |
|
Base class for all session classes. |
|
|
|
Session following the “implicit grant flow” for authorization |
|
Base abstract class for sessions whose token can be refreshed automatically either using a refresh-token (authorization code flow) or not (client credentials flow). |
Reference
Bases: abc.ABC
Base class for all session classes. Please, note that this class is not a subclass of
requests.Session
. In fact, it is a wrapper of requests_oauthlib.OAuth2Session
which is a subclass of requests.Session
. You can access the actual session object
using the property session.
session (requests_oauthlib.OAuth2Session
): (get-only) session object
token (OAuth2Token): (get/set) token object
client_id (str): (get-only)
scope (FrozenSet[str]): (get-only)
Adds a listener for one of the available events (see events
).
event_name (str) – either “token_updated” or “token_expired”
listener (Callable
[[SessionEvent
], Any
]) – a callable taking an event object in input
Returns the requests_oauthlib.OAuth2Session
instance wrapped by this object.
You should not need to use this. If you do, makes sure your use doesn’t interfere with
the behavior of the wrapper.
Session
token (Union
[Dict
, OAuth2Token
]) – a OAuth2Token or an equivalent dictionary
Make a request. See requests.Session
documentation for the full argument list.
TokenExpired – if the token is expired and not refreshed/updated automatically or by a listener on the “token_expired” event.
Bases: spotipie.auth.sessions.BaseOAuth2Session
, abc.ABC
Base abstract class for sessions whose token can be refreshed automatically either using a refresh-token (authorization code flow) or not (client credentials flow).
Enable token auto-refresh. Equivalent to session.auto_refresh = True
.
Disable token auto-refresh. Equivalent to session.auto_refresh = False
.
Make a request. See requests.Session
documentation for the full argument list.
TokenExpired – if the token is expired and not refreshed/updated automatically or by a listener on the “token_expired” event.
Bases: spotipie.auth.sessions.RefreshableOAuth2Session
Session for authorization code flow
Generates the URL the user has to visit in order to authorize (the application using) this session. The “state” parameter (useful for security reasons) is automatically generated and included in the URL. This function returns the authorization url and the generated state.
force_dialog (bool) – Whether or not to force the user to approve the app again if they’ve already done so. If false (default), a user who has already approved the application may be automatically redirected to the URI specified by redirect_uri. If True, the user will not be automatically redirected and will have to approve the app again.
**kwargs – other query arguments to include in the authorization URLs; at the moment of writing this functions, no other parameter exists.
tuple(authorization_url, state)
Extracts the code
and the state
parameters from the callback URL and, after having
checked the correctness of the state
, it makes a request to Spotify in order to exchange
the authorization code for an access token.
callback_url – the URL Spotify redirects to after the user grants his authorization to your app, i.e. the redirect URI with query arguments “code” and “state” (at least). The function raises an exception if the callback URL contains an “error” argument
timeout –
AccessDenied – if the user decides to not grant access
AuthorizationException – the callback_url has an error
argument different from
“access_denied”
requests.Timeout –
Variant of fetch_token()
where you pass the code and state parameters directly
rather than a callback URL.
Bases: spotipie.auth.sessions.BaseOAuth2Session
Session following the “implicit grant flow” for authorization
Generates the URL the user has to visit in order to authorize (the application using) this session. The “state” parameter (useful for security reasons) is automatically generated and included in the URL. This function returns the authorization url and the generated state.
force_dialog (bool) – Whether or not to force the user to approve the app again if they’ve already done so. If false (default), a user who has already approved the application may be automatically redirected to the URI specified by redirect_uri. If True, the user will not be automatically redirected and will have to approve the app again.
**kwargs – other query arguments to include in the authorization URLs; at the moment of writing this functions, no other parameter exists.
tuple(authorization_url, state)
Bases: spotipie.auth.sessions.RefreshableOAuth2Session