OAuth2Session.token_updater callback does not bind session information

[jdennis]

I've been looking for a way to persist tokens. The OAuth2Session.token_updater callback seems like the right tool for the job but it omits essential context information such as who is this token bound to? That information appears to be in session._client but there is no way to access that information.

This is especially important for applications which might manage multiple connections and user identities.

To persist a token via the OAuth2Session.token_updater() callback one needs to know to whom that token is bound so that it can be looked up under the (token_url, client_id, username) triplet.

As it stands now it appears as if the token is a single global entity [1], but perhaps I'm missing something, if so I'd appreciate clarification on how to persist tokens.

Also there does not seem to be an API to access the client on the OAuth2Session object, currently it's self._client which is class private.

[1] Yes, I understand the token is bound to the session and client but there is no access to that hence you can only update one global token.

[delijati]

oauth1: I got it working by pickling the whole client :/ I ran into HTTP Status 401 - Invalid signature for signature method HMAC-SHA1 if i used only [1]. I assume the problem is the new created timestamp, nonce and therefore the new signature. So it would be helpful to extract only this information and persist them.

[1]

creds = get_credentials()
client = OAuth1Session(
    creds["client_key"],
    client_secret=creds["client_secret"],
    resource_owner_key=creds["resource_owner_key"],
    resource_owner_secret=creds["resource_owner_secret"],
    verifier=creds["verifier"])