python - How to detect expired access tokens when creating the session? -

i have following test program:

from   rauth.service import oauth1service, oauth2service  supported_services = {     'twitter'  : ( 'oauth1', 'twitter',  'https://api.twitter.com/oauth',        'request_token', 'access_token', 'authorize', 'https://api.twitter.com/1/',  none),     'facebook' : ( 'oauth2', 'facebook', 'https://graph.facebook.com/oauth',     none,            'access_token', 'authorize', 'https://graph.facebook.com/', 'https://www.facebook.com/connect/login_success.html'),     'google'   : ( 'oauth2', 'google',   'https://accounts.google.com/o/oauth2', none,            'token',        'auth',      none,                          'http://localhost'), }  client_data = {     'twitter'  : ('dummy_client_id', 'dummy_client_secret'),     'facebook' : ('dummy_client_id', 'dummy_client_secret'),     'google'   : ('dummy_client_id', 'dummy_client_secret'), }  user_tokens = {     'user1' : {         'twitter'  : ('dummy_access_token', 'dummy_access_token_secret'),         'facebook' : ('dummy_access_token', none),         'google'   : ('dummy_access_token', none),     } }  def test_google(user_id):     service_id = 'google'     oauthver, name, oauth_base_url, request_token_url, access_token_url, authorize_url, base_url, redirect_uri = supported_services[service_id]     request_token_url = oauth_base_url + '/' + (request_token_url or '')     access_token_url  = oauth_base_url + '/' + access_token_url     authorize_url     = oauth_base_url + '/' + authorize_url     client_id, client_secret = client_data[service_id]     google = oauth2service(         client_id=client_id,         client_secret=client_secret,         name=name,         authorize_url=authorize_url,         access_token_url=access_token_url,         base_url=base_url)     access_token, access_token_secret = user_tokens[user_id][service_id] # access_token_secret needed twitter (oauth1)     session = google.get_session(access_token)     user = session.get('https://www.googleapis.com/oauth2/v1/userinfo').json()     print user  test_google('user1') 

i have authorized application access google account of user1, , obtained access_token. access token has expired, , output of program is:

{u'error': {u'code': 401, u'message': u'invalid credentials', u'errors': [{u'locationtype': u'header', u'domain': u'global', u'message': u'invalid credentials', u'reason': u'autherror', u'location': u'authorization'}]}} 

i check whether access token has expired when creating session, not when requesting data. possible? how can verify if session object authorized?

for clarification, trying following:

1. first, let user authorize application
2. save access token future use (in database, in test code hardcoded in script)
3. whenever later access detects token has expired, go step 1

i having trouble step 3. can of course detect 401 in json reply get, looks rather cumbersome forced verify accesses. trying verify session active when create it, , assume whole duration of session object, stay active. several milliseconds, while webapp processing request , accessing google api using oauth session object.

you have call get_authorization_url first, user must open , grant permissions access account, in return code redirect_uri callback's query params, can exchange access_token:

params = {     'scope': 'email',     'response_type': 'code',     'redirect_uri': redirect_uri,     'access_type': 'offline', # refresh_token }  print google.get_authorize_url(**params) 

according documentation code should work:

data = {     'code': 'code got callback',     'grant_type': 'authorization_code',     'redirect_uri': 'http://localhost/oauth2', }  response = google.get_raw_access_token(data=data) 

in response json data this:

{   "access_token" : "ya29.ahe<....>n3w",   "token_type" : "bearer",   "expires_in" : 3600,   "id_token" : "eyjh<...>qwnrzc",   "refresh_token" : "1/x86s<...>vg4" } 

as can see there expires_in (seconds), have store time when got token , compare @ later current time + expires_in.

if token expired, can refresh refresh_token later without asking user confirmation again:

response = google.get_raw_access_token(data={     'refresh_token': refresh_token,     'grant_type': 'refresh_token', }) print response.content 

notice, refresh_token returned first time user authorises app. see this question details.

alas seems can't use get_auth_session, because internally extracts access_token , else discarded.

if access_token without getting auth code first, still expires_in in callback. docs:

https://oauth2-login-demo.appspot.com/oauthcallback#access_token=1/ffbgrnjru1fqd44azqt3zg&token_type=bearer&expires_in=3600