diff --git a/gluon/contrib/login_methods/oauth20_account.py b/gluon/contrib/login_methods/oauth20_account.py index 632244d9..bcdd6aef 100644 --- a/gluon/contrib/login_methods/oauth20_account.py +++ b/gluon/contrib/login_methods/oauth20_account.py @@ -139,24 +139,34 @@ server for requests. It can be used for the optional"scope" parameters for Face Return the access token generated by the authenticating server. If token is already in the session that one will be used. + If token has expired refresh_token is used to get another token. Otherwise the token is fetched from the auth server. - """ + refresh_token = None if current.session.token and 'expires' in current.session.token: expires = current.session.token['expires'] # reuse token until expiration if expires == 0 or expires > time.time(): - return current.session.token['access_token'] + return current.session.token['access_token'] + if 'refresh_token' in current.session.token: + refresh_token = current.session.token['refresh_token'] code = current.request.vars.code - if code: - data = dict(client_id=self.client_id, - client_secret=self.client_secret, - redirect_uri=current.session.redirect_uri, - code=code, - grant_type='authorization_code' - ) + if code or refresh_token: + data = dict(client_id=self.client_id) + if code: + data.update( + client_secret=self.client_secret, + redirect_uri=current.session.redirect_uri, + code=code, + grant_type='authorization_code' + ) + if refresh_token: + data.update( + refresh_token=refresh_token, + grant_type='refresh_token' + ) open_url = None opener = self.__build_url_opener(self.token_url)