Bug in require_oauth decorator?

[daniel-lundin]

First, thanks for your great efforts in this project.

I've found that I don't need to provide oauth_token_secret when requiring an access token from an authorized request token.

The require_oauth decorator looks strange to me. The return value from oauthlib.oauth1.rfc5849.Server.verify_request is actually a tuple so if-statement will always run: https://github.com/ib-lundgren/flask-oauthprovider/blob/master/flask_oauthprovider.py#L286

Am I missing something?

[ib-lundgren]

Hey,

This extension was a quick proof of concept while working on oauthlib and was sadly slightly forgotten since as I ran out of free time to work on it. The little time I have over to spend now days I do on oauthlib directly.

Regarding the return value, it used to only be a bool and I've not updated to match the tuple return value.

I'm planning some api additions to oauth 1 server and when those are into oauthlib I'll try and find a moment to update this extension a bit =)

[daniel-lundin]

Ah, I see.

I think I will write a provider based directly on oauth 1 server then instead for now.

Thank you.

[ib-lundgren]

Go for it! And please let me know how things go =)

I'll ping you when I've made the updates. flask-oauthprovider is quite a thin layer between oauthlib and an actual implementation and might serve best as a guide. As far as the example goes I think if you update the return value to include the request object it should work fine (knock on wood, I've not read the code in months).

valid = self.verify_request(...
valid, request = self.verify_request(...