Update authorization.py - use the _create_request method and change requ...

AUTHORS

@@ -17,3 +17,4 @@ Mackenzie Thompson
 Hsiaoming Yang
 Devin Sevilla
 Clint Ecker
+Kyle Valade

docs/oauth1/server.rst

@@ -66,7 +66,7 @@ The client interested in accessing protected resources.
 
         client_secret = sqlalchemy.Column(sqlalchemy.String)
 
-**Cient public key**:
+**Client public key**:
     Required for RSA-SHA1. The public key used to verify the signature of
     requests signed by the clients private key::
 

oauthlib/oauth1/rfc5849/endpoints/access_token.py

@@ -36,7 +36,7 @@ def create_access_token(self, request, credentials):
         :returns: The token as an urlencoded string.
         """
         request.realms = self.request_validator.get_realms(
-                request.oauth_token, request)
+                request.resource_owner_key, request)
         token = {
             'oauth_token': self.token_generator(),
             'oauth_token_secret': self.token_generator(),
@@ -141,7 +141,7 @@ def validate_access_token_request(self, request):
 
         if not self.request_validator.validate_timestamp_and_nonce(
                 request.client_key, request.timestamp, request.nonce, request,
-                access_token=request.resource_owner_key):
+                request_token=request.resource_owner_key):
             return False, request
 
         # The server SHOULD return a 401 (Unauthorized) status code when

oauthlib/oauth1/rfc5849/endpoints/authorization.py

@@ -42,12 +42,12 @@ def create_verifier(self, request, credentials):
         :returns: The verifier as a dict.
         """
         verifier = {
-            'oauth_token': request.oauth_token,
+            'oauth_token': request.resource_owner_key,
             'oauth_verifier': self.token_generator(),
         }
         verifier.update(credentials)
         self.request_validator.save_verifier(
-                request.oauth_token, verifier, request)
+                request.resource_owner_key, verifier, request)
         return verifier
 
     def create_authorization_response(self, uri, http_method='GET', body=None,
@@ -87,25 +87,25 @@ def create_authorization_response(self, uri, http_method='GET', body=None,
             >>> s
             302
         """
-        request = Request(uri, http_method=http_method, body=body,
+        request = self._create_request(uri, http_method=http_method, body=body,
                 headers=headers)
 
+        if not request.resource_owner_key:
+            raise errors.InvalidRequestError(
+                    'Missing mandatory parameter oauth_token.')
         if not self.request_validator.verify_request_token(
-                request.oauth_token, request):
+                request.resource_owner_key, request):
             raise errors.InvalidClientError()
-        if not request.oauth_token:
-            raise NotImplementedError('request.oauth_token must be set after '
-                                      'request token verification.')
 
         request.realms = realms
         if (request.realms and not self.request_validator.verify_realms(
-                request.oauth_token, request.realms, request)):
+                request.resource_owner_key, request.realms, request)):
             raise errors.InvalidRequestError(
                     description=('User granted access to realms outside of '
                                  'what the client may request.'))
 
         redirect_uri = self.request_validator.get_redirect_uri(
-                request.oauth_token, request)
+                request.resource_owner_key, request)
         verifier = self.create_verifier(request, credentials or {})
         uri = add_params_to_uri(redirect_uri, verifier.items())
         return uri, {}, None, 302
@@ -123,13 +123,13 @@ def get_realms_and_credentials(self, uri, http_method='GET', body=None,
                   2. A dict of credentials which may be useful in creating the
                   authorization form.
         """
-        request = Request(uri, http_method=http_method, body=body,
+        request = self._create_request(uri, http_method=http_method, body=body,
                 headers=headers)
 
         if not self.request_validator.verify_request_token(
-                request.oauth_token, request):
+                request.resource_owner_key, request):
             raise errors.InvalidClientError()
 
         realms = self.request_validator.get_realms(
-                request.oauth_token, request)
-        return realms, {'resource_owner_key': request.oauth_token}
+                request.resource_owner_key, request)
+        return realms, {'resource_owner_key': request.resource_owner_key}

oauthlib/oauth1/rfc5849/endpoints/resource.py

@@ -84,7 +84,7 @@ def validate_protected_resource_request(self, uri, http_method='GET',
 
         if not self.request_validator.validate_timestamp_and_nonce(
                 request.client_key, request.timestamp, request.nonce, request,
-                request_token=request.resource_owner_key):
+                access_token=request.resource_owner_key):
             return False, request
 
         # The server SHOULD return a 401 (Unauthorized) status code when

oauthlib/oauth1/rfc5849/request_validator.py

@@ -736,6 +736,8 @@ def save_verifier(self, token, verifier, request):
         """Associate an authorization verifier with a request token.
 
         :param token: A request token string.
+        :param verifier A dictionary containing the oauth_verifier and 
+                        oauth_token
         :param request: An oauthlib.common.Request object.
 
         We need to associate verifiers with tokens for validation during the