I am trying to use the Authlib library (and the flask integration) but struggling to go a bit beyond the documentation. I want to know specifically how to be handling the token across my client application.
Setup: I have created an example resource server, and have set up auth0 for my Jwt. I also made a oauth2 client using flask with the authlib integration, following the docs page on it. The goal is to make a oauth authorization code grant so that my flask oauth2 client can get a user's data from that resource server.
Issue: The example shows getting a token after redirect return to client, which is fine, but then writes # do something with the token and profile inside that redirect endpoint, but not other endpoints. That is the extent of demonstration. But in other endpoints (after auth succeeded), it seems the token is not saved in the oauth.my_app object. Shouldn't it be? I so far am storing it in the flask session, and instead of oauth.my_app.get('resource'), I have to write oauth.my_app.get('resource', token=session.get('token')). After that section of the docs, there is one about accessing oauth resources, where it states that everything is handled by Authlib automatically but it isn't clear where the OAUTH1_SERVICES or the OAuth2Token object comes from, or what its methods are etc etc. I think it is important to know this so we can adapt from the example code.
Question: What is the correct/recommended way to fetch resources? Am I correct to add the token in manually like this, or am I missing something? And if I actually must make use of OAuth2Token as in that section, then where is the actual docs on how to use that object? It isn't clearly in the documentation, but seems like it should be there if needed to work with this library. Would greatly appreciate some clarification on it.