Method .create_access_token in all grants are deprecated, instead you should define a shared save_token on authorization server.
defsave_token(token, client, user):
ifuser:
user_id=user.get_user_id()
else:
user_id=0# or: user_id = client.user_id# when user is None, it is a client_credentials grant typetok=Token(client_id=client_id, user_id=user_id, **token)
db.session.add(tok)
db.session.commit()
server=AuthorizationServer(app, query_client, save_token)
# or initialize lazilyserver=AuthorizationServer()
server.init_app(app, query_client, save_token)
AuthorizationCodeGrant
Remove .create_access_token implementation, add a .authenticate_user method.
You don't need to implement .create_access_token, just remove it.
RefreshTokenGrant
The changes in RefreshTokenGrant looks the same as AuthorizationCodeGrant.
Instead of .create_access_token, you need to implement a .authenticate_user
method.
https://git.io/vAAUK