From ae2c5b98106720d4b78057780bdcbb167219a1a7 Mon Sep 17 00:00:00 2001
From: Ib Lundgren <ib.lundgren@gmail.com>
Date: Wed, 19 Dec 2012 22:38:13 +0100
Subject: [PATCH] RefreshTokenGrant

---
 AUTHORS                                |  1 +
 oauthlib/oauth2/draft25/grant_types.py | 43 ++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/AUTHORS b/AUTHORS
index e913cad3..bae6b94c 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -11,3 +11,4 @@ Michael Vogt
 Barry Warsaw
 Silas Snider
 Tom Christie
+Chez
diff --git a/oauthlib/oauth2/draft25/grant_types.py b/oauthlib/oauth2/draft25/grant_types.py
index a39b85a6..c6f44704 100644
--- a/oauthlib/oauth2/draft25/grant_types.py
+++ b/oauthlib/oauth2/draft25/grant_types.py
@@ -473,3 +473,46 @@ def validate_token_request(self, request):
             raise errors.UnsupportedGrantTypeError()
 
         self.request_validator.validate_request_scopes(request)
+
+
+class RefreshTokenGrant(GrantTypeBase):
+
+    @property
+    def scope(self):
+        return ('default',)
+
+    def __init__(self, request_validator=None):
+        self.request_validator = request_validator or RequestValidator()
+
+    def create_token_response(self, request, token_handler):
+        """
+        Validate the refresh token grant and the actual refresh token.
+
+        The client MUST use the refresh token provided on issue of the
+        access token.
+        """
+        try:
+            self.validate_token_request(request)
+        except errors.OAuth2Error as e:
+            return None, {}, e.json, 400
+        return None, {}, json.dumps(token_handler.create_token(request, refresh_token=True)), 200
+
+    def validate_token_request(self, request):
+
+        if request.grant_type != 'refresh_token':
+            raise errors.UnsupportedGrantTypeError()
+
+        if request.refresh_token is None:
+            raise errors.InvalidRequestError(
+                    description='Missing refresh token parameter.')
+
+        # TODO: document diff client & client_id, former is authenticated
+        # outside spec, i.e. http basic
+        if not self.request_validator.validate_client(
+                request.client, request.grant_type):
+            raise errors.UnauthorizedClientError()
+
+        # validate_refresh_token must be provided by the provided request_validator.
+        if not self.request_validator.validate_refresh_token(
+                request.client, request.refresh_token):
+            raise errors.InvalidRequestError()