How to get a authentication code / token using Authlib 2.0 on Flask?

I have read part of the documentation of Authlib and the example multiple times, I also have read articles about the concept of Auth 2.0, but I can't figure out how to do it. I want my user to make login (Using username and password) and then my application to return a token. After that the user can use the private resources @require_oauth('profile').

My client :

*************************** 1. row ***************************
                 client_id: wmahDfsran1jk6CaH1knpi3n
             client_secret: mnr4j15pZurBPYHq4KW4LY8HC7pS4TwjzMlJAUGmo7Bpy5gP
                 issued_at: 1531271519
                expires_at: 0
token_endpoint_auth_method: client_secret_basic
                grant_type: authorization_code password
             response_type: code
                     scope: profile
               client_name: client_test
                  logo_uri: NULL
                   contact: NULL
                   tos_uri: NULL
                policy_uri: NULL
                  jwks_uri: NULL
                 jwks_text: NULL
             i18n_metadata: NULL
               software_id: NULL
          software_version: NULL
                        id: 2
                   user_id: 1

My POST request (Using Postman):

The error after make the request :

    "error": "invalid_grant"

Authorize :

@routes.route('/oauth/authorize', methods=['GET', 'POST'])
def authorize():  
    user = current_user()

        grant = authorization.validate_consent_request(end_user=user)
    except OAuth2Error as error:
        return error.error

    return authorization.create_authorization_response(grant_user=user)

Token :

@routes.route('/oauth/token', methods=['POST', 'GET'])
def issue_token():
    return authorization.create_token_response()

Profile :

@routes.route('/resource/profile', methods=['GET', 'POST'])
def profile():
    user = current_user()

    return jsonify(, username=user.username, secret=user.secret, client_id=user.client_id)

The token continues the same of the Auth Example.

If I try to access /resource/profile without a token / autorização :

{"error": "missing_authorization", "error_description": "Missing \"Authorization\" in headers."}

How can I fix it ?

Obs : After I fixed up this, how can I get the Auth Token and send on header to /resource/profile ?

Another references : Authorize access to Azure Active Directory web applications using the OAuth 2.0 code grant flow, OAuth 2.0: An Overview, invalid_grant trying to get oAuth token from google Ask, Circumstances of the “invalid_grant” error when refreshing an access token? , Authorization Code Grant return invalid_grant ...

1 answer