create_RSO_link
client.create_RSO_link(redirect_uri, client_id, response_type, scopes, login_hint=None, ui_locales=None, state=None)
await needed.
| Parameter | Type | Description |
|---|
redirect_uri | str | OAuth2 callback URL |
client_id | str | Your RSO application’s client ID |
response_type | str | OAuth2 response type, typically "code" |
scopes | list[str] | Scopes to request. Must include openid. Additional: cpid, offline_access |
login_hint | str, optional | Pre-populate login page data |
ui_locales | list[str], optional | Preferred UI locales in order |
state | str, optional | Opaque value returned to your redirect URI for CSRF protection |
str — the constructed authorization URL
Example
import valaw
import secrets
client = valaw.Client("YOUR_TOKEN", "americas")
# Generate a CSRF state token
state_token = secrets.token_urlsafe(32)
auth_url = client.create_RSO_link(
redirect_uri="https://yourapp.com/callback",
client_id="your-client-id",
response_type="code",
scopes=["openid", "cpid"],
state=state_token
)
print(f"Redirect user to: {auth_url}")
OAuth2 Flow
- Call
create_RSO_link to generate the authorization URL
- Redirect the user to that URL
- The user logs in and grants permissions
- Riot redirects back to your
redirect_uri with an authorization code
- Exchange the code for an access token (via Riot’s token endpoint)
- Use the access token with
GET_getByAccessToken
Always validate the state parameter in your callback to prevent CSRF attacks.
