From 02e31c8e734d5802e149236ae47e56c9e77f1fd3 Mon Sep 17 00:00:00 2001
From: Tjerk Wolterink <tjerkw@gmail.com>
Date: Tue, 8 Jul 2014 13:23:54 +0200
Subject: [PATCH] Ensure the oauth is an object not a class..

Using a class like it was, would make it vulnerable to leaking the authorization the to other handlers in a multithreaded environment. Since classes are static.
---
 pyoauth2/provider.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pyoauth2/provider.py b/pyoauth2/provider.py
index de6eb18..3883f0a 100644
--- a/pyoauth2/provider.py
+++ b/pyoauth2/provider.py
@@ -572,7 +572,8 @@ def authorization_class(self):
 
     def get_authorization(self):
         """Get authorization object representing status of authentication."""
-        auth = self.authorization_class()
+        auth_class = self.authorization_class()
+        auth = auth_class()
         header = self.get_authorization_header()
         if not header or not header.split:
             return auth