Simple yet powerful authorization / authentication client library for Python web applications.

Overview

Authomatic

https://travis-ci.org/authomatic/authomatic.svg?branch=master

Authomatic is a framework agnostic library for Python web applications with a minimalistic but powerful interface which simplifies authentication of users by third party providers like Facebook or Twitter through standards like OAuth and OpenID.

For more info visit the project page at http://authomatic.github.io/authomatic.

Maintainers

Authomatic was migrated from a private project of Peter Hudec to a community-managed project. Many thanks to Peter Hudec for all his hard work for creating and maintaining authomatic! We are now a small team of volunteers, not paid for the work here. Any help is appreciated!

Features

  • Loosely coupled.
  • Tiny but powerful interface.
  • The python-openid library is the only optional dependency.
  • Framework agnostic thanks to adapters. Out of the box support for Django, Flask, Pyramid and Webapp2.
  • Ready to accommodate future authorization/authentication protocols.
  • Makes provider API callls a breeze.
  • Asynchronous requests.
  • JavaScript library as a bonus.
  • Out of the box support for:
    • OAuth 1.0a providers: Bitbucket, Flickr, Meetup, Plurk, Twitter, Tumblr, UbuntuOne, Vimeo, Xero, Xing and Yahoo.
    • OAuth 2.0 providers: Amazon, Behance, Bitly, Cosm, DeviantART, Eventbrite, Facebook, Foursquare, GitHub, Google, LinkedIn, PayPal, Reddit, Viadeo, VK, WindowsLive, Yammer and Yandex.
    • python-openid and Google App Engine based OpenID.

License

The package is licensed under MIT license.

Requirements

Requires Python 2.7 and newer. Python 3.x support added in Authomatic 0.0.11 thanks to Emmanuel Leblond <https://github.com/touilleMan>`__.

Live Demo

There is a Google App Engine based live demo app running at http://authomatic-example.appspot.com which makes use of most of the features.

Contribute

Contributions of any kind are very welcome. If you want to contribute, please read the Development Guide first. The project is hosted on GitHub.

Usage

Read the exhaustive documentation at http://authomatic.github.io/authomatic.

Changelog

The Changelog is part of the documentation.

Comments
  • FailureError('Unable to retrieve token secret from storage!',)

    FailureError('Unable to retrieve token secret from storage!',)

    Some users are reporting lost session after redirect within the login procedure.

    the original issue as opened by @petertirrell was:

    Pyramid Adapter and example

    Implement an adapter for the Pyramid framework with example.

    bug waffle:in progress 
    opened by petertirrell 21
  • Python 3 support?

    Python 3 support?

    Hi,

    Does authomatic have python 3 support? Currently, I am getting a ---> 21 from core import Authomatic, setup, login, provider_id, access, async_access, credentials, request_elements, backend

    ImportError: No module named 'core'

    opened by ambasta 19
  • Google Login  Flask Redirect

    Google Login Flask Redirect

    I have a simple flask app that I am trying to implement login to google on. It all seems to work well until I get an error on the redirect back to my site. The app is deployed to heroku and is using the SSL certificate from heroku.

    The error I receive: The redirect URI in the request: http://dev.example.com/login/g did not match a registered redirect URI.

    opened by jbolda 16
  • Development stalled since July 2015?

    Development stalled since July 2015?

    Looks like the development stalled since July 15. @peterhudec if you need any help please tell us, there are some people out there using authomatic! Its great - but it needs some updates.

    opened by jensens 15
  • [ERROR]Missing or invalid User Agent string- GitHub

    [ERROR]Missing or invalid User Agent string- GitHub

    It is not able to auth with GitHub,

    Hi None

    Your id is: None

    Your email is: None

    Your JSON is: {"message":"Missing or invalid User Agent string. See http://developer.github.com/v3/#user-agent-required"}

    waffle:in progress 
    opened by dipankar08 15
  • Facebook API - cannot access to mail

    Facebook API - cannot access to mail

    I can only got name and ID from the facebook API call. In facebook's "LOGIN PERMISSIONS", I do see "email"; and in the config I set

    'fb': {
    
            'class_': oauth2.Facebook,
    
            # Facebook is an AuthorizationProvider too.
            'consumer_key': 'MYSTUFF',
            'consumer_secret': 'MYSTUFF',
    
            # But it is also an OAuth 2.0 provider and it needs scope.
            'scope': ['email'],
        },
    

    I got result.user.data to be {'name': 'Sean Lao', 'id': '55047288*******'} -- which is good, but -- no email!? - and result.user.email is None, while result.user.id, result.user.name work.

    The result is obtained through here:

    result = authomatic.login(WerkzeugAdapter(request, response), provider_name)
    

    How do I get the email?

    P.s. it works only for Yahoo so far. Haven't tried on Twitter or Google yet.

    and btw this is result.user.to_dict():

    {  
       'nickname':None,
       'provider':'fb',
       'first_name':None,
       'birth_date':'None',
       'id':'MYSTUFF',
       'location':None,
       'country':None,
       'credentials':'2%0A2-5%MYSTUFF',
       'phone':None,
       'data':{  
          'id':'MYSTUFF',
          'name':'Sean Lao'
       },
       'name':'Sean Lao',
       'locale':None,
       'city':None,
       'timezone':None,
       'last_name':None,
       'postal_code':None,
       'email':None,
       'username':None,
       'picture':'http://graph.facebook.com/THIS_ONE_WORKS/picture?type=large',
       'gender':None,
       'link':None,
       'gae_user':None
    }
    

    the 'picture':'http://graph.facebook.com/THIS_ONE_WORKS/picture?type=large', is working, though.

    bug adapter 
    opened by xunlao 12
  • Google OAuth 2.0 is broken with authorization header is enabled

    Google OAuth 2.0 is broken with authorization header is enabled

    At some point today all of my OAuth 2.0 requests to Google started failing with a cryptic error:

    [E 150414 16:23:47 __init__:333] authomatic: Google: Reported suppressed exception: FailureError('Failed to obtain OAuth 2.0 access token from https://accounts.google.com/o/oauth2/token! HTTP status: 400, message: {\n  "error" : "invalid_request",\n  "error_description" : "OAuth 2 parameters can only have a single value: client_secret"\n}.',)!
    

    After a bunch of trial and error I figured out that if I disabled the authorization header while requesting a TOKEN from google it worked. Not sure what changed but I thought I would share it here to see if other people are having the same issue.

    To monkey patch Authomatic until a formal change is figured out I just did this:

    from authomatic.providers.oauth2 import Google
    setattr(Google, "_x_use_authorization_header", False)
    
    bug 
    opened by carlsverre 12
  • Deprecate this project?

    Deprecate this project?

    I've used Authomatic for many years, and have really appreciated all the work people have put into it, but it seems that it is not keeping up with the times. The three most popular providers don't or soon won't work out of the box:

    • Google (G+ being retired)
    • Facebook (need to manually update API version)
    • Microsoft (very out of date and doesn't work)

    I've switched one of my projects to Flask-Dance and will soon migrate another to something else.

    I don't want to be too negative, but at this point, it seems best to update the official docs to suggest that people use other software for their Oauth needs.

    opened by jeffoneill 11
  • Merge rc0.1.1 branch back into master to pick up useful fixes

    Merge rc0.1.1 branch back into master to pick up useful fixes

    There are a number of useful fixes in the rc0.1.1 branch, which was presumably started for the next release, but never fully completed.

    I suggest merging these changes back into master for now, and then make a new release branch when we are ready to release.

    This branch seems to mostly consists of test changes, but also includes a few updates to providers and small bug fixes.

    opened by mrichar1 9
  • Redirecting user to the original referring URL after a successful login

    Redirecting user to the original referring URL after a successful login

    We are using the Google provider and we need to redirect the user to the original referring url after login. I was thinking about encoding extra data in the state parameter but Authomatic doesn't seem to provide any API for that. Also thought about storing the referer (from the request header) in the session. Any recommendation on how to do that ?

    thanks in advance Fábio

    opened by fabito 9
  • Support for Google Oauth2 post G+

    Support for Google Oauth2 post G+

    Below is an attempt to update providers/oauth2.py so that it will work with Google login after the shutdown of G+. It works currently with the email and profile scopes.

    I'm not sure if it will continue to work post G+ shutdown. 🤞

    -    user_info_url = 'https://www.googleapis.com/plus/v1/people/me'
    +    user_info_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
    
         @staticmethod
         def _x_user_parser(user, data):
    -        emails = data.get('emails', [])
    -        if emails:
    -            user.email = emails[0].get('value')
    -            for email in emails:
    -                if email.get('type') == 'account':
    -                    user.email = email.get('value')
    -                    break
    -
    -        user.id = data.get('sub') or data.get('id')
    -        user.name = data.get('displayName')
    -        user.first_name = data.get('name',{}).get('givenName')
    -        user.last_name = data.get('name',{}).get('familyName')
    -        user.locale = data.get('language')
    -        user.link = data.get('url')
    -        user.picture = data.get('image',{}).get('url')
    +        user.id = data.get('id')
    +        user.email = data.get('email')
    +        user.name = data.get('name')
    +        user.first_name = data.get('given_name')
    +        user.last_name = data.get('family_name')
    +        user.locale = data.get('locale')
    +        user.picture = data.get('picture')
             try:
                 user.birth_date = datetime.datetime.strptime(data.get('birthdate'), "%Y-%m-%d")
    -        except:
    +        except Exception:
                 user.birth_date = data.get('birthdate')
             return user
    
    
    opened by jeffoneill 8
  • Add adapter for Microsoft Online (Azure AD)

    Add adapter for Microsoft Online (Azure AD)

    I've tested this with pas.plugins.authomatic for logging into a Plone site. By default it assumes a multi-tenant app (anyone with an MS account). For single-tenant app, the domain of the tenant should be passed as a configuration parameter (¨domain¨).

    opened by uyar 1
  • SyntaxWarning:

    SyntaxWarning: "is" with a literal : warning issued by python

    This is not an issue but it is a warning when using automatic with python 3.8+ and authomatic 1.0.0 the warning was added in python 3.8 https://docs.python.org/3.8/whatsnew/3.8.html#changes-in-python-behavior

    Error

    Authomatic_1_0_0/authomatic/core.py:1720: SyntaxWarning: "is" with a literal. Did you mean "=="? if ProviderClass.supports_jsonp and method is 'GET':

    opened by mahdialibi 1
  • Openidc help / example request

    Openidc help / example request

    Can anyone post their openid config as an example? I'm having trouble matching up what I think should be in my json config for authomatic and what parameters are actually taken. (Like, where would I put "auth-server-url" in the json, for example? Also client ID secret).

    Thanks!

    opened by croaklumpish 1
  • example app on App Engine is broken

    example app on App Engine is broken

    Hi! Thanks for building and maintaining authomatic, it looks great!

    I noticed that the example app https://authomatic-example.appspot.com/ is down. You might want to consider fixing it or removing its link from the README and docs, eg https://authomatic.github.io/authomatic/#live-demo.

    opened by snarfed 0
  • Limit domain for google login, so it doesn't conflict with a subdomain?

    Limit domain for google login, so it doesn't conflict with a subdomain?

    I have a pair of sites that both use authomatic with Flask-login for google OAuth2,

    https://unslumping.org/ https://fun.unslumping.org/

    Each works fine if I clear all cookies in both domains before I log in. But logging in to the 2nd level domain seems to mess up logging in to the 3rd level domain. I get caught in a loop where .login() keeps returning an object with a .error either "Unable to retrieve stored state!" or "The returned state csrf cookie ... doesn't match with the stored state!"

    Is there a way I can limit the scope of cookies to the root domain, and not let them be used by the subdomain?

    opened by BobStein 1
Simple yet powerful authorization / authentication client library for Python web applications.

Authomatic Authomatic is a framework agnostic library for Python web applications with a minimalistic but powerful interface which simplifies authenti

null 962 Feb 19, 2021
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 1, 2023
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 3, 2023
Toolkit for Pyramid, a Pylons Project, to add Authentication and Authorization using Velruse (OAuth) and/or a local database, CSRF, ReCaptcha, Sessions, Flash messages and I18N

Apex Authentication, Form Library, I18N/L10N, Flash Message Template (not associated with Pyramid, a Pylons project) Uses alchemy Authentication Authe

null 95 Nov 28, 2022
Implements authentication and authorization as FastAPI dependencies

FastAPI Security Implements authentication and authorization as dependencies in FastAPI. Features Authentication via JWT-based OAuth 2 access tokens a

Jacob Magnusson 111 Jan 7, 2023
Simplifying third-party authentication for web applications.

Velruse is a set of authentication routines that provide a unified way to have a website user authenticate to a variety of different identity provider

Ben Bangert 253 Nov 14, 2022
Mock authentication API that acceccpts email and password and returns authentication result.

Mock authentication API that acceccpts email and password and returns authentication result.

Herman Shpryhau 1 Feb 11, 2022
Django CAS 1.0/2.0/3.0 client authentication library, support Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+

django-cas-ng django-cas-ng is Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Logou

django-cas-ng 347 Dec 18, 2022
A Python package, that allows you to acquire your RecNet authorization bearer token with your account credentials!

RecNet-Login This is a Python package, that allows you to acquire your RecNet bearer token with your account credentials! Installation Done via git: p

Jesse 6 Aug 18, 2022
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 997 Jan 6, 2023
Awesome Django authorization, without the database

rules rules is a tiny but powerful app providing object-level permissions to Django, without requiring a database. At its core, it is a generic framew

null 1.6k Dec 30, 2022
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 916 Feb 15, 2021
Phishing Abusing Microsoft 365 OAuth Authorization Flow

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

bigb0ss 11 Dec 11, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

Optiv Security 76 Jan 2, 2023
Some scripts to utilise device code authorization for phishing.

OAuth Device Code Authorization Phishing Some scripts to utilise device code authorization for phishing. High level overview as per the instructions a

Daniel Underhay 6 Oct 3, 2022
A wagtail plugin to replace the login by an OAuth2.0 Authorization Server

Wagtail OAuth2.0 Login Plugin to replace Wagtail default login by an OAuth2.0 Authorization Server. What is wagtail-oauth2 OAuth2.0 is an authorizatio

Gandi 7 Oct 7, 2022
Skit-auth - Authorization for skit.ai's platform

skit-auth This is a simple authentication library for Skit's platform. Provides

Skit 3 Jan 8, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 1, 2023
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth Notice This project is currently unmaintained. Check #484 for more details and suggested alternatives. JSON Web Token Authenti

José Padilla 3.2k Dec 31, 2022