A fully tested, abstract interface to creating OAuth clients and servers.

Overview

Join the chat at https://gitter.im/joestump/python-oauth2 Build Status Coverage Number of issues Licence MIT

Note: This library implements OAuth 1.0 and not OAuth 2.0.

Overview

python-oauth2 is a python oauth library fully compatible with python versions: 2.6, 2.7, 3.3 and 3.4. This library is depended on by many other downstream packages such as Flask-Oauth.

Installing

You can install oauth2 via the PIP package.

$ pip install oauth2

We recommend using virtualenv.

Examples

Examples can be found in the wiki

Running tests

You can run tests using the following at the command line:

$ pip install -r requirements.txt
$ python setup.py test

History

This code was originally forked from Leah Culver and Andy Smith's oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal's fork. A number of notable differences exist between this code and its forefathers:

  • 100% unit test coverage.
  • The DataStore object has been completely ripped out. While creating unit tests for the library I found several substantial bugs with the implementation and confirmed with Andy Smith that it was never fully baked.
  • Classes are no longer prefixed with OAuth.
  • The Request class now extends from dict.
  • The library is likely no longer compatible with Python 2.3.
  • The Client class works and extends from httplib2. It's a thin wrapper that handles automatically signing any normal HTTP request you might wish to make.
Comments
  • Make setup.py py3 compatible.

    Make setup.py py3 compatible.

    I've done a basic update to the library to begin getting it to be python3 compatible. A lot of upstream projects still rely on this unfortunately and their communities are not willing to change to oauthlib. This will help to prolong the inevitable. This should begin to partially relieve #147

    PY3K 
    opened by jaitaiwan 49
  • oauth_callback should be sent when requesting a request token

    oauth_callback should be sent when requesting a request token

    It's currently difficult to send the oauth_callback parameter when requesting a request token (as per section 6.1.1 of the oauth 1.0a community spec: http://oauth.net/core/1.0a/#auth_step1). In order to make it work, I had to include the oauth_callback param in the 'body' of the client request:

    import urllib import oauth2 as oauth

    key = 'mykey' secret = 'mysecret' callback_uri = 'http://mycallback/uri'

    consumer = oauth.Consumer(key, secret) client = oauth.Client(consumer) client.set_signature(oauth.SignatureMethod_PLAINTEXT())

    get the request token

    body = urllib.urlencode(dict(oauth_callback=callback_uri)) resp, content = client.request(request_token_uri, 'POST', body=body)

    This feels like a hack and isn't clear from reading any of the examples. It would be much more intuitive if the caller was able to pass the callback uri as a kwarg to the client constructor or to the request method, i.e.:

    client = oauth.Client(..) ... client.request(uri, 'POST', callback=callback)

    opened by paulosman 19
  • Update support for Python 2.6+

    Update support for Python 2.6+

    As discussed here, there's a discussion to drop support for Python 2.4.

    This pull takes the first step by updating the README, removing pre-2.6 library imports, and 2.6+ style exception syntax.

    Moved https://github.com/joestump/python-oauth2/pull/177 to develop branch here.

    opened by rickhanlonii 12
  • Python 3 Compatibility

    Python 3 Compatibility

    I'm not sure these changes ensure FULL compatibility but I believe running this should have no errors in 3 now. Also not sure if this breaks backwards compatibility...

    opened by jaitaiwan 11
  • AttributeError: 'module' object has no attribute 'Consumer'

    AttributeError: 'module' object has no attribute 'Consumer'

    I tried to use oauth library for my application, that will parse tweets from an account, used instructions from here https://dev.twitter.com/oauth/overview/single-user:

    def oauth_req(url, key, secret, http_method="GET", post_body=None, http_headers=None):
        consumer = oauth.Consumer(key=key, secret=secret)
        token = oauth.Token(key=key, secret=secret)
        client = oauth.Client(consumer, token)
        resp, content = client.request( url, method=http_method, body=post_body, headers=http_headers, force_auth_header=True )
        return content
    
    def get_tweets():
        timeline = oauth_req('https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=climagic', '3WTohSoXhJrmmk61oOwmJBwQp', 'FlqER9N3qoYl89bPTZ8EP9CWXBtttkikaYeE9pqIyCwX7GSNYA' )
        print(timeline)
    

    But it doesn't work because of absence of attribute 'Consumer'.

    opened by theasder 11
  • oauth 2.0?

    oauth 2.0?

    It's my understanding that python-oauth2 is actually an implementation of OAuth 1.0. With the OAuth 2.0 final spec imminent, this is going to get really confusing for anyone trying to use the new, non-backwards-compatible spec, especially as there doesn't seem to be a complete OAuth 2.0 implementation in python yet. Is there anything you guys can do to mitigate this?

    opened by eykd 10
  • Internal Server Error: object supporting the buffer API required

    Internal Server Error: object supporting the buffer API required

    Hi, I'm on python 3.4.0 and python-oauth2 1.9. The doc says it supports python up to 3.4 but it doesn't work for me.

    Traceback (most recent call last): File "/Users/speedingdeer/code/.../pyvenv3.4/lib/python3.4/site-packages/bottle.py", line 862, in _handle return route.call(*_args) File "/Users/speedingdeer/code/.../pyvenv3.4/lib/python3.4/site-packages/bottle.py", line 1732, in wrapper rv = callback(_a, **ka) File "server.py", line 242, in do_oauth_callback resp, content = client.request(request_url, 'GET') File "/Users/speedingdeer/code/.../pyvenv3.4/lib/python3.4/site-packages/oauth2/init.py", line 687, in request connection_type=connection_type) File "/Users/speedingdeer/code.../pyvenv3.4/lib/python3.4/site-packages/httplib2/init.py", line 1314, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/Users/speedingdeer/code/.../pyvenv3.4/lib/python3.4/site-packages/httplib2/init.py", line 1116, in _request headers=headers, redirections=redirections - 1) File "/Users/speedingdeer/code/.../pyvenv3.4/lib/python3.4/site-packages/oauth2/init.py", line 673, in request req.sign_request(self.method, self.consumer, self.token) File "/Users/speedingdeer/code/.../pyvenv3.4/lib/python3.4/site-packages/oauth2/init.py", line 493, in sign_request self['oauth_body_hash'] = base64.b64encode(sha1(self.body).digest()) TypeError: object supporting the buffer API required

    Do you know something about this issue?

    Bug 
    opened by speedingdeer 9
  • Submit coverage reports to Codecov

    Submit coverage reports to Codecov

    Steve here from Codecov. Thank you for maintaining this project! I wanted to create this PR to add our coverage reporting tool to this repository, which we use at Codecov :+1:

    View a report generated from this fork

    I look forward to hearing your feedback. Let me know if you have any questions!

    Cheers, Steve

    opened by stevepeak 9
  • 'module' object has no attribute 'Consumer' on Ubuntu

    'module' object has no attribute 'Consumer' on Ubuntu

    Hi, i have a problem with oauth2 on Ubuntu, this is my code:

    import oauth2 as oauth

    CONSUMER_KEY = 'ZZZ' CONSUMER_SECRET = 'KKK'

    def oauth_req(url, key, secret, http_method="GET", post_body=None, http_headers=None): consumer = oauth.Consumer(key=CONSUMER_KEY, secret=CONSUMER_SECRET) token = oauth.Token(key=key, secret=secret) client = oauth.Client(consumer, token) resp, content = client.request( url, method=http_method, body=post_body, headers=http_headers, force_auth_header=True ) return resp, content

    content, home_timeline = oauth_req( 'https://api.twitter.com/1.1/statuses/home_timeline.json', 'YYY', 'XXX' )

    And this is the traceback

    Traceback (most recent call last): File "/home/facundo/Escritorio/oauth2.py", line 1, in import oauth2 as oauth File "/home/facundo/Escritorio/oauth2.py", line 13, in content, home_timeline = oauth_req( 'https://api.twitter.com/1.1/statuses/home_timeline.json', '163064210-ZvmxvqAAJOPwUMNqhEcIM3ODDMmpso59uX38eMMJ', 'ijRSQyku55sTNtaNh1eRzBvM2OQ59CkryQQnic1NfcHX6' ) File "/home/facundo/Escritorio/oauth2.py", line 7, in oauth_req consumer = oauth.Consumer(key=CONSUMER_KEY, secret=CONSUMER_SECRET) AttributeError: 'module' object has no attribute 'Consumer'

    i install oauth2 with this comand "pip install oauth2".

    i forget to do something ?? What is worng ??

    Tranks

    More Information Required 
    opened by facuchaves 9
  • Specification improvement and bug fix to sign_request

    Specification improvement and bug fix to sign_request

    Per the OAuth Body Hash specifications (3.2), if there is no body entity, then the hash should be done over the empty string.

    Also, when httplib2 handles a redirect, the follow is performed with None as the request body. This causes a TypeError to be thrown here when attempting to hash the body.

    This commit prevents the TypeError, while improving the specification alignment. "Win, win, win." -Michael Scott


    Should fix issue #112 Should close pull #113

    Many thanks to @holm!

    Security Bug Needs Tests 
    opened by rickhanlonii 9
  • python-oauth2 152: Twitter API always return Error 401 with utf-8 parameter

    python-oauth2 152: Twitter API always return Error 401 with utf-8 parameter

    Hi

    After upgrade python-oauth2 to 152 and trying to update twitter status using string encode to utf-8 twitter always return error:

    {'status': '401'} {"request":"/1/statuses/update.json","error":"Incorrect signature"}')

    here's string that I tried to POST to twitter: status=ué¿q s,apa u.s?..a and here's the result from httplib2 debug: status=Bu%3F%3Fq%20s%2Capa%20u.s%3F..a

    urllib.unquote('status=Bu%3F%3Fq%20s%2Capa%20u.s%3F..a') 'status=Bu??q s,apa u.s?..a'

    after removing this 2 lines everything working normal.

    329 k = to_unicode(k) 330 v = to_unicode_optional_iterator(v)

    opened by gadjah 9
  • DeprecationWarning: distutils versions classes are deprecated.

    DeprecationWarning: distutils versions classes are deprecated.

    This warning is thrown when using oauth2==1.9.0.post1 & Django 3.2

    /venv3/lib/python3.9/site-packages/oauth2/_version.py:17: DeprecationWarning: distutils Version classes are deprecated. Use packaging.version instead.
      __version__ = distutils_Version(verstr)
    

    Should be easy to fix:

    from packaging import version
     __version__ = version(verstr)
    
    opened by cchacholiades 0
  • use unittest.mock instead of mock

    use unittest.mock instead of mock

    I see you are still supporting Python 2, so dropping mock usage is not really an option, but could you please consider to fallback to unittest.mock when mock is not available?

    Background: https://trello.com/c/S6eADbii/64-remove-python-mock https://fedoraproject.org/wiki/Changes/DeprecatePythonMock

    opened by pgajdos 0
  • Publish latest to pypi?

    Publish latest to pypi?

    The git master branch has quite a few changes that haven't been published as a pypi release yet. Would a maintainer be able to do that?

    I know this project isn't actively developed & maintained, but it'd be nice to have on pypi all the fixes & updates from the past years that did get merged.

    opened by brondsem 0
  • Explicitly encode XOAuth string

    Explicitly encode XOAuth string

    Without encodeing the string, I get the following error:

    File "/usr/lib/python3.8/site-packages/oauth2/clients/smtp.py", line 41, in authenticate base64.b64encode(oauth2.build_xoauth_string(url, consumer, token))) File "/usr/lib/python3.8/base64.py", line 58, in b64encode encoded = binascii.b2a_base64(s, newline=False) TypeError: a bytes-like object is required, not 'str'

    opened by fw-aaron 0
Owner
Joe Stump
I like turtles.
Joe Stump
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

Authlib The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included. Authlib is compatible with Python2.

Hsiaoming Yang 2.3k Feb 17, 2021
Toolkit for Pyramid, a Pylons Project, to add Authentication and Authorization using Velruse (OAuth) and/or a local database, CSRF, ReCaptcha, Sessions, Flash messages and I18N

Apex Authentication, Form Library, I18N/L10N, Flash Message Template (not associated with Pyramid, a Pylons project) Uses alchemy Authentication Authe

null 95 Nov 28, 2022
Doing the OAuth dance with style using Flask, requests, and oauthlib.

Flask-Dance Doing the OAuth dance with style using Flask, requests, and oauthlib. Currently, only OAuth consumers are supported, but this project coul

David Baumgold 915 Dec 28, 2022
A Python library for OAuth 1.0/a, 2.0, and Ofly.

Rauth A simple Python OAuth 1.0/a, OAuth 2.0, and Ofly consumer library built on top of Requests. Features Supports OAuth 1.0/a, 2.0 and Ofly Service

litl 1.6k Dec 8, 2022
Doing the OAuth dance with style using Flask, requests, and oauthlib.

Flask-Dance Doing the OAuth dance with style using Flask, requests, and oauthlib. Currently, only OAuth consumers are supported, but this project coul

David Baumgold 799 Feb 17, 2021
Doing the OAuth dance with style using Flask, requests, and oauthlib.

Flask-Dance Doing the OAuth dance with style using Flask, requests, and oauthlib. Currently, only OAuth consumers are supported, but this project coul

David Baumgold 802 Feb 22, 2021
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

OAuthLib - Python Framework for OAuth1 & OAuth2 *A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.5+

OAuthlib 2.5k Jan 2, 2023
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

OAuthLib - Python Framework for OAuth1 & OAuth2 *A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.5+

OAuthlib 2.5k Jan 1, 2023
This is a Python library for accessing resources protected by OAuth 2.0.

This is a client library for accessing resources protected by OAuth 2.0. Note: oauth2client is now deprecated. No more features will be added to the l

Google APIs 787 Dec 13, 2022
Phishing Abusing Microsoft 365 OAuth Authorization Flow

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

bigb0ss 11 Dec 11, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

Optiv Security 76 Jan 2, 2023
Local server that gives you your OAuth 2.0 tokens needed to interact with the Conta Azul's API

What's this? This is a django project meant to be run locally that gives you your OAuth 2.0 tokens needed to interact with Conta Azul's API Prerequisi

Fábio David Freitas 3 Apr 13, 2022
A module making it easier to manage Discord oAuth with Quart

quart_discord A module making it easier to manage Discord oAuth with Quart Install pip install git+https://github.com/xelA/quart_discord@master How to

null 5 Oct 27, 2022
Python library for generating a Mastercard API compliant OAuth signature.

oauth1-signer-python Table of Contents Overview Compatibility References Usage Prerequisites Adding the Library to Your Project Importing the Code Loa

null 23 Aug 1, 2022
Plotly Dash plugin to allow authentication through 3rd party OAuth providers.

dash-auth-external Integrate your dashboards with 3rd parties and external OAuth providers. Overview Do you want to build a Plotly Dash app which pull

James Holcombe 15 Dec 11, 2022
This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)

Welcome to django-rest-auth Repository is unmaintained at the moment (on pause). More info can be found on this issue page: https://github.com/Tivix/d

Tivix 2.4k Jan 3, 2023
A host-guest based app in which host can CREATE the room. and guest can join room with room code and vote for song to skip. User is authenticated using Spotify API

A host-guest based app in which host can CREATE the room. and guest can join room with room code and vote for song to skip. User is authenticated using Spotify API

Aman Raj 5 May 10, 2022
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Easy and secure implementation of Azure AD for your FastAPI APIs ?? Single- and multi-tenant support.

Intility 220 Jan 5, 2023
A full Rest-API With Oauth2 and JWT for request & response a JSON file Using FastAPI and SQLAlchemy 🔑

Pexon-Rest-API A full Rest-API for request & response a JSON file, Building a Simple WorkFlow that help you to Request a JSON File Format and Handling

Yasser Tahiri 15 Jul 22, 2022