Doing the OAuth dance with style using Flask, requests, and oauthlib.

Overview

Flask-Dance Build status Test coverage Documentation

Doing the OAuth dance with style using Flask, requests, and oauthlib. Currently, only OAuth consumers are supported, but this project could easily support OAuth providers in the future, as well. The full documentation for this project is hosted on ReadTheDocs, including the full list of supported OAuth providers, but this README will give you a taste of the features.

Installation

Just the basics:

$ pip install Flask-Dance

Or if you're planning on using the SQLAlchemy storage:

$ pip install Flask-Dance[sqla]

Quickstart

If you want your users to be able to log in to your app from any of the supported OAuth providers, you've got it easy. Here's an example using GitHub:

from flask import Flask, redirect, url_for
from flask_dance.contrib.github import make_github_blueprint, github

app = Flask(__name__)
app.secret_key = "supersekrit"
blueprint = make_github_blueprint(
    client_id="my-key-here",
    client_secret="my-secret-here",
)
app.register_blueprint(blueprint, url_prefix="/login")

@app.route("/")
def index():
    if not github.authorized:
        return redirect(url_for("github.login"))
    resp = github.get("/user")
    assert resp.ok
    return "You are @{login} on GitHub".format(login=resp.json()["login"])

If you're itching to try it out, check out the flask-dance-github example repository, with detailed instructions for how to run this code.

The github object is a context local, just like flask.request. That means that you can import it in any Python file you want, and use it in the context of an incoming HTTP request. If you've split your Flask app up into multiple different files, feel free to import this object in any of your files, and use it just like you would use the requests module.

You can also use Flask-Dance with any OAuth provider you'd like, not just the pre-set configurations. See the documentation for how to use other OAuth providers.

Storages

By default, OAuth access tokens are stored in Flask's session object. This means that if the user ever clears their browser cookies, they will have to go through the OAuth dance again, which is not good. You're better off storing access tokens in a database or some other persistent store, and Flask-Dance has support for swapping out the token storage. For example, if you're using SQLAlchemy, set it up like this:

from flask_sqlalchemy import SQLAlchemy
from flask_dance.consumer.storage.sqla import OAuthConsumerMixin, SQLAlchemyStorage

db = SQLAlchemy()

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    # ... other columns as needed

class OAuth(OAuthConsumerMixin, db.Model):
    user_id = db.Column(db.Integer, db.ForeignKey(User.id))
    user = db.relationship(User)

# get_current_user() is a function that returns the current logged in user
blueprint.storage = SQLAlchemyStorage(OAuth, db.session, user=get_current_user)

The SQLAlchemy storage seamlessly integrates with Flask-SQLAlchemy, as well as Flask-Login for user management, and Flask-Caching for caching.

Full Documentation

This README provides just a taste of what Flask-Dance is capable of. To see more, read the documentation on ReadTheDocs.

Comments
  • Twitter:

    Twitter: "ValueError: Cannot get OAuth token without an associated user"

    I was able to run the github-oauth based example correctly.

    I then created this gist which is the same except switching to twitter. It gives "ValueError: Cannot get OAuth token without an associated user".

    opened by chrisroat 24
  • Wrong session usage or possible security issue

    Wrong session usage or possible security issue

    Working according to the basic documentation, I'm hitting a serious problem where one user login session in one browser is propogated to another browser with no login credentials.

    Here's my relevant server code:

    from os import environ
    
    from flask import Flask, redirect, url_for, render_template
    from flask_sqlalchemy import SQLAlchemy
    from flask_migrate import Migrate
    from flask_dance.contrib.twitter import make_twitter_blueprint, twitter
    from flask_dance.consumer.backend.sqla import SQLAlchemyBackend, OAuthConsumerMixin
    from werkzeug.contrib.fixers import ProxyFix
    
    
    app = Flask(__name__)
    app.secret_key = environ.get('FLASK_SECRET_KEY')
    app.wsgi_app = ProxyFix(app.wsgi_app)
    app.config.from_object('config.Config')
    
    db = SQLAlchemy(app)
    migrate = Migrate(app, db)
    
    class OAuth(OAuthConsumerMixin, db.Model):
        pass
    
    twitter_blueprint = make_twitter_blueprint(
        api_key=app.config['TWITTER_CONSUMER_KEY'],
        api_secret=app.config['TWITTER_CONSUMER_SECRET'],
    )
    twitter_blueprint.backend = SQLAlchemyBackend(OAuth, db.session)
    app.register_blueprint(twitter_blueprint, url_prefix='/login')
    
    
    @app.route('/')
    def index():
        username = None
        if twitter.authorized:
            resp = twitter.get('account/settings.json')
            username = resp.json()['screen_name']
        return render_template('index.html', username=username)
    

    Steps:

    1. Open two separate browser sessions
    2. In both sessions, navigate to server:5000, homepage shows a login link {{ url_for('twitter.login') }}
    3. On browser A, perform Twitter authentication dance
    4. Redirect back to homepage, username is rendered correctly, inspecting the SQL database, the oauth tokens are indeed saved correctly for the user
    5. On browser B refresh homepage, username is now populated with the login session from browser A

    Other notes:

    • Happens on all environments, both with and without flask debug mode, as well as running through gunicorn
    • Backend database is a postgreSQL instance
    • Flask 1.0.2, Flask-dance 1.0.0, Python 3.7
    • Adding user_required=False as a param to SQLAlchemyBackend doesn't change this behavior

    This is no doubt a serious potential security bug. Either the library is behaving in an unexpected way, or I'm doing something wrong, and hitting a pitfall, in which case the documentation probably should be updated to warn about this behavior.

    opened by yuvadm 20
  • Okta provider not working

    Okta provider not working

    Trying to use the Okta provider (which doesn't have an example to follow)

    import os
    from flask import Flask, redirect, url_for
    from flask_dance.contrib.okta import make_okta_blueprint, okta
    from flask_dotenv import DotEnv
    
    app = Flask(__name__)
    env = DotEnv(app)
    
    app.secret_key = os.environ.get("FLASK_SECRET_KEY", "supersekrit")
    okta_bp = make_okta_blueprint(
        client_id=app.config["OKTA_OAUTH_CLIENT_ID"],
        client_secret=app.config["OKTA_OAUTH_CLIENT_SECRET"],)
    app.register_blueprint(okta_bp, url_prefix="/login")
    
    
    @app.route("/")
    def index():
        if not okta.authorized:
            return redirect(url_for("okta.login"))
        resp = okta.get("/user")
        assert resp.ok
        return "You are @{login} on Okta".format(login=resp.json()["login"])
    
    
    if __name__ == "__main__":
        app.run(debug=True, use_reloader=True)
    

    Gives me the following error:

    builtins.AttributeError
    AttributeError: 'NoneType' object has no attribute 'lower'
    
    Traceback (most recent call last)
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 2328, in __call__
    return self.wsgi_app(environ, start_response)
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 2314, in wsgi_app
    response = self.handle_exception(e)
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1760, in handle_exception
    reraise(exc_type, exc_value, tb)
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\_compat.py", line 36, in reraise
    raise value
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 2311, in wsgi_app
    response = self.full_dispatch_request()
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1834, in full_dispatch_request
    rv = self.handle_user_exception(e)
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1737, in handle_user_exception
    reraise(exc_type, exc_value, tb)
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\_compat.py", line 36, in reraise
    raise value
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1832, in full_dispatch_request
    rv = self.dispatch_request()
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1818, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
    File "C:\work\python\okta-flask-example\env\lib\site-packages\flask_dance\consumer\oauth2.py", line 201, in login
    self.authorization_url, state=self.state, **self.authorization_url_params
    File "C:\work\python\okta-flask-example\env\lib\site-packages\requests_oauthlib\oauth2_session.py", line 158, in authorization_url
    **kwargs), state
    File "C:\work\python\okta-flask-example\env\lib\site-packages\oauthlib\oauth2\rfc6749\clients\web_application.py", line 90, in prepare_request_uri
    redirect_uri=redirect_uri, scope=scope, state=state, **kwargs)
    File "C:\work\python\okta-flask-example\env\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py", line 70, in prepare_grant_uri
    if not is_secure_transport(uri):
    File "C:\work\python\okta-flask-example\env\lib\site-packages\oauthlib\oauth2\rfc6749\utils.py", line 94, in is_secure_transport
    return uri.lower().startswith('https://')
    AttributeError: 'NoneType' object has no attribute 'lower'
    

    because self.authorization_url is empty.

    Any ideas?

    opened by RichardCullen 19
  • Flask dance with twitch API

    Flask dance with twitch API

    I have been trying to use flask-dance for Twitch API via OAuth2ConsumerBlueprint. The requests seem to fail since Twitch API expects client ID in request headers.

    DEBUG:requests_oauthlib.oauth2_session:Supplying headers {u'Authorization': u'Bearer XXXXXX'} and data None
    DEBUG:requests_oauthlib.oauth2_session:Passing through key word arguments {'allow_redirects': True}.
    DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.twitch.tv
    DEBUG:urllib3.connectionpool:https://api.twitch.tv:443 "GET /user HTTP/1.1" 302 154
    DEBUG:urllib3.connectionpool:https://api.twitch.tv:443 "GET /kraken/base HTTP/1.1" 400 96
    {u'status': 400, u'message': u'No client id specified', u'error': u'Bad Request'}
    

    I have tried manually setting the headers and it seems to succeed (even though it leaves new questions for me). I can not see how I can set custom headers. Is it possible?

    opened by chanux 19
  • authorized_url is http, not https:

    authorized_url is http, not https:

    I'm calling flask-dance with make_slack_blueprint, and the URL flask-dance sends to Slack as the authorized_url is

    "http://mydomain.com/login/slack/authorized"

    instead of the proper

    "https://mydomain.com/login/slack/authorized"

    This means the call fails on my production server since I did not set the insecure HTTPS env variable there (and shouldn't)

    how do I get flask dance to pass the https URL for the authorized_url? If I try to specify an absolute path as the authorized url then it gets treated as a relative path.

    blueprint_slack = make_slack_blueprint(
        client_id="sdfdsg242894452",
        client_secret="53019238021358rrgdf",
        scope=["identify",  "chat:write:bot"],
        **authorized_url='https://www.mydomain.com/login/slack/authorized',**   
        redirect_url='/slack_authorized',
    

    )

    If it is meaningful:

    I'm running Flask 1.0+

    • with Flask-talisman 0 all URl's redirect to https:// and I have HSTS set
    • with a gunicorn server, with relevant https flags set in my gunicorn config file

    secure_proxy_ssl_header = ('HTTP_X_FORWARDED_PROTO', 'https') forwarded_allow_ips = '*' secure_scheme_headers = {'X-Forwarded-Proto': 'https'} x_forwarded_for_header = 'X-FORWARDED-FOR'

    PS: And yes, the client_id and secret above are bogus!

    opened by aardvark82 16
  • Add option to allow CSRF attacks

    Add option to allow CSRF attacks

    Fixes #191. Slack apps can be installed from the Slack app directory, which involves doing the OAuth dance starting from slack.com instead of from the Flask app. This is the same as a cross-site request forgery attack, but it is the expected behavior.

    Is there some way that we can narrow the scope of this vulnerability? Is there a reliable way to only bypass the state check for requests that were initiated by a subdomain of slack.com, for example? I don't know if Referer headers are reliable or not...

    opened by singingwolfboy 15
  • How does twitter.authorized know it's me?

    How does twitter.authorized know it's me?

    I don't really understand how I can log out, delete my cookie, then click the "Sign in with Twitter" button and it somehow knows who I am and just logs me in directly. twitter.authorized is evaluating to True, and I saw that the code I think that's being evaluating to True is:

    bool(self._client.client.client_secret) and
    bool(self._client.client.resource_owner_key) and
    bool(self._client.client.resource_owner_secret)
    

    How can the session still have a resource_owner_key and resource_owner_secret after I've logged out, deleted my session cookie in Chrome, and restarted the server?

    opened by NathanWailes 14
  • Added Bitbucket provider

    Added Bitbucket provider

    Bitbucket requires HTTP Basic Authentication witch client_id and client_secret to fetch tokens. OAuth2ConsumerBlueprint has been adjusted to pass through authentication details (object or tuple as expected by requests).

    A provider Bitbucket has been added.

    Test for new provider has been added.

    Documentation has been updated.

    opened by jsfan 13
  • Updated Azure to allow defining authorization_url_params

    Updated Azure to allow defining authorization_url_params

    I hope this is all okay. I have updated the Azure provider to allow someone to define authorization_url_params to pass additional data.

    Azure supports extra parameters such as prompt, login_hint and domain_hint

    https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#request-an-authorization-code

    opened by gchq83514 11
  • client_id and client_secret required for Meetup

    client_id and client_secret required for Meetup

    Thanks very much for writing this package. Should make flask projects a lot tidier!

    I'm having an issue with the Meetup blueprint, and I can't figure out what's up. I've taken the flask-dance-github project as a test (and confirmed it works fine with Github) and modified it minimally so it should work with Meetup. (Slightly different parameter names.) However I get the following error:

    127.0.0.1 - - [16/Mar/2019 01:16:15] "GET /login/meetup/authorized?code=<code>&state=<state> HTTP/1.1" 500 -
    Traceback (most recent call last):
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 2309, in __call__
        return self.wsgi_app(environ, start_response)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 2295, in wsgi_app
        response = self.handle_exception(e)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1741, in handle_exception
        reraise(exc_type, exc_value, tb)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
        raise value
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
        response = self.full_dispatch_request()
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
        rv = self.handle_user_exception(e)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
        reraise(exc_type, exc_value, tb)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
        raise value
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
        rv = self.dispatch_request()
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
        return self.view_functions[rule.endpoint](**req.view_args)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask_dance/consumer/oauth2.py", line 266, in authorized
        **self.token_url_params
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/requests_oauthlib/oauth2_session.py", line 307, in fetch_token
        self._client.parse_request_body_response(r.text, scope=self.scope)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 415, in parse_request_body_response
        self.token = parse_token_response(body, scope=scope)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 425, in parse_token_response
        validate_token_parameters(params)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 432, in validate_token_parameters
        raise_from_error(params.get('error'), params)
      File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/errors.py", line 405, in raise_from_error
        raise cls(**kwargs)
    oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: (invalid_request) client_id and client_secret required
    

    I am being successfully redirected to the authorize endpoint on Meetup, and I accept, then I am quickly redirected back to /meetup/login/authorized. However it seems that the client_id and client_secret are not then being sent to the access endpoint on Meetup.

    Don't currently have a proxy to properly check the requests from flask. Any idea what the cause might be?

    Cheers.

    opened by electricworry 11
  • Make sqla backend know when to require a user

    Make sqla backend know when to require a user

    This resolves the issue raised in #88, where Flask-Dance should have raised an exception instead of trying to create an OAuth token without an associated user. This changes the SQLAlchemy backend to take a new optional argument: require_user. When set to True, the backend will not allow OAuth tokens to be created without an associated user. This argument is True by default when an argument is passed for user or user_id.

    @NathanWailes, can you take a look at this, and let me know if the functionality is what you had in mind?

    opened by singingwolfboy 11
  • Adds base_url to allow different data center usage

    Adds base_url to allow different data center usage

    Gives the ability to change base_url, currently, it defaults to the US data center (https://api.nylas.com/) but customers in EU are unable to make requests since the EU data center is at (https://ireland.api.nylas.com)

    opened by ajay-k 6
  • Failing tests/fixtures/test_pytest.py in the Debian build

    Failing tests/fixtures/test_pytest.py in the Debian build

    Hello,

    Thank you very much for your work on this! However, whilst trying to package this module for Debian, I seem to run into this test failure around fixtures:

    I: pybuild base:239: python3-coverage run -m pytest
    ============================= test session starts ==============================
    platform linux -- Python 3.10.6, pytest-7.1.2, pluggy-1.0.0+repack
    rootdir: /<<PKGBUILDDIR>>
    plugins: mock-3.8.2, betamax-0.8.1
    collected 192 items
    
    tests/test_utils.py ..                                                   [  1%]
    tests/consumer/test_oauth1.py ....................                       [ 11%]
    tests/consumer/test_oauth2.py ........................                   [ 23%]
    tests/consumer/test_requests.py ..........                               [ 29%]
    tests/consumer/storage/test_sqla.py ............                         [ 35%]
    tests/contrib/test_atlassian.py ......                                   [ 38%]
    tests/contrib/test_authentiq.py ....                                     [ 40%]
    tests/contrib/test_azure.py .......                                      [ 44%]
    tests/contrib/test_digitalocean.py .....                                 [ 46%]
    tests/contrib/test_discord.py ....                                       [ 48%]
    tests/contrib/test_dropbox.py ........                                   [ 53%]
    tests/contrib/test_facebook.py .....                                     [ 55%]
    tests/contrib/test_fitbit.py ...                                         [ 57%]
    tests/contrib/test_github.py ...                                         [ 58%]
    tests/contrib/test_gitlab.py ......                                      [ 61%]
    tests/contrib/test_google.py .............                               [ 68%]
    tests/contrib/test_heroku.py ...                                         [ 70%]
    tests/contrib/test_jira.py .......                                       [ 73%]
    tests/contrib/test_linkedin.py ...                                       [ 75%]
    tests/contrib/test_meetup.py ....                                        [ 77%]
    tests/contrib/test_nylas.py ...                                          [ 79%]
    tests/contrib/test_osm.py ...                                            [ 80%]
    tests/contrib/test_reddit.py ....                                        [ 82%]
    tests/contrib/test_salesforce.py ........                                [ 86%]
    tests/contrib/test_slack.py .........                                    [ 91%]
    tests/contrib/test_spotify.py ...                                        [ 93%]
    tests/contrib/test_strava.py ...                                         [ 94%]
    tests/contrib/test_twitch.py ...                                         [ 96%]
    tests/contrib/test_twitter.py ...                                        [ 97%]
    tests/contrib/test_zoho.py ...                                           [ 99%]
    tests/fixtures/test_pytest.py E                                          [100%]
    
    ==================================== ERRORS ====================================
    _______________________ ERROR at setup of test_home_page _______________________
    file /<<PKGBUILDDIR>>/tests/fixtures/test_pytest.py, line 44
      @pytest.mark.usefixtures("betamax_record_flask_dance")
      def test_home_page(app):
    E       fixture 'betamax_record_flask_dance' not found
    >       available fixtures: app, betamax_parametrized_recorder, betamax_parametrized_session, betamax_recorder, betamax_session, cache, capfd, capfdbinary, caplog, capsys, capsysbinary, class_mocker, doctest_namespace, flask_dance_sessions, mocker, module_mocker, monkeypatch, package_mocker, pytestconfig, record_property, record_testsuite_property, record_xml_attribute, recwarn, responses, session_mocker, tmp_path, tmp_path_factory, tmpdir, tmpdir_factory
    >       use 'pytest --fixtures [testpath]' for help on them.
    
    

    D'you have any idea how to get this working? TIA! \o/

    opened by utkarsh2102 8
  • Oauth using github gives page not found

    Oauth using github gives page not found

    Redirects 404 page.

    @app.route('/github')
    def github_login():
        if not github.authorized:
            return redirect(url_for('github.login'))
    
        account_info = github.get('/user')
    
        if account_info.ok:
            account_info_json = account_info.json()
    
            return '<h1>Your Github name is {}'.format(account_info_json['login'])
    
        return '<h1>Request failed!</h1>'
    
    opened by blpraveen 2
  • getting flask-dance to auto refresh my expired tokens

    getting flask-dance to auto refresh my expired tokens

    Hi,

    I'm using the fitbit flask-dance contributed module. All is good, but when my token expires, then i would like to configure flask-dance and requests-oauthlib to automatically refresh the token if expired.

    To do that with fitbit oauth, i use the same token url, but need to supply it with different body:

    Authorization: Basic Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=
    Content-Type: application/x-www-form-urlencoded
    
    grant_type=refresh_token&refresh_token=abcdef01234567890abcdef01234567890abcdef01234567890abcdef0123456
    

    The authorization header is "Basic " + base64 encoded "client_id:client_secret". the body has grant_type and includes the refresh token.

    I see that requests_oauthlib does have the mechanism to automatically refresh the token, see https://github.com/requests/requests-oauthlib/blob/master/requests_oauthlib/oauth2_session.py#L405 for example.

    and it does check for expired tokens.

    my question is: how can i configure the flask-dance fitbit module so that it does the right thing. All i see are two parameters, fitbit_bp.auto_refresh_url and fitbit_bp.auto_refresh_kwargs (see https://github.com/singingwolfboy/flask-dance/blob/main/flask_dance/contrib/fitbit.py )

    i set fitbit_bp.auto_refresh_url to the current url for refreshing the tokens, and i tried setting fitbit_bp.auto_refresh_kwargs in a few different ways, but i'm just not getting a valid response.

    any help is greatly appreciated. thanks in advance...

    k

    opened by lila 2
  • CSRF Warning! State not equal in request and response.

    CSRF Warning! State not equal in request and response.

    Screen Shot 2022-05-20 at 11 12 28 AM I found this issue when trying to localtunneling for testing my local env. In local env, everything works ok.

    But concerned in production for someone else spotted this too: https://community.auth0.com/t/non-google-users-need-to-login-twice-due-to-csrf-error/77958

    https://github.com/lepture/authlib/issues/376

    oauthlib.oauth2.rfc6749.errors.MismatchingStateError: (mismatching_state) CSRF Warning! State not equal in request and response.

    I have redirect failing:

    opened by gg4u 1
  • Set response_type while using custom provider

    Set response_type while using custom provider

    I was wondering if there is any way to setup response_type while using custom provider. The provider I am using only supports implicit flow hence the requirement. Thanks

    opened by montumodi 0
Releases(v6.2.0)
Owner
David Baumgold
Web developer and technical trainer. Python and Javascript both inspire great ❤️ and great 😭. He/him
David Baumgold
Doing the OAuth dance with style using Flask, requests, and oauthlib.

Flask-Dance Doing the OAuth dance with style using Flask, requests, and oauthlib. Currently, only OAuth consumers are supported, but this project coul

David Baumgold 802 Feb 22, 2021
OAuthlib support for Python-Requests!

Requests-OAuthlib This project provides first-class OAuth library support for Requests. The OAuth 1 workflow OAuth 1 can seem overly complicated and i

null 1.6k Dec 28, 2022
Toolkit for Pyramid, a Pylons Project, to add Authentication and Authorization using Velruse (OAuth) and/or a local database, CSRF, ReCaptcha, Sessions, Flash messages and I18N

Apex Authentication, Form Library, I18N/L10N, Flash Message Template (not associated with Pyramid, a Pylons project) Uses alchemy Authentication Authe

null 95 Nov 28, 2022
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

Authlib The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included. Authlib is compatible with Python2.

Hsiaoming Yang 3.4k Jan 4, 2023
A fully tested, abstract interface to creating OAuth clients and servers.

Note: This library implements OAuth 1.0 and not OAuth 2.0. Overview python-oauth2 is a python oauth library fully compatible with python versions: 2.6

Joe Stump 3k Jan 2, 2023
A Python library for OAuth 1.0/a, 2.0, and Ofly.

Rauth A simple Python OAuth 1.0/a, OAuth 2.0, and Ofly consumer library built on top of Requests. Features Supports OAuth 1.0/a, 2.0 and Ofly Service

litl 1.6k Dec 8, 2022
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

Authlib The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included. Authlib is compatible with Python2.

Hsiaoming Yang 2.3k Feb 17, 2021
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

OAuthLib - Python Framework for OAuth1 & OAuth2 *A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.5+

OAuthlib 2.5k Jan 2, 2023
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

OAuthLib - Python Framework for OAuth1 & OAuth2 *A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.5+

OAuthlib 2.5k Jan 1, 2023
This is a Python library for accessing resources protected by OAuth 2.0.

This is a client library for accessing resources protected by OAuth 2.0. Note: oauth2client is now deprecated. No more features will be added to the l

Google APIs 787 Dec 13, 2022
Phishing Abusing Microsoft 365 OAuth Authorization Flow

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

bigb0ss 11 Dec 11, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

Optiv Security 76 Jan 2, 2023
Local server that gives you your OAuth 2.0 tokens needed to interact with the Conta Azul's API

What's this? This is a django project meant to be run locally that gives you your OAuth 2.0 tokens needed to interact with Conta Azul's API Prerequisi

Fábio David Freitas 3 Apr 13, 2022
A module making it easier to manage Discord oAuth with Quart

quart_discord A module making it easier to manage Discord oAuth with Quart Install pip install git+https://github.com/xelA/quart_discord@master How to

null 5 Oct 27, 2022
Python library for generating a Mastercard API compliant OAuth signature.

oauth1-signer-python Table of Contents Overview Compatibility References Usage Prerequisites Adding the Library to Your Project Importing the Code Loa

null 23 Aug 1, 2022
Plotly Dash plugin to allow authentication through 3rd party OAuth providers.

dash-auth-external Integrate your dashboards with 3rd parties and external OAuth providers. Overview Do you want to build a Plotly Dash app which pull

James Holcombe 15 Dec 11, 2022
User Authentication in Flask using Flask-Login

User-Authentication-in-Flask Set up & Installation. 1 .Clone/Fork the git repo and create an environment Windows git clone https://github.com/Dev-Elie

ONDIEK ELIJAH OCHIENG 31 Dec 11, 2022
Flask JWT Router is a Python library that adds authorised routes to a Flask app.

Read the docs: Flask-JWT-Router Flask JWT Router Flask JWT Router is a Python library that adds authorised routes to a Flask app. Both basic & Google'

Joe Gasewicz 52 Jan 3, 2023
Foundation Auth Proxy is an abstraction on Foundations' authentication layer and is used to authenticate requests to Atlas's REST API.

foundations-auth-proxy Setup By default the server runs on http://0.0.0.0:5558. This can be changed via the arguments. Arguments: '-H' or '--host': ho

Dessa - Open Source 2 Jul 3, 2020