I need to make an api in pyramid and i think oauth2 would be good to implement not to reinvent the wheel, already installed pyramid_oauth2 package but not sure about documentation or examples. Somebody knows any good resource? a github project or something for a oauth2 service provider would be nice.
Asked
Active
Viewed 631 times
1 Answers
1
If you're talking about my package, here is a sample from my website. It's still pretty experimental but it's supposed to work with facebook and some other oauth2 providers. Unfortunately, twitter as a matter of fact is only oauth1.0 which is a problem.
So you need to include pyramid_oauth2 like that
config.include('pyramid_oauth2')
Or within the config.ini file.
Then you can add that somewhere else after the config is being included:
config.add_oauth2_provider(
Provider(
'vkontakte',
'client_id',
'client_secret',
'https://api.vk.com/oauth/authorize',
'https://oauth.vk.com/access_token'
)
)
This will create a path to /oauth/vkontakte/authenticate. This is where the request start for the redirect flow. Then it will redirect to the authorize url and it also creates a /oauth/vkontakte/callback Which receives the code. Then it send back that code to the access_token path.
If something isn't working feel free to report some problems, It's possible to send extra parameters to the Provider constructor such as scope etc. At the moment these parameters are send for all request to the server.
Oh and you have to provide a callback function to the provider. I'll update the answer with an example with a callback etc.
If it's still isn't clear, I can make a little sample app with facebook and push it on github today or tomorrow.
The callback is just a callable that receive request and data, the access token should be contained in data.
I had in mind that how you get the access token should be straightforward and once you receive the access token, it should be possible to execute some standart callback to register with an oauth api and so on. I believe that not everybody are looking for oauth only for authentication to a site like facebook connect and so on. One might be interested to use the access_token for more than just auth. Also since pyramid isn't about sqlalchemy and other databases, it doesn't enforce anything. In other word implementing it with ZODB, SQLAlchemy should be easy.
I believe the flow is actually pretty simple and I'm not actually(I guess) implementing oauth2 yet correctly for the current client flow. Some attributes are missing like grant_type and so on. They can be passed as extra arguments but depending on the oauth2 server, it might not work ok everywhere.
btw, I'm looking to add providers to the ini file so they can be loaded from there instead of within code. That way you'll be able to maintain different app for dev, prod etc.
Loïc Faure-Lacroix
- 13,220
- 6
- 67
- 99
-
1thanks for the package, nice work, appreciate your detailed response but i am guessing this is for client side..., what i mean is server side, i am making the api, the most close article i found was this one: http://philipsoutham.com/post/2172924723/two-legged-oauth-in-python – Raul Gomez Aug 03 '12 at 15:47
-
keep in mind that python-oauth2 is actually a oauth1.0 package as far as I can tell. it's called 2 because it's a replacement for python-oauth. After I read the docs, I didn't find anything about oauth2 that's why I created that package above. Can't work full time on it yet but might be doing something soon as I might need a oauth2 server soon – Loïc Faure-Lacroix Aug 09 '12 at 10:38
-
i just read this interesting article you should look at if not already: http://pydanny.com/the-sorry-state-of-python-oauth-providers.html , maybe some people there could also help out in the project – Raul Gomez Aug 10 '12 at 14:40
-
look at this, with the same name...: http://code.google.com/p/pyramid-oauth2/, seems somewhat outdated but more what i am looking for, maybe you could integrate it – Raul Gomez Aug 15 '12 at 00:41
-
Yes I looked at it, and I guess I can scavenge parts of it. Thanks for pointing that out – Loïc Faure-Lacroix Aug 15 '12 at 13:03