Writing a Two-legged OAuth provider in Django

Question

I'm looking for a tutorial/example/explanation about writing a two-legged provider for OAuth in Django.

It's hard to find documentation about a OAuth provider, and even harder about a two-legged system...

Answer 1

I spent about 3 days trying to figure this out and wanted to provide anyone who can use it with this working example I finally got from the service I was trying to query. It wound up being extremely easy. P.S. Just because someone is using oauth 1.0 doesn't mean that you can't use the oauth2 library.

To get auth2, type pip install oauth2.

In your script, you need:

import oauth2
import time
import urllib2


def build_request(url, method='GET'):
    params = {                                            
        'oauth_version': "1.0",
        'oauth_nonce': oauth2.generate_nonce(),
        'oauth_timestamp': int(time.time())
    }
    consumer = oauth2.Consumer(key='python_test',secret='your_secret')
    params['oauth_consumer_key'] = consumer.key

    req = oauth2.Request(method=method, url=url, parameters=params)
    signature_method = oauth2.SignatureMethod_HMAC_SHA1()
    req.sign_request(signature_method, consumer, None)
    return req

Calling the function and viewing the output looks like this:

request = build_request('http://demo.echo360.com/ess/scheduleapi/v1/terms')
u = urllib2.urlopen(request.to_url())
print u.readlines()

Answer 2

'2 legged' is just normal OAuth request without an access token or access token secret. That's it. You still use the client credentials (identifier and secret) but use empty strings for the access token parameters. Depending on the server library you use, you can omit the oauth_token parameter when making the request.

Answer 3

This is a good starting article: http://philipsoutham.com/post/2172924723/two-legged-oauth-in-python

Two-legged OAuth for Piston: https://github.com/gregbayer/django-piston-two-legged-oauth