oauth_dropins
Reference documentation.
blogger
Blogger v2 GData API OAuth drop-in.
Blogger API docs: https://developers.google.com/blogger/docs/2.0/developers_guide_protocol
Python GData API docs: http://gdata-python-client.googlecode.com/hg/pydocs/gdata.blogger.data.html
Uses requests-oauthlib to auth via Google Sign-In’s OAuth 2: https://requests-oauthlib.readthedocs.io/
Known issues:
If the user approves the OAuth prompt but has no Blogger blogs, we redirect to the callback with
declined=True
, which is wrong.
- class oauth_dropins.blogger.BloggerV2Auth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Blogger user.
Provides methods that return information about this user (or page) and make OAuth-signed requests to the Blogger API. Stores OAuth credentials in the datastore. See
models.BaseAuth
for usage details.Blogger-specific details: implements
api()
but noturlopen()
.api()
returns agdata.blogger.client.BloggerClient
. The datastore entity key name is the Blogger user id.
- class oauth_dropins.blogger.Scopes[source]
Bases:
object
https://developers.google.com/blogger/docs/2.0/developers_guide_protocol#OAuth2Authorizing (the scope for the v3 API is
https://www.googleapis.com/auth/blogger
)
- class oauth_dropins.blogger.Start(to_path, scopes=None)[source]
-
Connects a Blogger account. Authenticates via OAuth.
disqus
Disqus OAuth drop-in.
Disqus API docs: https://disqus.com/api/docs/
This drop-in is even more similar to Instagram than Instagram is to Facebook. Differences:
urlopen must pass the
api_key
with each request (in addition to theaccess_token
)Response to access_token does not give much information about the user, so we additionally fetch
/user/details
before savingDeny appears to be broken on Disqus’s side (clicking “No Thanks” has no effect), so we ignore that possibility for now.
TODO: unify Disqus, Facebook, and Instagram
- class oauth_dropins.disqus.DisqusAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Disqus user.
Provides methods that return information about this user (or page) and make OAuth-signed requests to Instagram’s HTTP-based APIs. Stores OAuth credentials in the datastore. See
models.BaseAuth
for usage details.Disqus-specific details: implements
urlopen()
but notapi()
. The key name is the Disqus user id.
- class oauth_dropins.disqus.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Disqus auth. Requests an auth code and expects a redirect back.
- class oauth_dropins.disqus.Callback(to_path, scopes=None)[source]
Bases:
Callback
The auth callback. Fetches an access token, stores it, and redirects home.
dropbox
Dropbox OAuth drop-in.
Standard OAuth 2.0 flow. Docs:
https://www.dropbox.com/developers/documentation/http/overview
https://www.dropbox.com/developers/documentation/http/documentation#authorization
- class oauth_dropins.dropbox.DropboxAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Dropbox user or page.
Provides methods that return information about this user (or page) and make OAuth-signed requests to Dropbox’s HTTP-based APIs. Stores OAuth credentials in the datastore. See
models.BaseAuth
for usage details.Implements
urlopen()
but notapi()
.
- class oauth_dropins.dropbox.DropboxCsrf(**kwargs)[source]
Bases:
Model
Stores a CSRF token for the Dropbox OAuth2 flow.
- class oauth_dropins.dropbox.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Dropbox auth. Requests an auth code and expects a redirect back.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
facebook
Facebook OAuth drop-in.
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
- class oauth_dropins.facebook.FacebookAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Facebook user or page.
Provides methods that return information about this user (or page) and make OAuth-signed requests to Facebook’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
Facebook-specific details: implements
urlopen()
but notapi()
. The key name is the user’s or page’s Facebook ID.- urlopen(url, **kwargs)[source]
Wraps
models.BaseAuth.urlopen()
and adds OAuth credentials to the request.
- for_page(page_id)[source]
Returns a new, unsaved
FacebookAuth
entity for a page inpages_json
.The returned entity’s properties will be populated with the page’s data. access_token will be the page access token,
user_json
will be the page object, andpages_json
will be a single-element list with the page.If
page_id
is not inpages_json
, returns None.- Parameters:
page_id (str) – Facebook page id
- is_authority_for(key)[source]
Additionally check if the key represents a Page that this user has authority over.
- Parameters:
auth_entity_key (google.cloud.ndb.key.Key) –
- Returns:
True if key represents this user or one of the user’s pages.
- Return type:
- class oauth_dropins.facebook.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Facebook auth. Requests an auth code and expects a redirect back.
- class oauth_dropins.facebook.Callback(to_path, scopes=None)[source]
Bases:
Callback
The auth callback. Fetches an access token, stores it, and redirects home.
- dispatch_request()[source]
The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.
flickr
Flickr OAuth drop-in.
Uses oauthlib directly to authenticate and sign requests with OAuth 1.0 credentials. https://www.flickr.com/services/api/auth.oauth.html
Note that when users decline Flickr’s OAuth prompt by clicking the Cancel button, Flickr redirects them to its home page, not to us.
- class oauth_dropins.flickr.FlickrAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Flickr user.
Provides methods that return information about this user and make OAuth-signed requests to the Flickr API. Stores OAuth credentials in the datastore. Key is the Flickr user ID. See models.BaseAuth for usage details.
- urlopen(url, **kwargs)[source]
Wraps urllib.request.urlopen() and adds OAuth credentials to the request.
Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.
The arguments, return value (urllib.request.Response), and exceptions raised (urllib.error.URLError) are the same as urllib2.urlopen.
- class oauth_dropins.flickr.Start(to_path, scopes=None)[source]
Bases:
Start
Starts three-legged OAuth with Flickr.
Fetches an OAuth request token, then redirects to Flickr’s auth page to request an access token.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
flickr_auth
Utility functions for calling signed Flickr API methods.
Supports Python 3. Should not depend on App Engine API or SDK packages.
- oauth_dropins.flickr_auth.signed_urlopen(url, token_key, token_secret, **kwargs)[source]
Call
urllib.request.urlopen()
, signing the request with Flickr credentials.- Parameters:
- Returns:
the file-like object that is the result of
urllib.request.urlopen()
- oauth_dropins.flickr_auth.call_api_method(method, params, token_key, token_secret)[source]
Call a Flickr API method.
Flickr has one API endpoint, where different methods are called by name.
If the
stat
field containsfail
, then this method creates an artificial HTTPError 400 or 401 depending on the type of failure.
- oauth_dropins.flickr_auth.upload(params, file, token_key, token_secret)[source]
Upload a photo or video to this user’s Flickr account.
Flickr uploads use their own API endpoint, that returns only XML. https://www.flickr.com/services/api/upload.api.html
Unlike
call_api_method()
, this uses the requests library becauseurllib
doesn’t support multi-part POSTs on its own.- Parameters:
- Returns:
contains the photo id as
id
- Return type:
- Raises:
requests.HTTPError – on HTTP error
urllib.error.HTTPError – if we get a
stat=fail
response from Flickr
github
GitHub OAuth drop-in.
API docs:
- class oauth_dropins.github.GitHubAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated GitHub user.
Provides methods that return information about this user and make OAuth-signed requests to the GitHub REST API. Stores OAuth credentials in the datastore. See
models.BaseAuth
for usage details.GitHub-specific details: implements
get()
but noturlopen()
, orapi()
. The key name is the username.- get(*args, **kwargs)[source]
Wraps
requests.get()
and adds the Bearer token header.TODO: unify with medium.py.
- post(*args, **kwargs)[source]
Wraps
requests.post()
and adds theBearer
token header.TODO: unify with medium.py.
- class oauth_dropins.github.Start(to_path, scopes=None)[source]
Bases:
Start
Starts GitHub auth. Requests an auth code and expects a redirect back.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
google_signin
Google Sign-In OAuth drop-in.
Google Sign-In API docs: https://developers.google.com/identity/protocols/OAuth2WebServer
Python API client docs: https://developers.google.com/api-client-library/python/
requests-oauthlib docs:
- class oauth_dropins.google_signin.GoogleUser(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Google user.
Provides methods that return information about this user and make OAuth-signed requests to Google APIs. Stores OAuth credentials in the datastore. See
models.BaseAuth
for usage details.To make Google API calls: https://google-auth.readthedocs.io/
- class oauth_dropins.google_signin.Start(to_path, scopes=None)[source]
Bases:
Scopes
,Start
Starts the OAuth flow.
- LABEL = 'Google'
//developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth
- Type:
https
indieauth
IndieAuth drop-in.
https://indieauth.com/developers
- oauth_dropins.indieauth.discover_endpoint(rel, resp)[source]
Fetch a URL and look for the
rel
Link header or HTML value.- Parameters:
rel (str) – rel name to look for
resp (requests.Response) – response to look in
- Returns:
discovered rel value, or None if no endpoint was discovered
- Return type:
- oauth_dropins.indieauth.build_user_json(me)[source]
Returns a JSON dict with
h-card
,rel-me
links, andme
value.- Parameters:
me (str) – URL of the user
resp (requests.Response) – response to use
- Returns:
keys include
me
, the URL for this person;h-card
, the representative h-card for this page;rel-me
, a list of rel-me URLs found at this page- Return type:
- class oauth_dropins.indieauth.IndieAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated IndieAuth user.
Provides methods that return information about this user. Stores credentials in the datastore. Key is the authed
me
URL value. Seemodels.BaseAuth
for usage details.
- class oauth_dropins.indieauth.Start(to_path, scopes=None)[source]
Bases:
Start
Starts the IndieAuth flow. Requires the
me
parameter with the user URL that we want to authenticate.- redirect_url(state=None, me=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
instagram
Instagram OAuth drop-in.
Instagram API docs: http://instagram.com/developer/endpoints/
Almost identical to Facebook, except the access token request has code and grant_type query parameters instead of just auth_code, the response has a user object instead of id, and the call to GET_ACCESS_TOKEN_URL is a POST instead of a GET. TODO: unify them.
- class oauth_dropins.instagram.InstagramAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Instagram user or page.
Provides methods that return information about this user (or page) and make OAuth-signed requests to Instagram’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
Instagram-specific details: implements urlopen() but not api(). The key name is the Instagram username.
- class oauth_dropins.instagram.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Instagram auth. Requests an auth code and expects a redirect back.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
linkedin
LinkedIn OAuth drop-in.
API docs: https://www.linkedin.com/developers/ https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin
- class oauth_dropins.linkedin.LinkedInAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated LinkedIn user.
Provides methods that return information about this user and make OAuth-signed requests to the LinkedIn REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
Implements get() but not urlopen() or api(). The key name is the ID (a URN).
Note that LI access tokens can be over 500 chars (up to 1k!), so they need to be TextProperty instead of StringProperty. https://docs.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/consumer/context#access-token-response
- class oauth_dropins.linkedin.Start(to_path, scopes=None)[source]
Bases:
Start
Starts LinkedIn auth. Requests an auth code and expects a redirect back.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
mastodon
Mastodon OAuth drop-in.
Mastodon is an ActivityPub implementation, but it also has a REST + OAuth 2 API independent of AP.
API docs: https://docs.joinmastodon.org/api/
Interestingly: as usual w/OAuth, they require registering apps beforehand…but since AP and Mastodon are decentralized, there’s no single place to register an app. So they have an API for registering apps, per instance: https://docs.joinmastodon.org/api/authentication/ Surprising, and unusual, but makes sense.
- class oauth_dropins.mastodon.MastodonApp(**kwargs)[source]
Bases:
Model
A Mastodon API OAuth2 app registered with a specific instance.
- class oauth_dropins.mastodon.MastodonLogin(**kwargs)[source]
Bases:
Model
An in-progress Mastodon OAuth login. Ephemeral.
Stores the state query parameter across the three-way OAuth user login process. Only needed as a workaround for a long-standing Mastodon/Doorkeeper configuration bug: https://github.com/snarfed/bridgy/issues/911 https://github.com/mastodon/mastodon/issues/12915
- class oauth_dropins.mastodon.MastodonAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Mastodon user.
Provides methods that return information about this user and make OAuth-signed requests to the Mastodon REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
Key name is the fully qualified actor address, ie @username@instance.tld.
Mastodon scopes are per access token, so
SCOPES_RESET
is True.Implements get() and post() but not urlopen() or api().
- instance()[source]
Returns the instance base URL, eg https://mastodon.social/.
- class oauth_dropins.mastodon.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Mastodon auth. Requests an auth code and expects a redirect back.
- DEFAULT_SCOPE
string, default OAuth scope(s) to request
- REDIRECT_PATHS
sequence of string URL paths (on this host) to register as OAuth callback (aka redirect) URIs in the OAuth app
- SCOPE_SEPARATOR
string, used to separate multiple scopes
- APP_CLASS
API app datastore class
- EXPIRE_APPS_BEFORE
datetime, if the API client app was created before this, it will be discarded and a new one will be created. Set to the last time you changed something material about the client, eg redirect URLs or scopes.
- APP_CLASS
alias of
MastodonApp
- app_name()[source]
Returns the user-visible name of this application.
To be overridden by subclasses. Displayed in Mastodon’s OAuth prompt.
- app_url()[source]
Returns this application’s web site.
To be overridden by subclasses. Displayed in Mastodon’s OAuth prompt.
- redirect_url(state=None, instance=None)[source]
Returns the local URL for Mastodon to redirect back to after OAuth prompt.
- Parameters:
state – string, user-provided value to be returned as a query parameter in the return redirect
instance – string, Mastodon instance base URL, e.g. ‘https://mastodon.social’. May also be provided in the ‘instance’ request as a URL query parameter or POST body.
Raises: ValueError if instance isn’t a Mastodon instance.
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
- class oauth_dropins.mastodon.Callback(to_path, scopes=None)[source]
Bases:
Callback
The OAuth callback. Fetches an access token and stores it.
- AUTH_CLASS
alias of
MastodonAuth
medium
Medium OAuth drop-in.
API docs: https://github.com/Medium/medium-api-docs#contents https://medium.com/developers/welcome-to-the-medium-api-3418f956552
Medium doesn’t let you use a localhost redirect URL. :/ A common workaround is to map an arbitrary host to localhost in your /etc/hosts, e.g.:
127.0.0.1 my.dev.com
You can then test on your local machine by running dev_appserver and opening http://my.dev.com:8080/ instead of http://localhost:8080/ .
- class oauth_dropins.medium.MediumAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Medium user.
Provides methods that return information about this user and make OAuth-signed requests to the Medium REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
Medium-specific details: implements get() but not urlopen() or api(). The key name is the user id (not username).
- class oauth_dropins.medium.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Medium auth. Requests an auth code and expects a redirect back.
meetup
Meetup.com drop-in.
API docs: https://www.meetup.com/meetup_api/
- oauth_dropins.meetup.urlopen_bearer_token(url, access_token, data=None, **kwargs)[source]
Wraps urlopen() and adds OAuth credentials to the request.
- class oauth_dropins.meetup.MeetupAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Meetup.com user.
Provides methods that return information about this user and make OAuth-signed requests to Meetup’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
Implements urlopen() but not api().
- urlopen(url, **kwargs)[source]
Wraps urllib.request.urlopen() and adds OAuth credentials to the request.
Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.
The arguments, return value (urllib.request.Response), and exceptions raised (urllib.error.URLError) are the same as urllib2.urlopen.
- class oauth_dropins.meetup.MeetupCsrf(**kwargs)[source]
Bases:
Model
Stores a CSRF token for the Meetup.com OAuth2 flow.
- class oauth_dropins.meetup.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Meetup.com auth. Requests an auth code and expects a redirect back.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
models
Base datastore model class for an authenticated account.
- class oauth_dropins.models.BaseAuth(*args, id=None, **kwargs)[source]
Bases:
StringIdModel
Datastore base model class for an authenticated user.
Provides methods that return information about this user and make OAuth-signed requests to the site’s API(s). Stores OAuth credentials in the datastore.
The key name is usually the user’s username or id. If it starts with two underscores (
__
), this class will prefix it with a\
character, since that prefix is not allowed in datastore key names: https://cloud.google.com/datastore/docs/concepts/entitiesMany sites provide additional methods and store additional user information in a JSON property.
- SCOPES_RESET
True if scopes granted to a given user reset to the just the most recent scopes requested, False if they accumulate across auth flows. Currently unused, informational only.
- Type:
- api()[source]
Returns the site-specific Python API object, if any.
Returns None if the site doesn’t have a Python API. Only some do, currently Blogger, Instagram, Google, and Tumblr.
- access_token()[source]
Returns the OAuth access token.
This is a string for OAuth 2 sites or a (string key, string secret) tuple for OAuth 1.1 sites (currently just Twitter and Tumblr).
- urlopen(url, **kwargs)[source]
Wraps urllib.request.urlopen() and adds OAuth credentials to the request.
Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.
The arguments, return value (urllib.request.Response), and exceptions raised (urllib.error.URLError) are the same as urllib2.urlopen.
- is_authority_for(key)[source]
When disabling or modifying an account, it’s useful to re-auth the user to make sure they have have permission to modify that account. Typically this means the auth entity represents the exact same user, but in some cases (e.g., Facebook Pages), a user may control several unique identities. So authenticating as a user should give you authority over their pages.
- Parameters:
key – ndb.Key
- Returns:
boolean, true if key represents the same account as this entity
- class oauth_dropins.models.OAuthRequestToken(**kwargs)[source]
Bases:
StringIdModel
Datastore model class for an OAuth 1.1 request token.
This is only intermediate data. Client should use BaseAuth subclasses to make API calls.
The key name is the token key.
- class oauth_dropins.models.PkceCode(**kwargs)[source]
Bases:
StringIdModel
An OAuth2 PKCE code challenge and code verifier.
The key name is the state query param value.
pixelfed
Pixelfed OAuth drop-in.
Pixelfed’s API is a clone of Mastodon’s v1 API: https://docs.pixelfed.org/technical-documentation/api-v1.html
- class oauth_dropins.pixelfed.PixelfedApp(**kwargs)[source]
Bases:
MastodonApp
A Pixelfed API OAuth2 app registered with a specific instance.
- class oauth_dropins.pixelfed.PixelfedAuth(*args, id=None, **kwargs)[source]
Bases:
MastodonAuth
An authenticated Pixelfed user.
- class oauth_dropins.pixelfed.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Pixelfed auth. Requests an auth code and expects a redirect back.
- APP_CLASS
alias of
PixelfedApp
- class oauth_dropins.pixelfed.Callback(to_path, scopes=None)[source]
Bases:
Callback
The OAuth callback. Fetches an access token and stores it.
- AUTH_CLASS
alias of
PixelfedAuth
reddit
reddit OAuth drop-in.
reddit API docs: https://github.com/reddit-archive/reddit/wiki/API https://www.reddit.com/dev/api https://www.reddit.com/prefs/apps
praw API docs: https://praw.readthedocs.io/en/v3.6.0/pages/oauth.html
- class oauth_dropins.reddit.RedditAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated reddit user.
Provides methods that return information about this user and make OAuth-signed requests to the Tumblr API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
reddit-specific details: implements “access_token,” which is really a refresh_token see: https://stackoverflow.com/questions/28955541/how-to-get-access-token-reddit-api The datastore entity key name is the reddit username.
- class oauth_dropins.reddit.Start(to_path, scopes=None)[source]
Bases:
Start
Starts reddit auth. goes directly to redirect. passes to_path in “state”
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
- class oauth_dropins.reddit.Callback(to_path, scopes=None)[source]
Bases:
Callback
OAuth callback. Only ensures that identity access was granted.
- oauth_dropins.reddit.praw_to_user(user)[source]
Converts a PRAW user to a dict user.
- Parameters:
user –
praw.models.Redditor
Note 1: accessing redditor attributes lazily calls reddit API Note 2: if user.is_suspended is True, other attributes will not exist Note 3: subreddit refers to a user profile (stored as a subreddit) Ref: https://praw.readthedocs.io/en/latest/code_overview/models/redditor.html
Returns: dict
- Raises:
prawcore.exceptions.NotFound –
deleted –
tumblr
Tumblr OAuth drop-in.
API docs: http://www.tumblr.com/docs/en/api/v2 http://www.tumblr.com/oauth/apps
- class oauth_dropins.tumblr.TumblrAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Tumblr user.
Provides methods that return information about this user and make OAuth-signed requests to the Tumblr API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
Tumblr-specific details: implements api() but not urlopen(). api() returns a tumblpy.Tumblpy. The datastore entity key name is the Tumblr username.
- class oauth_dropins.tumblr.Start(to_path, scopes=None)[source]
Bases:
Start
Starts Tumblr auth. Requests an auth code and expects a redirect back.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
twitter
Twitter OAuth drop-in.
TODO: port to http://code.google.com/p/oauth/source/browse/#svn%2Fcode%2Fpython . tweepy is just a wrapper around that anyway.
- class oauth_dropins.twitter.TwitterAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated Twitter user.
Provides methods that return information about this user and make OAuth-signed requests to the Twitter v1.1 API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
Twitter-specific details: implements api(), get(), and post(). api() returns a tweepy.API; get() and post() wrap the corresponding requests methods. The datastore entity key name is the Twitter username.
- class oauth_dropins.twitter.Start(to_path, scopes=None, access_type=None)[source]
Bases:
Start
Starts three-legged OAuth with Twitter.
Fetches an OAuth request token, then redirects to Twitter’s auth page to request an access token.
- access_type
optional, ‘read’ or ‘write’. Passed through to Twitter as x_auth_access_type. If the twitter app has read/write or read/write/dm permissions, this lets you request a read-only token. Details: https://dev.twitter.com/docs/api/1/post/oauth/request_token
twitter_auth
Utility functions for generating Twitter OAuth headers and making API calls.
This is a separate module from twitter.py so that projects like granary can use it without pulling in App Engine dependencies.
Supports Python 3. Should not depend on App Engine API or SDK packages.
- oauth_dropins.twitter_auth.auth_header(url, token_key, token_secret, method='GET')[source]
Generates an Authorization header and returns it in a header dict.
- Parameters:
url – string
token_key – string
token_secret – string
method – string
- Returns:
single element with key ‘Authorization’
- Return type:
twitter_v2
Twitter OAuth 2 drop-in.
https://developer.twitter.com/en/docs/authentication/oauth-2-0/user-access-token https://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code https://developer.twitter.com/en/docs/authentication/api-reference/token
- class oauth_dropins.twitter_v2.TwitterOAuth2(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An OAuth2-authenticated Twitter user.
Provides methods that return information about this user and store OAuth 2 tokens in the datastore. See models.BaseAuth for usage details.
The datastore entity key name is the Twitter username.
- session()[source]
Returns a
requests_oauthlib.OAuth2Session
.
- class oauth_dropins.twitter_v2.Start(to_path, scopes=None)[source]
Bases:
Start
Starts three-legged OAuth with Twitter.
Redirects to Twitter’s auth prompt for user approval.
views
Base OAuth flow views. Clients should use the individual site modules.
Example usage:
app = Flask()
app.add_url_rule('/start',
view_func=twitter.Start.as_view('start', '/callback'),
methods=['POST'])
app.add_url_rule('/callback',
view_func=twitter.Callback.as_view('callback', '/after'))
- class oauth_dropins.views.BaseView(to_path, scopes=None)[source]
Bases:
View
Base view class. Provides the to() factory method.
- classmethod make_scope_str(extra)[source]
Returns an OAuth scopes query parameter value.
Combines
DEFAULT_SCOPE
and extra.- Parameters:
extra (sequence of str, or None) –
- class oauth_dropins.views.Start(to_path, scopes=None)[source]
Bases:
BaseView
Base class for starting an OAuth flow.
Users should use the
to()
class method when using this view in a WSGI application. See the file docstring for details.If the
state
query parameter is provided in the request data, it will be returned to the client in the OAuth callback view. If thescope
query parameter is provided, it will be added to the existing OAuth scopes.Alternatively, clients may call
redirect_url()
and HTTP 302 redirect to it manually, which will start the same OAuth flow.- dispatch_request()[source]
The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(to_path, form_classes='', form_method='post', form_extra='', image_prefix='', image_file=None, input_style='', scopes='', outer_classes='')[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type:
- class oauth_dropins.views.Callback(to_path, scopes=None)[source]
Bases:
BaseView
Base OAuth callback view.
Users can use
to()
when using this view in a WSGI application to make it redirect to a given URL path on completion. See the file docstr for details.Alternatively, you can subclass it and implement
finish()
, which will be called in the OAuth callback request directly, after the user has been authenticated.The auth entity and optional state parameter provided to Start will be passed to
finish()
or as query parameters to the redirect URL.- finish(auth_entity, state=None)[source]
Called when the OAuth flow is complete. Clients may override.
- Parameters:
auth_entity (models.BaseAuth) – resulting auth entity, or None if the user declined the site’s OAuth authorization request.
state (str) – passed to
Start.redirect_url()
- Return type:
wordpress_rest
WordPress.com OAuth drop-in.
API docs:
Note that unlike Blogger and Tumblr, WordPress.com’s OAuth tokens are per blog. It asks you which blog to use on its authorization page.
Also, wordpress.com doesn’t let you use an oauth redirect URL with “local” or “localhost” anywhere in it. A common workaround is to map an arbitrary host to localhost in your /etc/hosts, e.g.:
127.0.0.1 my.dev.com
You can then test on your local machine by running dev_appserver and opening http://my.dev.com:8080/ instead of http://localhost:8080/ .
- class oauth_dropins.wordpress_rest.WordPressAuth(*args, id=None, **kwargs)[source]
Bases:
BaseAuth
An authenticated WordPress user or page.
Provides methods that return information about this user (or page) and make OAuth-signed requests to the WordPress REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.
WordPress-specific details: implements
urlopen()
but notapi()
. The key name is the blog hostname.- urlopen(url, **kwargs)[source]
Wraps
urllib.request.urlopen()
and adds OAuth credentials to the request.
- class oauth_dropins.wordpress_rest.Start(to_path, scopes=None)[source]
Bases:
Start
Starts WordPress auth. Requests an auth code and expects a redirect back.
- redirect_url(state=None)[source]
Returns the local URL for the OAuth service to redirect back to.
Subclasses must implement this.
- Parameters:
state (str) – user-provided value to be returned as a query parameter in the return redirect
- classmethod button_html(*args, **kwargs)[source]
Returns an HTML string with a login form and button for this site.
- Parameters:
to_path (str) – path or URL for the form to POST to
form_classes (str) – optional, HTML classes to add to the <form>
form_classes – optional, HTML classes to add to the outer <div>
form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’
form_extra (str) – optional, extra HTML to insert inside the <form> before the button
scopes (str) – optional, OAuth scopes to override site’s default(s)
image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’
image_file (str) – optional, image filename. defaults to [cls.NAME].png
input_style (str) – optional, inline style to apply to the button <input>
- Return type: