Providers

Providers are abstractions of the provider party of the provider/consumer/user triangle and they are the very core of this library. There is no reason for you to instantiate them manually. You only should specify them in the Config and access members of their instances available in the LoginResult returned by the authomatic.login() function.

Some provider types accept additional keyword arguments in their constructor which you can pass to them through the authomatic.login() function’s keyword arguments or through the Config like this:

Note

Keyword arguments passed through authomatic.login() will override the values set in Config.

CONFIG = {
    'facebook': {
        'class_': oauth2.Facebook, # Subclass of AuthorizationProvider

        # AuthorizationProvider specific keyword arguments:
        'short_name': 1,
        'consumer_key': '###################',
        'consumer_secret': '###################',

        # oauth2.OAuth2 specific keyword arguments:
        'scope': ['user_about_me', 'email']
     },
     'openid': {
         'class_': openid.OpenID, # Subclass of AuthenticationProvider

         # AuthenticationProvider specific keyword arguments:
         'identifier_param': 'claimed_id',

         # openid.OpenID specific keyword arguments:
         'use_realm': True,
         'realm_body': 'OpenID Realm.',
         'realm_param': 'r',
         'xrds_param': 'x',
         'sreg': ['nickname', 'email'],
         'sreg_required': ['email'],
         'ax': ['http://axschema.org/contact/email', 'http://axschema.org/namePerson'],
         'ax_required': ['http://axschema.org/contact/email'],
         'pape': ['http://schemas.openid.net/pape/policies/2007/06/multi-factor']
    },
}

Additional keyword arguments by provider type:

Provider Type Argument Name Required  
OAuth2 consumer_key yes  
consumer_secret yes  
short_name yes  
scope    
offline    
user_authorization_params    
access_token_params    
popup    
OAuth1 consumer_key yes  
consumer_secret yes  
short_name yes  
request_token_params    
user_authorization_params    
access_token_params    
popup    
OpenID identifier_param    
use_realm    
realm_body    
realm_param    
xrds_param    
sreg    
sreg_required    
ax    
ax_required    
pape    
popup    
GAEOpenID identifier_param    
popup    

Available provider classes:

OAuth 2.0 OAuth 1.0a OpenID  
oauth2.Behance oauth1.Bitbucket openid.OpenID  
oauth2.Bitly oauth1.Flickr openid.Yahoo  
oauth2.Cosm oauth1.Meetup openid.Google  
oauth2.DeviantART oauth1.Plurk gaeopenid.GAEOpenID  
oauth2.Facebook oauth1.Twitter gaeopenid.Yahoo  
oauth2.Foursquare oauth1.Tumblr gaeopenid.Google  
oauth2.GitHub oauth1.UbuntuOne    
oauth2.Google oauth1.Vimeo    
oauth2.LinkedIn oauth1.Xero    
oauth2.PayPal oauth1.Yahoo    
oauth2.Reddit      
oauth2.Viadeo      
oauth2.VK      
oauth2.WindowsLive      
oauth2.Yammer      
oauth2.Yandex      

OAuth 2.0 Providers

Providers which implement the OAuth 2.0 protocol.

OAuth2(*args, **kwargs) Base class for OAuth 2.0 providers.
Behance(*args, **kwargs) Behance OAuth 2.0 provider.
Bitly(*args, **kwargs) Bitly OAuth 2.0 provider.
Cosm(*args, **kwargs) Cosm OAuth 2.0 provider.
DeviantART(*args, **kwargs) DeviantART OAuth 2.0 provider.
Facebook(*args, **kwargs) Facebook OAuth 2.0 provider.
Foursquare(*args, **kwargs) Foursquare OAuth 2.0 provider.
GitHub(*args, **kwargs) GitHub OAuth 2.0 provider.
Google(*args, **kwargs) Google OAuth 2.0 provider.
LinkedIn(*args, **kwargs) Linked In OAuth 2.0 provider.
PayPal(*args, **kwargs) PayPal OAuth 2.0 provider.
Reddit(*args, **kwargs) Reddit OAuth 2.0 provider.
Viadeo(*args, **kwargs) Viadeo OAuth 2.0 provider.
VK(*args, **kwargs) VK.com OAuth 2.0 provider.
WindowsLive(*args, **kwargs) Windows Live OAuth 2.0 provider.
Yammer(*args, **kwargs) Yammer OAuth 2.0 provider.
Yandex(*args, **kwargs) Yandex OAuth 2.0 provider.
class authomatic.providers.oauth2.OAuth2(*args, **kwargs)[source]

Base class for OAuth 2.0 providers.

Accepts additional keyword arguments:

Parameters:
  • scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec.
  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

user_info_scope = []

A scope preset to get most of the user info. Use it in the Config like {'scope': oauth2.Facebook.user_info_scope}.

supports_csrf_protection = True

bool If False, the provider doesn’t support CSRF protection.

classmethod create_request_elements(request_type, credentials, url, method='GET', params=None, headers=None, body='', secret=None, redirect_uri='', scope='', csrf='')[source]

Creates OAuth 2.0 request elements.

classmethod refresh_credentials(credentials)[source]

Refreshes Credentials if it gives sense.

Parameters:credentialsCredentials to be refreshed.
Returns:Response.
class authomatic.providers.oauth2.Behance(*args, **kwargs)[source]

Behance OAuth 2.0 provider.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Bitly(*args, **kwargs)[source]

Bitly OAuth 2.0 provider.

Warning

This provider doesn’t support CSRF protection!

class authomatic.providers.oauth2.Cosm(*args, **kwargs)[source]

Cosm OAuth 2.0 provider.

Note

Cosm doesn’t provide any user info URL.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.DeviantART(*args, **kwargs)[source]

DeviantART OAuth 2.0 provider.

class authomatic.providers.oauth2.Facebook(*args, **kwargs)[source]

Facebook OAuth 2.0 provider.

class authomatic.providers.oauth2.Foursquare(*args, **kwargs)[source]

Foursquare OAuth 2.0 provider.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.GitHub(*args, **kwargs)[source]

GitHub OAuth 2.0 provider.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Google(*args, **kwargs)[source]

Google OAuth 2.0 provider.

class authomatic.providers.oauth2.LinkedIn(*args, **kwargs)[source]

Linked In OAuth 2.0 provider.

Note

Doesn’t support access token refreshment.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.PayPal(*args, **kwargs)[source]

PayPal OAuth 2.0 provider.

Warning

Paypal doesn’t redirect the user to authorize your app! It grants you an access token based on your app’s key and secret instead.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Reddit(*args, **kwargs)[source]

Reddit OAuth 2.0 provider.

Note

Currently credentials refreshment returns {"error": "invalid_request"}.

class authomatic.providers.oauth2.Viadeo(*args, **kwargs)[source]

Viadeo OAuth 2.0 provider.

Note

Viadeo doesn’t support credentials refreshment. As stated in their docs: “The access token has an infinite time to live.”

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.VK(*args, **kwargs)[source]

VK.com OAuth 2.0 provider.

Note

VK uses a bitmask scope! Use it like this:

CONFIG = {
    'vk': {
        'class_': oauth2.VK,
        'consumer_key': '#####',
        'consumer_secret': '#####',
        'id': authomatic.provider_id(),
        'scope': ['1024'] # Always a single item.
    }
}
class authomatic.providers.oauth2.WindowsLive(*args, **kwargs)[source]

Windows Live OAuth 2.0 provider.

class authomatic.providers.oauth2.Yammer(*args, **kwargs)[source]

Yammer OAuth 2.0 provider.

Warning

This provider doesn’t support CSRF protection!

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Yandex(*args, **kwargs)[source]

Yandex OAuth 2.0 provider.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

OAuth 1.0a Providers

Providers which implement the OAuth 1.0a protocol.

OAuth1(*args, **kwargs) Base class for OAuth 1.0a providers.
Bitbucket(*args, **kwargs) Bitbucket OAuth 1.0a provider.
Flickr(*args, **kwargs) Flickr OAuth 1.0a provider.
Meetup(*args, **kwargs) Meetup OAuth 1.0a provider.
Plurk(*args, **kwargs) Plurk OAuth 1.0a provider.
Twitter(*args, **kwargs) Twitter OAuth 1.0a provider.
Tumblr(*args, **kwargs) Tumblr OAuth 1.0a provider.
UbuntuOne(*args, **kwargs) Ubuntu One OAuth 1.0a provider.
Vimeo(*args, **kwargs) Vimeo OAuth 1.0a provider.
Xero(*args, **kwargs) Xero OAuth 1.0a provider.
Yahoo(*args, **kwargs) Yahoo OAuth 1.0a provider.
class authomatic.providers.oauth1.OAuth1(*args, **kwargs)[source]

Base class for OAuth 1.0a providers.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
request_token_url[source]

str URL where we can get the OAuth 1.0a request token. see http://oauth.net/core/1.0a/#auth_step1.

classmethod create_request_elements(request_type, credentials, url, params=None, headers=None, body='', method='GET', verifier='', callback='')[source]

Creates OAuth 1.0a request elements.

class authomatic.providers.oauth1.Bitbucket(*args, **kwargs)[source]

Bitbucket OAuth 1.0a provider.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Flickr(*args, **kwargs)[source]

Flickr OAuth 1.0a provider.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Meetup(*args, **kwargs)[source]

Meetup OAuth 1.0a provider.

Note

Meetup also supports OAuth 2.0 but you need the user ID to update the user info, which they don’t provide in the OAuth 2.0 access token response.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Plurk(*args, **kwargs)[source]

Plurk OAuth 1.0a provider.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Twitter(*args, **kwargs)[source]

Twitter OAuth 1.0a provider.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Tumblr(*args, **kwargs)[source]

Tumblr OAuth 1.0a provider.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.UbuntuOne(*args, **kwargs)[source]

Ubuntu One OAuth 1.0a provider.

Warning

Uses the PLAINTEXT Signature method!

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Vimeo(*args, **kwargs)[source]

Vimeo OAuth 1.0a provider.

Warning

Vimeo needs one more fetch to get rich user info!

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Xero(*args, **kwargs)[source]

Xero OAuth 1.0a provider.

Note

API returns XML!

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Yahoo(*args, **kwargs)[source]

Yahoo OAuth 1.0a provider.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.

OpenID Providers

Providers which implement the OpenID protocol based on the python-openid library.

Warning

This providers are dependent on the python-openid package.

OpenID(*args, **kwargs) OpenID provider based on the python-openid library.
Yahoo(*args, **kwargs) Yahoo OpenID provider with the identifier predefined to "me.yahoo.com".
Google(*args, **kwargs) Google OpenID provider with the identifier predefined to "https://www.google.com/accounts/o8/id".
class authomatic.providers.openid.OpenID(*args, **kwargs)[source]

OpenID provider based on the python-openid library.

Accepts additional keyword arguments:

Parameters:
  • store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
  • use_realm (bool) – Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.
  • realm_body (str) – Contents of the HTML body tag of the realm.
  • realm_param (str) – Name of the query parameter to be used to serve the realm.
  • xrds_param (str) – The name of the query parameter to be used to serve the XRDS document.
  • sreg (list) – List of strings of optional SREG fields. Default = OpenID.SREG.
  • sreg_required (list) –

    List of strings of required SREG fields. Default = [].

  • ax (list) – List of strings of optional AX schemas. Default = OpenID.AX.
  • ax_required (list) –

    List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.

  • pape (list) – of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

class authomatic.providers.openid.Yahoo(*args, **kwargs)[source]

Yahoo OpenID provider with the identifier predefined to "me.yahoo.com".

Accepts additional keyword arguments:

Parameters:
  • store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
  • use_realm (bool) –

    Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.

  • realm_body (str) – Contents of the HTML body tag of the realm.
  • realm_param (str) – Name of the query parameter to be used to serve the realm.
  • xrds_param (str) –

    The name of the query parameter to be used to serve the XRDS document.

  • sreg (list) –

    List of strings of optional SREG fields. Default = OpenID.SREG.

  • sreg_required (list) –

    List of strings of required SREG fields. Default = [].

  • ax (list) –

    List of strings of optional AX schemas. Default = OpenID.AX.

  • ax_required (list) –

    List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.

  • pape (list) –

    of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

class authomatic.providers.openid.Google(*args, **kwargs)[source]

Google OpenID provider with the identifier predefined to "https://www.google.com/accounts/o8/id".

Accepts additional keyword arguments:

Parameters:
  • store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
  • use_realm (bool) –

    Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.

  • realm_body (str) – Contents of the HTML body tag of the realm.
  • realm_param (str) – Name of the query parameter to be used to serve the realm.
  • xrds_param (str) –

    The name of the query parameter to be used to serve the XRDS document.

  • sreg (list) –

    List of strings of optional SREG fields. Default = OpenID.SREG.

  • sreg_required (list) –

    List of strings of required SREG fields. Default = [].

  • ax (list) –

    List of strings of optional AX schemas. Default = OpenID.AX.

  • ax_required (list) –

    List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.

  • pape (list) –

    of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

Google App Engine OpenID Providers

OpenID provider implementations based on the Google App Engine Users API.

Note

When using the GAEOpenID provider, the User object will always have only the User.user_id, User.email, User.gae_user attributes populated with data. Moreover the User.user_id will always be empty on the GAE Development Server.

GAEOpenID(*args, **kwargs) OpenID provider based on the Google App Engine Users API.
Yahoo(*args, **kwargs) GAEOpenID provider with the identifier set to "me.yahoo.com".
Google(*args, **kwargs) GAEOpenID provider with the identifier set to "https://www.google.com/accounts/o8/id".
class authomatic.providers.gaeopenid.GAEOpenID(*args, **kwargs)[source]

OpenID provider based on the Google App Engine Users API.

Accepts additional keyword arguments inherited from AuthenticationProvider.

class authomatic.providers.gaeopenid.Yahoo(*args, **kwargs)[source]

GAEOpenID provider with the identifier set to "me.yahoo.com".

class authomatic.providers.gaeopenid.Google(*args, **kwargs)[source]

GAEOpenID provider with the identifier set to "https://www.google.com/accounts/o8/id".

Abstract Classes for Providers

Abstract base classes for implementation of protocol specific providers.

Note

Attributes prefixed with _x_ serve the purpose of unification of differences across providers.

login_decorator(func) Decorate the BaseProvider.login() implementations with this decorator.
BaseProvider(settings, adapter, provider_name) Abstract base class for all providers.
AuthorizationProvider(*args, **kwargs) Base provider for authorization protocols i.e.
AuthenticationProvider(*args, **kwargs) Base provider for authentication protocols i.e.
authomatic.providers.login_decorator(func)[source]

Decorate the BaseProvider.login() implementations with this decorator.

Provides mechanism for error reporting and returning result which makes the BaseProvider.login() implementation cleaner.

class authomatic.providers.BaseProvider(settings, adapter, provider_name, session=None, session_saver=None, callback=None, js_callback=None, prefix='authomatic', **kwargs)[source]

Abstract base class for all providers.

name = None

str The provider name as specified in the Config.

callback = None

callable An optional callback called when the login procedure is finished with core.LoginResult passed as argument.

js_callback = None

str Name of an optional javascript callback.

user = None

core.User.

popup = None

bool If True, the BaseProvider.user_authorization_url will be displayed in a popup mode, if the provider supports it.

login()[source]

Launches the login procedure to get user’s credentials from provider.

Should be decorated with login_decorator(). The login procedure is considered finished when the user attribute is not empty when the method runs out of it’s flow or when there are errors.

to_dict()[source]

Converts the provider instance to a dict.

Returns:dict
classmethod get_type()[source]

Returns the provider type.

Returns:str The full dotted path to base class e.g. "authomatic.providers.oauth2.OAuth2".
update_user()[source]

Updates and returns user.

Returns:User
static csrf_generator(secret)[source]

Generates CSRF token.

Inspired by this article: http://blog.ptsecurity.com/2012/10/random-number-security-in-python.html

Returns:str Random unguessable string.
class authomatic.providers.AuthorizationProvider(*args, **kwargs)[source]

Base provider for authorization protocols i.e. protocols which allow a provider to authorize a consumer to access protected resources of a user. e.g. OAuth 2.0 or OAuth 1.0a.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id (int) – A unique numeric ID used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access_with_credentials token request.
same_origin = True

If True the provider doesn’t support Cross-site HTTP requests.

supports_jsonp = False

bool Whether the provider supports JSONP requests.

credentials = None

Credentials to access user’s protected resources.

user_authorization_url[source]

str URL to which we redirect the user to grant our app i.e. the consumer an authorization to access his protected resources. see http://tools.ietf.org/html/rfc6749#section-4.1.1 and http://oauth.net/core/1.0a/#auth_step2.

access_token_url[source]

str URL where we can get the access token to access protected resources of a user. see http://tools.ietf.org/html/rfc6749#section-4.1.3 and http://oauth.net/core/1.0a/#auth_step3.

user_info_url[source]

str URL where we can get the user info. see http://tools.ietf.org/html/rfc6749#section-7 and http://oauth.net/core/1.0a/#anchor12.

to_tuple(credentials)[source]

Must convert credentials to a tuple to be used by Credentials.serialize().

Warning

Must be a classmethod!

Parameters:credentialsCredentials
Returns:tuple
reconstruct(deserialized_tuple, credentials, cfg)[source]

Must convert the deserialized_tuple back to Credentials.

Warning

Must be a classmethod!

Parameters:
  • deserialized_tuple (tuple) – A tuple whose first index is the id and the rest are all the items of the tuple created by to_tuple().
  • credentials – A Credentials instance.
  • cfg (dict) – Provider configuration from Config.
create_request_elements(request_type, credentials, url, method='GET', params=None, headers=None, body='')[source]

Must return RequestElements.

Warning

Must be a classmethod!

Parameters:
  • request_type (int) – Type of the request specified by one of the class’s constants.
  • credentialsCredentials of the user whose protected resource we want to access.
  • url (str) – URL of the request.
  • method (str) – HTTP method of the request.
  • params (dict) – Dictionary of request parameters.
  • headers (dict) – Dictionary of request headers.
  • body (str) – Body of POST, PUT and PATCH requests.
Returns:

RequestElements

type_id[source]

A short string representing the provider implementation id used for serialization of Credentials and to identify the type of provider in JavaScript. The part before hyphen denotes the type of the provider, the part after hyphen denotes the class id e.g. oauth2.Facebook.type_id = '2-5', oauth1.Twitter.type_id = '1-5'.

classmethod access_with_credentials(credentials, url, params=None, method='GET', headers=None, body='', max_redirects=5, content_parser=None)[source]

Fetches the protected resource of the user to whom belong the supplied credentials.

Parameters:credentials

The user’s Credentials (serialized or normal).

Parameters:
  • url (str) – The URL of the protected resource.
  • method (str) – HTTP method of the request.
  • headers (dict) – HTTP headers of the request.
  • body (str) – Body of POST, PUT and PATCH requests.
  • max_redirects (int) – Maximum number of HTTP redirects to follow.
  • content_parser (function) – A function to be used to parse the Response.data from Response.content.
Returns:

Response

access(url, params=None, method='GET', headers={}, max_redirects=5, content_parser=None)[source]

Fetches the protected resource of the logged in user.

Parameters:
  • credentials – The user’s Credentials (serialized or normal).
  • method (str) – HTTP method of the request.
  • headers (dict) – HTTP headers of the request.
  • max_redirects (int) – Maximum number of HTTP redirects to follow.
  • content_parser (function) – A function to be used to parse the Response.data from Response.content.
Returns:

Response

async_access(*args, **kwargs)[source]

Same as access() but runs asynchronously in a separate thread.

Warning

The internal implementation of the future pattern is quite naive. Use with caution!

Returns:Future instance representing the separate thread.
update_user()[source]

Updates the BaseProvider.user.

Warning

Fetches the user_info_url!

Returns:UserInfoResponse
class authomatic.providers.AuthenticationProvider(*args, **kwargs)[source]

Base provider for authentication protocols i.e. protocols which allow a provider to authenticate a claimed identity of a user. e.g. OpenID.

has_protected_resources = False

Indicates whether the provider supports access_with_credentials to user’s protected resources.

Fork me on GitHub