Providers¶
Contents
Providers are abstractions of the provider party of the provider/consumer/user triangle and they are the very core of this library. There is no reason for you to instantiate them manually. You only should specify them in the Config and access members of their instances available in the LoginResult returned by the authomatic.login() function.
Some provider types accept additional keyword arguments in their constructor which you can pass to them through the authomatic.login() function’s keyword arguments or through the Config like this:
Note
Keyword arguments passed through authomatic.login() will override the values set in Config.
CONFIG = {
'facebook': {
'class_': oauth2.Facebook, # Subclass of AuthorizationProvider
# AuthorizationProvider specific keyword arguments:
'short_name': 1,
'consumer_key': '###################',
'consumer_secret': '###################',
# oauth2.OAuth2 specific keyword arguments:
'scope': ['user_about_me', 'email']
},
'openid': {
'class_': openid.OpenID, # Subclass of AuthenticationProvider
# AuthenticationProvider specific keyword arguments:
'identifier_param': 'claimed_id',
# openid.OpenID specific keyword arguments:
'use_realm': True,
'realm_body': 'OpenID Realm.',
'realm_param': 'r',
'xrds_param': 'x',
'sreg': ['nickname', 'email'],
'sreg_required': ['email'],
'ax': ['http://axschema.org/contact/email', 'http://axschema.org/namePerson'],
'ax_required': ['http://axschema.org/contact/email'],
'pape': ['http://schemas.openid.net/pape/policies/2007/06/multi-factor']
},
}
Additional keyword arguments by provider type:
Provider Type | Argument Name | Required | |
---|---|---|---|
OAuth2 | consumer_key | yes | |
consumer_secret | yes | ||
short_name | yes | ||
scope | |||
offline | |||
user_authorization_params | |||
access_token_params | |||
popup | |||
OAuth1 | consumer_key | yes | |
consumer_secret | yes | ||
short_name | yes | ||
request_token_params | |||
user_authorization_params | |||
access_token_params | |||
popup | |||
OpenID | identifier_param | ||
use_realm | |||
realm_body | |||
realm_param | |||
xrds_param | |||
sreg | |||
sreg_required | |||
ax | |||
ax_required | |||
pape | |||
popup | |||
GAEOpenID | identifier_param | ||
popup |
Available provider classes:
OAuth 2.0 Providers¶
Providers which implement the OAuth 2.0 protocol.
OAuth2(*args, **kwargs) | Base class for OAuth 2.0 providers. |
Amazon(*args, **kwargs) | Amazon OAuth 2.0 provider. |
Behance(*args, **kwargs) | Behance OAuth 2.0 provider. |
Bitly(*args, **kwargs) | Bitly OAuth 2.0 provider. |
Cosm(*args, **kwargs) | Cosm OAuth 2.0 provider. |
DeviantART(*args, **kwargs) | DeviantART OAuth 2.0 provider. |
Eventbrite(*args, **kwargs) | Eventbrite OAuth 2.0 provider. |
Facebook(*args, **kwargs) | Facebook OAuth 2.0 provider. |
Foursquare(*args, **kwargs) | Foursquare OAuth 2.0 provider. |
GitHub(*args, **kwargs) | GitHub OAuth 2.0 provider. |
Google(*args, **kwargs) | Google OAuth 2.0 provider. |
LinkedIn(*args, **kwargs) | Linked In OAuth 2.0 provider. |
PayPal(*args, **kwargs) | PayPal OAuth 2.0 provider. |
Reddit(*args, **kwargs) | Reddit OAuth 2.0 provider. |
Viadeo(*args, **kwargs) | Viadeo OAuth 2.0 provider. |
VK(*args, **kwargs) | VK.com OAuth 2.0 provider. |
WindowsLive(*args, **kwargs) | Windows Live OAuth 2.0 provider. |
Yammer(*args, **kwargs) | Yammer OAuth 2.0 provider. |
Yandex(*args, **kwargs) | Yandex OAuth 2.0 provider. |
- class authomatic.providers.oauth2.OAuth2(*args, **kwargs)[source]¶
Base class for OAuth 2.0 providers.
Accepts additional keyword arguments:
Parameters: - scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- user_info_scope = []¶
A scope preset to get most of the user info. Use it in the Config like {'scope': oauth2.Facebook.user_info_scope}.
- classmethod create_request_elements(request_type, credentials, url, method='GET', params=None, headers=None, body='', secret=None, redirect_uri='', scope='', csrf='')[source]¶
Creates OAuth 2.0 request elements.
- refresh_credentials(credentials)[source]¶
Refreshes Credentials if it gives sense.
Parameters: credentials – Credentials to be refreshed. Returns: Response.
- class authomatic.providers.oauth2.Amazon(*args, **kwargs)¶
Amazon OAuth 2.0 provider.
Thanks to Ghufran Syed.
- Dashboard: https://developer.amazon.com/home.html
- Docs: https://developer.amazon.com/public/apis/engage/login-with-amazon/docs/conceptual_overview.html
- API reference: https://developer.amazon.com/public/apis
Note
Amazon only accepts redirect_uri with https schema, Therefore the login handler must also be accessible through https.
Supported User properties:
- id
- name
- postal_code
Unsupported User properties:
- birth_date
- city
- country
- first_name
- gender
- last_name
- link
- locale
- nickname
- phone
- picture
- timezone
- username
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.Behance(*args, **kwargs)[source]¶
Behance OAuth 2.0 provider.
- Dashboard: http://www.behance.net/dev/apps
- Docs: http://www.behance.net/dev/authentication
- API reference: http://www.behance.net/dev/api/endpoints/
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.Bitly(*args, **kwargs)[source]¶
Bitly OAuth 2.0 provider.
Warning
This provider doesn’t support CSRF protection!
- Dashboard: https://bitly.com/a/oauth_apps
- Docs: http://dev.bitly.com/authentication.html
- API reference: http://dev.bitly.com/api.html
Supported User properties:
- id
- link
- name
- picture
- username
Unsupported User properties:
- birth_date
- city
- country
- first_name
- gender
- last_name
- locale
- nickname
- phone
- postal_code
- timezone
- class authomatic.providers.oauth2.Cosm(*args, **kwargs)[source]¶
Cosm OAuth 2.0 provider.
Note
Cosm doesn’t provide any user info URL.
- Dashboard: https://cosm.com/users/{your_username}/apps
- Docs: https://cosm.com/docs/
- API reference: https://cosm.com/docs/v2/
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.DeviantART(*args, **kwargs)[source]¶
DeviantART OAuth 2.0 provider.
- Dashboard: https://www.deviantart.com/settings/myapps
- Docs: https://www.deviantart.com/developers/authentication
- API reference: http://www.deviantart.com/developers/oauth2
Supported User properties:
- name
- picture
- username
Unsupported User properties:
- birth_date
- city
- country
- first_name
- gender
- id
- last_name
- link
- locale
- nickname
- phone
- postal_code
- timezone
- class authomatic.providers.oauth2.Eventbrite(*args, **kwargs)¶
Eventbrite OAuth 2.0 provider.
Thanks to Paul Brown.
- Dashboard: http://www.eventbrite.com/myaccount/apps/
- Docs: https://developer.eventbrite.com/docs/auth/
- API: http://developer.eventbrite.com/docs/
Supported User properties:
- first_name
- id
- last_name
- name
Unsupported User properties:
- birth_date
- city
- country
- gender
- link
- locale
- nickname
- phone
- picture
- postal_code
- timezone
- username
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.Facebook(*args, **kwargs)[source]¶
Facebook OAuth 2.0 provider.
- Dashboard: https://developers.facebook.com/apps
- Docs: http://developers.facebook.com/docs/howtos/login/server-side-login/
- API reference: http://developers.facebook.com/docs/reference/api/
- API explorer: http://developers.facebook.com/tools/explorer
Supported User properties:
- city
- country
- first_name
- gender
- id
- last_name
- link
- locale
- name
- picture
- timezone
- username
Unsupported User properties:
- birth_date
- nickname
- phone
- postal_code
- class authomatic.providers.oauth2.Foursquare(*args, **kwargs)[source]¶
Foursquare OAuth 2.0 provider.
- Dashboard: https://foursquare.com/developers/apps
- Docs: https://developer.foursquare.com/overview/auth.html
- API reference: https://developer.foursquare.com/docs/
Note
Foursquare requires a version parameter in each request. The default value is v=20140501. You can override the version in the params parameter of the Authomatic.access() method. See https://developer.foursquare.com/overview/versioning
Supported User properties:
- city
- country
- first_name
- gender
- id
- last_name
- name
- phone
- picture
Unsupported User properties:
- birth_date
- link
- locale
- nickname
- postal_code
- timezone
- username
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.GitHub(*args, **kwargs)[source]¶
GitHub OAuth 2.0 provider.
- Dashboard: https://github.com/settings/applications/
- Docs: http://developer.github.com/v3/#authentication
- API reference: http://developer.github.com/v3/
Note
GitHub API documentation sais:
all API requests MUST include a valid User-Agent header.You can apply a default User-Agent header for all API calls in the config like this:
CONFIG = { 'github': { 'class_': oauth2.GitHub, 'consumer_key': '#####', 'consumer_secret': '#####', 'access_headers': {'User-Agent': 'Awesome-Octocat-App'}, } }
- city
- country
- id
- link
- name
- picture
- username
Unsupported User properties:
- birth_date
- first_name
- gender
- last_name
- locale
- nickname
- phone
- postal_code
- timezone
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.Google(*args, **kwargs)[source]¶
Google OAuth 2.0 provider.
- Dashboard: https://console.developers.google.com/project
- Docs: https://developers.google.com/accounts/docs/OAuth2
- API reference: https://developers.google.com/gdata/docs/directory
- API explorer: https://developers.google.com/oauthplayground/
Supported User properties:
- first_name
- gender
- id
- last_name
- link
- locale
- name
- picture
Unsupported User properties:
- birth_date
- city
- country
- nickname
- phone
- postal_code
- timezone
- username
- class authomatic.providers.oauth2.LinkedIn(*args, **kwargs)[source]¶
Linked In OAuth 2.0 provider.
Note
Doesn’t support access token refreshment.
- Dashboard: https://www.linkedin.com/secure/developer
- Docs: http://developer.linkedin.com/documents/authentication
- API reference: http://developer.linkedin.com/rest
Supported User properties:
- birth_date
- country
- first_name
- id
- last_name
- link
- name
- phone
- picture
Unsupported User properties:
- city
- gender
- locale
- nickname
- postal_code
- timezone
- username
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.PayPal(*args, **kwargs)[source]¶
PayPal OAuth 2.0 provider.
- Dashboard: https://developer.paypal.com/webapps/developer/applications
- Docs: https://developer.paypal.com/webapps/developer/docs/integration/direct/make-your-first-call/
- API reference: https://developer.paypal.com/webapps/developer/docs/api/
Note
Paypal doesn’t redirect the user to authorize your app! It grants you an access token based on your app’s key and secret instead.
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.Reddit(*args, **kwargs)[source]¶
Reddit OAuth 2.0 provider.
Note
Currently credentials refreshment returns {"error": "invalid_request"}.
- Dashboard: https://ssl.reddit.com/prefs/apps
- Docs: https://github.com/reddit/reddit/wiki/OAuth2
- API reference: http://www.reddit.com/dev/api
Note
According to Reddit API docs, you have to include a User-Agent header in each API call.
You can apply a default User-Agent header for all API calls in the config like this:
CONFIG = { 'reddit': { 'class_': oauth2.Reddit, 'consumer_key': '#####', 'consumer_secret': '#####', 'access_headers': {'User-Agent': "Andy Pipkin's App"}, } }
Supported User properties:
- id
- username
Unsupported User properties:
- birth_date
- country
- city
- first_name
- gender
- last_name
- link
- locale
- name
- nickname
- phone
- picture
- postal_code
- timezone
- class authomatic.providers.oauth2.Viadeo(*args, **kwargs)[source]¶
Viadeo OAuth 2.0 provider.
Note
As stated in the Viadeo documentation:
Viadeo restrains access to its API. They are now exclusively reserved for its strategic partners.- Dashboard: http://dev.viadeo.com/dashboard/
- Docs: http://dev.viadeo.com/documentation/authentication/oauth-authentication/
- API reference: http://dev.viadeo.com/documentation/
Note
Viadeo doesn’t support credentials refreshment. As stated in their docs: “The access token has an infinite time to live.”
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.VK(*args, **kwargs)[source]¶
VK.com OAuth 2.0 provider.
- Dashboard: Could not find any. You must do it like this: http://vk.com/editapp?id={consumer_key}
- Docs: http://vk.com/developers.php?oid=-17680044&p=Authorizing_Sites
- API reference: http://vk.com/developers.php?oid=-17680044&p=API_Method_Description
Note
VK uses a bitmask scope! Use it like this:
CONFIG = { 'vk': { 'class_': oauth2.VK, 'consumer_key': '#####', 'consumer_secret': '#####', 'id': authomatic.provider_id(), 'scope': ['1024'] # Always a single item. } }
Supported User properties:
- birth_date
- city
- country
- first_name
- gender
- id
- last_name
- name
- picture
- timezone
Unsupported User properties:
- link
- locale
- nickname
- phone
- postal_code
- username
- class authomatic.providers.oauth2.WindowsLive(*args, **kwargs)[source]¶
Windows Live OAuth 2.0 provider.
- Dashboard: https://account.live.com/developers/applications
- Docs: http://msdn.microsoft.com/en-us/library/hh243647.aspx
- API explorer: http://isdk.dev.live.com/?mkt=en-us
Supported User properties:
- first_name
- id
- last_name
- link
- locale
- name
- picture
Unsupported User properties:
- birth_date
- city
- country
- gender
- nickname
- phone
- postal_code
- timezone
- username
- class authomatic.providers.oauth2.Yammer(*args, **kwargs)[source]¶
Yammer OAuth 2.0 provider.
- Dashboard: https://www.yammer.com/client_applications
- Docs: https://developer.yammer.com/authentication/
- API reference: https://developer.yammer.com/restapi/
Supported User properties:
- birth_date
- city
- country
- first_name
- id
- last_name
- link
- locale
- name
- phone
- picture
- timezone
- username
Unsupported User properties:
- gender
- nickname
- postal_code
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
- class authomatic.providers.oauth2.Yandex(*args, **kwargs)[source]¶
Yandex OAuth 2.0 provider.
- Dashboard: https://oauth.yandex.com/client/my
- Docs: http://api.yandex.com/oauth/doc/dg/reference/obtain-access-token.xml
- API reference:
Supported User properties:
- id
- name
- username
Unsupported User properties:
- birth_date
- city
- country
- first_name
- gender
- last_name
- link
- locale
- nickname
- phone
- picture
- postal_code
- timezone
Accepts additional keyword arguments:
Parameters: - scope (list) –
List of strings specifying requested permissions as described in the OAuth 2.0 spec.
- offline (bool) – If True the provider will be set up to request an offline access token. default is False.
As well as those inherited from AuthorizationProvider constructor.
OAuth 1.0a Providers¶
Providers which implement the OAuth 1.0a protocol.
OAuth1(*args, **kwargs) | Base class for OAuth 1.0a providers. |
Bitbucket(*args, **kwargs) | Bitbucket OAuth 1.0a provider. |
Flickr(*args, **kwargs) | Flickr OAuth 1.0a provider. |
Meetup(*args, **kwargs) | Meetup OAuth 1.0a provider. |
Plurk(*args, **kwargs) | Plurk OAuth 1.0a provider. |
Twitter(*args, **kwargs) | Twitter OAuth 1.0a provider. |
Tumblr(*args, **kwargs) | Tumblr OAuth 1.0a provider. |
UbuntuOne(*args, **kwargs) | Ubuntu One OAuth 1.0a provider. |
Vimeo(*args, **kwargs) | Vimeo OAuth 1.0a provider. |
Xero(*args, **kwargs) | Xero OAuth 1.0a provider. |
Xing(*args, **kwargs) | Xing OAuth 1.0a provider. |
Yahoo(*args, **kwargs) | Yahoo OAuth 1.0a provider. |
- class authomatic.providers.oauth1.OAuth1(*args, **kwargs)[source]¶
Base class for OAuth 1.0a providers.
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- request_token_url[source]¶
str URL where we can get the OAuth 1.0a request token. see http://oauth.net/core/1.0a/#auth_step1.
- class authomatic.providers.oauth1.Bitbucket(*args, **kwargs)[source]¶
Bitbucket OAuth 1.0a provider.
- Dashboard: https://bitbucket.org/account/user/peterhudec/api
- Docs: https://confluence.atlassian.com/display/BITBUCKET/oauth+Endpoint
- API reference: https://confluence.atlassian.com/display/BITBUCKET/Using+the+Bitbucket+REST+APIs
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Flickr(*args, **kwargs)[source]¶
Flickr OAuth 1.0a provider.
- Dashboard: https://www.flickr.com/services/apps/
- Docs: https://www.flickr.com/services/api/auth.oauth.html
- API reference: https://www.flickr.com/services/api/
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Meetup(*args, **kwargs)[source]¶
Meetup OAuth 1.0a provider.
Note
Meetup also supports OAuth 2.0 but you need the user ID to update the user info, which they don’t provide in the OAuth 2.0 access token response.
- Dashboard: http://www.meetup.com/meetup_api/oauth_consumers/
- Docs: http://www.meetup.com/meetup_api/auth/#oauth
- API: http://www.meetup.com/meetup_api/docs/
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Plurk(*args, **kwargs)[source]¶
Plurk OAuth 1.0a provider.
- Dashboard: http://www.plurk.com/PlurkApp/
- Docs:
- API: http://www.plurk.com/API
- API explorer: http://www.plurk.com/OAuth/test/
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Twitter(*args, **kwargs)[source]¶
Twitter OAuth 1.0a provider.
- Dashboard: https://dev.twitter.com/apps
- Docs: https://dev.twitter.com/docs
- API reference: https://dev.twitter.com/docs/api
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Tumblr(*args, **kwargs)[source]¶
Tumblr OAuth 1.0a provider.
- Dashboard: http://www.tumblr.com/oauth/apps
- Docs: http://www.tumblr.com/docs/en/api/v2#auth
- API reference: http://www.tumblr.com/docs/en/api/v2
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.UbuntuOne(*args, **kwargs)[source]¶
Ubuntu One OAuth 1.0a provider.
Warning
Uses the PLAINTEXT Signature method!
- Dashboard: https://one.ubuntu.com/developer/account_admin/auth/web
- Docs: https://one.ubuntu.com/developer/account_admin/auth/web
- API reference: https://one.ubuntu.com/developer/contents
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Vimeo(*args, **kwargs)[source]¶
Vimeo OAuth 1.0a provider.
Warning
Vimeo needs one more fetch to get rich user info!
- Dashboard: https://developer.vimeo.com/apps
- Docs: https://developer.vimeo.com/apis/advanced#oauth-endpoints
- API reference: https://developer.vimeo.com/apis
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Xero(*args, **kwargs)[source]¶
Xero OAuth 1.0a provider.
Note
API returns XML!
- Dashboard: https://api.xero.com/Application
- Docs: http://blog.xero.com/developer/api-overview/public-applications/
- API reference: http://blog.xero.com/developer/api/
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Yahoo(*args, **kwargs)[source]¶
Yahoo OAuth 1.0a provider.
- Dashboard: https://developer.apps.yahoo.com/dashboard/
- Docs: http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html
- API: http://developer.yahoo.com/everything.html
- API explorer: http://developer.yahoo.com/yql/console/
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
- class authomatic.providers.oauth1.Xing(*args, **kwargs)[source]¶
Xing OAuth 1.0a provider.
- Dashboard: https://dev.xing.com/applications
- Docs: https://dev.xing.com/docs/authentication
- API reference: https://dev.xing.com/docs/resources
Supported User properties:
- birth_date
- city
- country
- first_name
- gender
- id
- last_name
- link
- locale
- name
- picture
- postal_code
- timezone
- username
Unsupported User properties:
- nickname
- phone
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id – A unique short name used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access token request.
- request_token_params (dict) – A dictionary of additional request parameters for request token request.
OpenID Providers¶
Providers which implement the OpenID protocol based on the python-openid library.
Warning
This providers are dependent on the python-openid package.
OpenID(*args, **kwargs) | OpenID provider based on the python-openid library. |
Yahoo(*args, **kwargs) | Yahoo OpenID provider with the identifier predefined to "me.yahoo.com". |
Google(*args, **kwargs) | Google OpenID provider with the identifier predefined to "https://www.google.com/accounts/o8/id". |
- class authomatic.providers.openid.OpenID(*args, **kwargs)[source]¶
OpenID provider based on the python-openid library.
Accepts additional keyword arguments:
Parameters: - store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
- use_realm (bool) – Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.
- realm_body (str) – Contents of the HTML body tag of the realm.
- realm_param (str) – Name of the query parameter to be used to serve the realm.
- xrds_param (str) – The name of the query parameter to be used to serve the XRDS document.
- sreg (list) – List of strings of optional SREG fields. Default = OpenID.SREG.
- sreg_required (list) –
List of strings of required SREG fields. Default = [].
- ax (list) – List of strings of optional AX schemas. Default = OpenID.AX.
- ax_required (list) –
List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.
- pape (list) – of requested PAPE policies. Default = OpenID.PAPE.
As well as those inherited from AuthenticationProvider constructor.
- class authomatic.providers.openid.Yahoo(*args, **kwargs)[source]¶
Yahoo OpenID provider with the identifier predefined to "me.yahoo.com".
Accepts additional keyword arguments:
Parameters: - store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
- use_realm (bool) –
Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.
- realm_body (str) – Contents of the HTML body tag of the realm.
- realm_param (str) – Name of the query parameter to be used to serve the realm.
- xrds_param (str) –
The name of the query parameter to be used to serve the XRDS document.
- sreg (list) –
List of strings of optional SREG fields. Default = OpenID.SREG.
- sreg_required (list) –
List of strings of required SREG fields. Default = [].
- ax (list) –
List of strings of optional AX schemas. Default = OpenID.AX.
- ax_required (list) –
List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.
- pape (list) –
of requested PAPE policies. Default = OpenID.PAPE.
As well as those inherited from AuthenticationProvider constructor.
- class authomatic.providers.openid.Google(*args, **kwargs)[source]¶
Google OpenID provider with the identifier predefined to "https://www.google.com/accounts/o8/id".
Accepts additional keyword arguments:
Parameters: - store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
- use_realm (bool) –
Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.
- realm_body (str) – Contents of the HTML body tag of the realm.
- realm_param (str) – Name of the query parameter to be used to serve the realm.
- xrds_param (str) –
The name of the query parameter to be used to serve the XRDS document.
- sreg (list) –
List of strings of optional SREG fields. Default = OpenID.SREG.
- sreg_required (list) –
List of strings of required SREG fields. Default = [].
- ax (list) –
List of strings of optional AX schemas. Default = OpenID.AX.
- ax_required (list) –
List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.
- pape (list) –
of requested PAPE policies. Default = OpenID.PAPE.
As well as those inherited from AuthenticationProvider constructor.
Google App Engine OpenID Providers¶
OpenID provider implementations based on the Google App Engine Users API.
Note
When using the GAEOpenID provider, the User object will always have only the User.user_id, User.email, User.gae_user attributes populated with data. Moreover the User.user_id will always be empty on the GAE Development Server.
GAEOpenID(*args, **kwargs) | OpenID provider based on the Google App Engine Users API. |
Yahoo(*args, **kwargs) | GAEOpenID provider with the identifier set to "me.yahoo.com". |
Google(*args, **kwargs) | GAEOpenID provider with the identifier set to "https://www.google.com/accounts/o8/id". |
- class authomatic.providers.gaeopenid.GAEOpenID(*args, **kwargs)[source]¶
OpenID provider based on the Google App Engine Users API.
Accepts additional keyword arguments inherited from AuthenticationProvider.
Abstract Classes for Providers¶
Abstract base classes for implementation of protocol specific providers.
Note
Attributes prefixed with _x_ serve the purpose of unification of differences across providers.
login_decorator(func) | Decorate the BaseProvider.login() implementations with this decorator. |
BaseProvider(settings, adapter, provider_name) | Abstract base class for all providers. |
AuthorizationProvider(*args, **kwargs) | Base provider for authorization protocols i.e. |
AuthenticationProvider(*args, **kwargs) | Base provider for authentication protocols i.e. |
- authomatic.providers.login_decorator(func)[source]¶
Decorate the BaseProvider.login() implementations with this decorator.
Provides mechanism for error reporting and returning result which makes the BaseProvider.login() implementation cleaner.
- class authomatic.providers.BaseProvider(settings, adapter, provider_name, session=None, session_saver=None, callback=None, js_callback=None, prefix='authomatic', **kwargs)[source]¶
Abstract base class for all providers.
- callback = None¶
callable An optional callback called when the login procedure is finished with core.LoginResult passed as argument.
- popup = None¶
bool If True, the BaseProvider.user_authorization_url will be displayed in a popup mode, if the provider supports it.
- login()[source]¶
Launches the login procedure to get user’s credentials from provider.
Should be decorated with login_decorator(). The login procedure is considered finished when the user attribute is not empty when the method runs out of it’s flow or when there are errors.
- classmethod get_type()[source]¶
Returns the provider type.
Returns: str The full dotted path to base class e.g. "authomatic.providers.oauth2.OAuth2".
- static csrf_generator(secret)[source]¶
Generates CSRF token.
Inspired by this article: http://blog.ptsecurity.com/2012/10/random-number-security-in-python.html
Returns: str Random unguessable string.
- class authomatic.providers.AuthorizationProvider(*args, **kwargs)[source]¶
Base provider for authorization protocols i.e. protocols which allow a provider to authorize a consumer to access protected resources of a user. e.g. OAuth 2.0 or OAuth 1.0a.
Accepts additional keyword arguments:
Parameters: - consumer_key (str) – The key assigned to our application (consumer) by the provider.
- consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
- id (int) – A unique numeric ID used to serialize Credentials.
- user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
- access_token_params (dict) – A dictionary of additional request parameters for access_with_credentials token request.
- access_headers (dict) – A dictionary of default HTTP headers that will be used when accessing user’s protected resources. Applied by access(), update_user() and User.update()
- access_params (dict) – A dictionary of default query string parameters that will be used when accessing user’s protected resources. Applied by access(), update_user() and User.update()
- same_origin = True¶
If True the provider doesn’t support Cross-site HTTP requests.
- credentials = None¶
Credentials to access user’s protected resources.
str URL to which we redirect the user to grant our app i.e. the consumer an authorization to access his protected resources. see http://tools.ietf.org/html/rfc6749#section-4.1.1 and http://oauth.net/core/1.0a/#auth_step2.
- access_token_url[source]¶
str URL where we can get the access token to access protected resources of a user. see http://tools.ietf.org/html/rfc6749#section-4.1.3 and http://oauth.net/core/1.0a/#auth_step3.
- user_info_url[source]¶
str URL where we can get the user info. see http://tools.ietf.org/html/rfc6749#section-7 and http://oauth.net/core/1.0a/#anchor12.
- to_tuple(credentials)[source]¶
Must convert credentials to a tuple to be used by Credentials.serialize().
Warning
Must be a classmethod!
Parameters: credentials – Credentials Returns: tuple
- reconstruct(deserialized_tuple, credentials, cfg)[source]¶
Must convert the deserialized_tuple back to Credentials.
Warning
Must be a classmethod!
Parameters: - deserialized_tuple (tuple) – A tuple whose first index is the id and the rest are all the items of the tuple created by to_tuple().
- credentials – A Credentials instance.
- cfg (dict) – Provider configuration from Config.
- create_request_elements(request_type, credentials, url, method='GET', params=None, headers=None, body='')[source]¶
Must return RequestElements.
Warning
Must be a classmethod!
Parameters: - request_type (int) – Type of the request specified by one of the class’s constants.
- credentials – Credentials of the user whose protected resource we want to access.
- url (str) – URL of the request.
- method (str) – HTTP method of the request.
- params (dict) – Dictionary of request parameters.
- headers (dict) – Dictionary of request headers.
- body (str) – Body of POST, PUT and PATCH requests.
Returns: RequestElements
- type_id[source]¶
A short string representing the provider implementation id used for serialization of Credentials and to identify the type of provider in JavaScript. The part before hyphen denotes the type of the provider, the part after hyphen denotes the class id e.g. oauth2.Facebook.type_id = '2-5', oauth1.Twitter.type_id = '1-5'.
- access(url, params=None, method='GET', headers=None, body='', max_redirects=5, content_parser=None)[source]¶
Fetches the protected resource of an authenticated user.
Parameters: - credentials – The user’s Credentials (serialized or normal).
- url (str) – The URL of the protected resource.
- method (str) – HTTP method of the request.
- headers (dict) – HTTP headers of the request.
- body (str) – Body of POST, PUT and PATCH requests.
- max_redirects (int) – Maximum number of HTTP redirects to follow.
- content_parser (function) – A function to be used to parse the Response.data from Response.content.
Returns:
- async_access(*args, **kwargs)[source]¶
Same as access() but runs asynchronously in a separate thread.
Warning
The internal implementation of the future pattern is quite naive. Use with caution!
Returns: Future instance representing the separate thread.
- update_user()[source]¶
Updates the BaseProvider.user.
Warning
Fetches the user_info_url!
Returns: UserInfoResponse
- class authomatic.providers.AuthenticationProvider(*args, **kwargs)[source]¶
Base provider for authentication protocols i.e. protocols which allow a provider to authenticate a claimed identity of a user. e.g. OpenID.
- has_protected_resources = False¶
Indicates whether the provider supports access_with_credentials to user’s protected resources.