Authentication

Restkit support for now basic authentication and OAuth. But any other authentication schema can easily be added using http filters.

Basic authentication

Basic authentication is managed by the object BasicAuth. It’s handled automatically in request function and in Resource object if basic_auth_url property is True.

To use basic authentication in a Resource object you can do:

from restkit import Resource, BasicAuth

auth = BasicAuth("username", "password")
r = Resource("http://friendpaste.com", filters=[auth])

Or simply use an authentication url:

r = Resource("http://username:password@friendpaste.com")

OAuth

Restkit OAuth is based on simplegeo python-oauth2 module So you don’t need other installation to use OAuth (you can also simply use restkit.oauth2 module in your applications).

The OAuth filter restkit.oauth2.filter.OAuthFilter allow you to associate a consumer per resource (path). Initalize Oauth filter with:

path, consumer, token, signaturemethod)

token and method signature are optionnals. Consumer should be an instance of Consumer, token an instance of Token signature method an instance of oauth2.SignatureMethod (Token is only needed for three-legged requests.

The filter is appleid if the path match. It allows you to maintain different authorization per path. A wildcard at the indicate to the filter to match all path behind.

Example the rule /some/resource/* will match /some/resource/other and /some/resource/other2, while the rule /some/resource will only match the path /some/resource.

Simple client example:

from restkit import OAuthFilter, request
import restkit.oauth2 as oauth

# Create your consumer with the proper key/secret.
consumer = oauth.Consumer(key="your-twitter-consumer-key",
  secret="your-twitter-consumer-secret")

# Request token URL for Twitter.
request_token_url = "http://twitter.com/oauth/request_token"

# Create our filter.
auth = oauth.OAuthFilter('*', consumer)

# The request.
resp = request(request_token_url, filters=[auth])
print resp.body_string()

If you want to add OAuth to your TwitterSearch resource:

# Create your consumer with the proper key/secret.
consumer = oauth.Consumer(key="your-twitter-consumer-key",
  secret="your-twitter-consumer-secret")

# Create our filter.
client = oauth.OAuthfilter('*', consumer)

s = TwitterSearch(filters=[client])

Twitter Three-legged OAuth Example:

Below is an example from python-oauth2 of how one would go through a three-legged OAuth flow to gain access to protected resources on Twitter. This is a simple CLI script, but can be easily translated to a web application:

import urlparse

from restkit import request
from restkit.filters import OAuthFilter
import restkit.util.oauth2 as oauth

consumer_key = 'my_key_from_twitter'
consumer_secret = 'my_secret_from_twitter'

request_token_url = 'http://twitter.com/oauth/request_token'
access_token_url = 'http://twitter.com/oauth/access_token'
authorize_url = 'http://twitter.com/oauth/authorize'

consumer = oauth.Consumer(consumer_key, consumer_secret)

auth = OAuthFilter('*', consumer)

# Step 1: Get a request token. This is a temporary token that is used for
# having the user authorize an access token and to sign the request to obtain
# said access token.



resp = request(request_token_url, filters=[auth])
if resp.status_int != 200:
    raise Exception("Invalid response %s." % resp.status_code)

request_token = dict(urlparse.parse_qsl(resp.body_string()))

print "Request Token:"
print "    - oauth_token        = %s" % request_token['oauth_token']
print "    - oauth_token_secret = %s" % request_token['oauth_token_secret']
print

# Step 2: Redirect to the provider. Since this is a CLI script we do not
# redirect. In a web application you would redirect the user to the URL
# below.

print "Go to the following link in your browser:"
print "%s?oauth_token=%s" % (authorize_url, request_token['oauth_token'])
print

# After the user has granted access to you, the consumer, the provider will
# redirect you to whatever URL you have told them to redirect to. You can
# usually define this in the oauth_callback argument as well.
accepted = 'n'
while accepted.lower() == 'n':
    accepted = raw_input('Have you authorized me? (y/n) ')
oauth_verifier = raw_input('What is the PIN? ')

# Step 3: Once the consumer has redirected the user back to the oauth_callback
# URL you can request the access token the user has approved. You use the
# request token to sign this request. After this is done you throw away the
# request token and use the access token returned. You should store this
# access token somewhere safe, like a database, for future use.
token = oauth.Token(request_token['oauth_token'],
    request_token['oauth_token_secret'])
token.set_verifier(oauth_verifier)

auth = OAuthFilter("*", consumer, token)

resp = request(access_token_url, "POST", filters=[auth])
access_token = dict(urlparse.parse_qsl(resp.body_string()))

print "Access Token:"
print "    - oauth_token        = %s" % access_token['oauth_token']
print "    - oauth_token_secret = %s" % access_token['oauth_token_secret']
print
print "You may now access protected resources using the access tokens above."
print

Table Of Contents

Previous topic

Reuses connections

Next topic

Stream you content

This Page