Skip to main content

Firefox Accounts client library for Python

Project description

This is python library for interacting with the Firefox Accounts ecosystem. It’s highly experimental and subject to change. Eventually, it is planned to provide easy support for the following features:

  • being a direct firefox accounts authentication client

  • being an FxA OAuth Service Provider

  • accessing attached services

But none of that is ready yet; caveat emptor.

Firefox Accounts

Currently, basic auth-server operations should work like so:

from fxa.core import Client

client = Client("https://api.accounts.firefox.com")
client.create_account("test@example.com", "MySecretPassword")

session = client.login("test@example.com", "MySecretPassword")
cert = session.sign_certificate(myPublicKey)
session.change_password("MySecretPassword", "ThisIsEvenMoreSecret")

FxA OAuth Relier

Trade the authentication code against a longer lived OAuth token:

from fxa.oauth import Client

client = Client()
token = client.trade_code("client-id", "client-secret", "code-1234")

Verify an OAuth token:

from fxa.oauth import Client
from fxa.errors import ClientError

client = Client()

try:
    profile = client.verify_token("123456...")
except ClientError:
    print "Invalid token"

print("User id", profile["user"])

Testing email addresses

There’s also very basic integration with restmail.net, to allow for testing with live email addresses. It works like this:

from fxa.core import Client
from fxa.tests.utils import TestEmailAccount

# Create a testing account using an @restmail.net address.
acct = TestEmailAccount()
client = Client("https://api.accounts.firefox.com")
session = client.create_account(acct.email, "MySecretPassword")

# Verify the account using the code from email.
acct.fetch()
for m in acct.messages:
    if "x-verify-code" in m["headers"]:
        session.verify_email_code(m["headers"]["x-verify-code"])

...

# Destroy the account once you're done with it.
acct.clear()
client.destroy_account(acct.email, "MySecretPassword")

v0.0.3

  • Refacotor oauth.Client to take id/secret as constructor args.

  • Add basic caching on oauth token verification.

  • Accept option “/v1” suffix on server URLs.

  • Add get_identity_assertion() method to core.Session.

  • Add methods to oauth.Client for authorizing codes and tokens.

  • Add a new error hierarchy for trust-related errors.

  • Additional sanity-checking in oauth scope checks.

v0.0.2

  • Initial release; includes basic auth and oauth functionality.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PyFxA-0.0.3.tar.gz (19.6 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page