OAuth2 support for aiohttp client
Project description
aiohttp-oauth2-client
: OAuth2 support for aiohttp
client
This package adds support for OAuth 2.0 authorization to the ClientSession
class of
the aiohttp
library.
It handles retrieving access tokens and injects them in the Authorization header of HTTP requests as a Bearer token.
Features:
- Ease of use
- Supported OAuth2 grants:
- Automatic (lazy) refresh of tokens
- Extensible code architecture
Installation
The pacakge is available on PyPi and can be installed using pip
:
pip install aiohttp-oauth2-client
Usage
Begin by importing the relevant modules, like the OAuth2 client and grant. Also import asyncio
for running async code:
import asyncio
from aiohttp_oauth2_client.client import OAuth2Client
from aiohttp_oauth2_client.grant.device_code import DeviceCodeGrant
Then create an OAuth2Grant
and OAuth2Client
object and perform a HTTP request to a protected resource. We use the
Device Code grant in this example:
async def main():
async with DeviceCodeGrant(
token_url=TOKEN_URL,
device_authorization_url=DEVICE_AUTHORIZATION_URL,
client_id=CLIENT_ID,
pkce=True
) as grant, OAuth2Client(grant) as client:
async with client.get(PROTECTED_ENDPOINT) as response:
assert response.ok
print(await response.text())
asyncio.run(main())
The client and grant objects can be used as async context managers. This ensures the proper setup and cleanup of associated resources.
Grant configuration
This section provides an overview of the configuration options for each grant type. Extra parameters can be provided, which will then be used in the authorization process.
Authorization code grant
The authorization code grant uses a web browser login to request an authorization code, which is then used to request an access token.
Parameters
Parameter | Required | Description |
---|---|---|
token_url |
Yes | OAuth 2.0 Token URL |
authorization_url |
Yes | OAuth 2.0 Authorization URL |
client_id |
Yes | client identifier |
token |
No | OAuth 2.0 Token |
pkce |
No | use PKCE |
Example
from aiohttp_oauth2_client.client import OAuth2Client
from aiohttp_oauth2_client.grant.authorization_code import AuthorizationCodeGrant
...
async with AuthorizationCodeGrant(
token_url="https://sso.example.com/oauth2/token",
authorization_url="https://sso.example.com/oauth2/auth",
client_id="public",
pkce=True
) as grant, OAuth2Client(grant) as client:
...
Client credentials grant
Use client credentials to obtain an access token.
Parameters
Parameter | Required | Description |
---|---|---|
token_url |
Yes | OAuth 2.0 Token URL |
client_id |
Yes | client identifier |
client_secret |
Yes | client secret |
token |
No | OAuth 2.0 token |
Example
from aiohttp_oauth2_client.client import OAuth2Client
from aiohttp_oauth2_client.grant.client_credentials import ClientCredentialsGrant
...
async with ClientCredentialsGrant(
token_url="https://sso.example.com/oauth2/token",
client_id="my-client",
client_secret="top-secret"
) as grant, OAuth2Client(grant) as client:
...
Device code grant
Obtain user authorization on devices with limited input capabilities or lack a suitable browser to handle an interactive log in procedure. The user is instructed to review the authorization request on a secondary device, which does have the requisite input and browser capabilities to complete the user interaction.
Parameters
Parameter | Required | Description |
---|---|---|
token_url |
Yes | OAuth 2.0 Token URL |
device_authorization_url |
Yes | OAuth 2.0 Device Authorization URL |
client_id |
Yes | client identifier |
token |
No | OAuth 2.0 Token |
pkce |
No | use PKCE |
Example
from aiohttp_oauth2_client.client import OAuth2Client
from aiohttp_oauth2_client.grant.device_code import DeviceCodeGrant
...
async with DeviceCodeGrant(
token_url="https://sso.example.com/oauth2/token",
device_authorization_url="https://sso.example.com/oauth2/auth/device",
client_id="public",
pkce=True
) as grant, OAuth2Client(grant) as client:
...
Resource owner password credentials grant
Use the username and password of the resource owner to obtain an access token.
Parameters
Parameter | Required | Description |
---|---|---|
token_url |
Yes | OAuth 2.0 Token URL |
username |
Yes | username of the resource owner |
password |
Yes | password of the resource owner |
token |
No | OAuth 2.0 Token |
Example
from aiohttp_oauth2_client.client import OAuth2Client
from aiohttp_oauth2_client.grant.resource_owner_password_credentials import ResourceOwnerPasswordCredentialsGrant
...
async with ResourceOwnerPasswordCredentialsGrant(
token_url="https://sso.example.com/oauth2/token",
username="username",
password="password123",
client_id="public"
) as grant, OAuth2Client(grant) as client:
...
Development
To start developing on this project, you should install all needed dependencies for running and testing the code:
pip install -e .[dev]
This will also install linting and formatting tools, which can be automatically executed when you commit using Git. To set up pre-commit as a Git hook, run:
pre-commit install
You can also run the pre-commit checks manually with the following command:
pre-commit run --all-files
Build the docs
This repository uses Sphinx to generate documentation for the Python package.
To build the documentation, first install the required dependencies via the extra docs
:
pip install -e .[docs]
Then go to the documentation directory and build the docs:
cd docs/
make html
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aiohttp_oauth2_client-1.0.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | ccf2b40036ba85c18a857285b3f5bb5eb6c7edf09f6d6b0977d4c0ee9b7fe9c4 |
|
MD5 | c6e486b6c9d723e719f7fef0aec615bf |
|
BLAKE2b-256 | dfce4c288248ff0dc0368fae87f7013650ed806f6acfb7309f01a532f4575058 |
Hashes for aiohttp_oauth2_client-1.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8137ae65d2b647308ac61a91c8e3ea4eec96f2f548aafaea1e6061df5554ae9e |
|
MD5 | fcba398ee48ca8ffa31270b1e716bcfd |
|
BLAKE2b-256 | 420ec2500f07a6b8e79983ecda6acf43505c7f12cc53e6e940e8e46afc3f7a5a |