Skip to main content

Provider agnostic OAuth2 client for aiohttp

Project description

aiohttp-oauth2

CircleCI

A provider agnostic oauth2 client library for aiohttp, implemented as a self-composed nested application.

No opinions about auth mechanisms are enforced on the application, an on_login and on_error coroutine can, and should, be provided to implement your own login mechanisms (token, session, etc).

Usage

$ pip install -U aiohttp_oauth2

Simple

from aiohttp import web

from aiohttp_oauth2 import oauth2_app


async def app_factory():
    app = web.Application()

    app.add_subapp(
        "/github/",  # any arbitrary prefix
        oauth2_app(
            client_id=123,
            client_secret=456,
            authorize_url="https://github.com/login/oauth/authorize",
            token_url="https://github.com/login/oauth/access_token",
            # add scopes if you want to customize them
            scopes=["foo", "bar", "baz"],
            # optionally add an on_login coroutine to handle the post-login logic
            # it should expect the request and the oauth2 access code response
            on_login=set_session_and_redirect,
            on_error=show_error_page,
        ),
    )

    return app

The necessary oauth2 routes are added as /auth and /callback. Now logging in a user is as simple as redirecting them to: /github/auth.

Complex

Since the oauth2_app function is simply a factory that generates sub-apps, you can use this to add any number of oauth2 providers to log in against:

from aiohttp import web
from aiohttp_oauth2 import oauth2_app


async def app_factory() -> web.Application:
    app = web.Application()

    app.add_subapp(
        "/github/",
        oauth2_app(
            ...,
            authorize_url="https://github.com/login/oauth/authorize",
            token_url="https://github.com/login/oauth/access_token",
        )
    )
    app.add_subapp(
        "/google/",
        oauth2_app(
            ...,
            authorize_url="https://accounts.google.com/o/oauth2/v2/auth",
            token_url="https://www.googleapis.com/oauth2/v4/token",
        )
    )
    app.add_subapp(
        "/twitter/",
        oauth2_app(
            ...,
            authorize_url="https://api.twitter.com/oauth/authorize",
            token_url="https://api.twitter.com/oauth2/token",
        )
    )

    ...

    return app

You can now redirect users to /twitter/auth, /google/auth, and /github/auth.

As a nice shortcut to the boilerplate of the authorize/token URLs, see the aiohttp_oauth2/client/contrib.py helpers to avoid needing to set the urls explicity.

import os

from aiohttp import web
from aiohttp_oauth2.client.contrib import github


async def app_factory() -> web.Application:
    app = web.Application()

    app.add_subapp(
        "/login/github",
        github(
            os.getenv("CLIENT_ID"),
            os.getenv("CLIENT_SECRET"),
        ),
    )

    # and/or `google`, `slack`, `twitter` instead of `github`

    return app

Examples

Check the "examples" directory for working examples:

$ cd examples
$ pip install -r requirements.txt

# this just makes the library available for import, don't typically do it :D
$ PYTHONPATH=".." python github.py

Tips

Incorrect URL scheme (missing https)

For aiohttp's URL resolution feature to work with SSL, be sure to use aiohttp-remotes. This will ensure that if you are serving your aiohttp application behind any termination point for TLS that aiohttp is still aware via the various forwarding headers that traefik/nginx/etc should set.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aiohttp-oauth2-0.0.5.tar.gz (4.7 kB view hashes)

Uploaded source

Built Distribution

aiohttp_oauth2-0.0.5-py3-none-any.whl (6.5 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page