Provider agnostic OAuth2 client for aiohttp
Project description
aiohttp-oauth2
A provider agnostic oauth2 client library for aiohttp, implemented as a self-composed nested application.
No opinions about auth mechanisms are enforced on the application, an on_login and on_error coroutine can, and should, be provided to implement your own login mechanisms (token, session, etc).
Usage
$ pip install -U aiohttp_oauth2
Simple
from aiohttp import web
from aiohttp_oauth2 import oauth2_app
async def app_factory():
app = web.Application()
app.add_subapp(
"/github/", # any arbitrary prefix
oauth2_app(
client_id=123,
client_secret=456,
authorize_url="https://github.com/login/oauth/authorize",
token_url="https://github.com/login/oauth/access_token",
# add scopes if you want to customize them
scopes=["foo", "bar", "baz"],
# optionally add an on_login coroutine to handle the post-login logic
# it should expect the request and the oauth2 access code response
on_login=set_session_and_redirect,
on_error=show_error_page,
),
)
return app
The necessary oauth2 routes are added as /auth and /callback. Now logging in a user is as simple as redirecting them to: /github/auth.
Complex
Since the oauth2_app function is simply a factory that generates sub-apps, you can use this to add any number of oauth2 providers to log in against:
from aiohttp import web
from aiohttp_oauth2 import oauth2_app
async def app_factory() -> web.Application:
app = web.Application()
app.add_subapp(
"/github/",
oauth2_app(
...,
authorize_url="https://github.com/login/oauth/authorize",
token_url="https://github.com/login/oauth/access_token",
)
)
app.add_subapp(
"/google/",
oauth2_app(
...,
authorize_url="https://accounts.google.com/o/oauth2/v2/auth",
token_url="https://www.googleapis.com/oauth2/v4/token",
)
)
app.add_subapp(
"/twitter/",
oauth2_app(
...,
authorize_url="https://api.twitter.com/oauth/authorize",
token_url="https://api.twitter.com/oauth2/token",
)
)
...
return app
You can now redirect users to /twitter/auth, /google/auth, and /github/auth.
As a nice shortcut to the boilerplate of the authorize/token URLs, see the aiohttp_oauth2/client/contrib.py helpers to avoid needing to set the urls explicity.
import os
from aiohttp import web
from aiohttp_oauth2.client.contrib import github
async def app_factory() -> web.Application:
app = web.Application()
app.add_subapp(
"/login/github",
github(
os.getenv("CLIENT_ID"),
os.getenv("CLIENT_SECRET"),
),
)
# and/or `google`, `slack`, `twitter` instead of `github`
return app
Examples
Check the "examples" directory for working examples:
$ cd examples
$ pip install -r requirements.txt
# this just makes the library available for import, don't typically do it :D
$ PYTHONPATH=".." python github.py
Tips
Incorrect URL scheme (missing https)
For aiohttp's URL resolution feature to work with SSL, be sure to use aiohttp-remotes. This will ensure that if you are serving your aiohttp application behind any termination point for TLS that aiohttp is still aware via the various forwarding headers that traefik/nginx/etc should set.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aiohttp_oauth2-0.0.5-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 963986f84bf8fa77f47584e44a50add0c28bcfb86302508ffd40cd35e8843054 |
|
| MD5 | 12e63924e308cbda5a27c4a3ef3373b6 |
|
| BLAKE2b-256 | a9a595cde85c4902869c644b150aa318af607485836fb933189b76a97648d8a0 |
