Auth Code Flow (`auth-code-flow`) is a utility for obtaining access tokens on behalf of resource owners using the OAuth 2.0 authentication code flow
Project description
Auth Code Flow
Auth Code Flow (auth-code-flow) is a utility for obtaining access tokens on behalf of resource owners using the OAuth 2.0 authorization code flow.
Quick Start
This is a quick-start tutorial for using auth-code-flow to obtain an access token from an OAuth service provider on behalf of its user.
Fleshed-out tutorials for doing this using auth-code-flow in Python web frameworks like Django and FastAPI are in the works.
First Things First
We'll be walking through the process of obtaining an access token from Stack Exchange on behalf of a user of their service. We'll be implementing our utility in conformity with the Stack Exchange authentication documentation.
First make sure you've created a Stack Exchange developer application, as you'll need a developer app's client id and client secret for this exercise. Please have a look at the answers to this question on Stack Exchange if you can't immediately figure out how to create one.
Install Auth Code Flow
Create a virtual environment with any tool of your choice, activate it and install auth-code-flow into it.
A Windows user may do theirs this way:
-
Create a virtual environment
python -m venv env -
Activate the virtual environment
.\env\Scripts\activate -
Install
auth-code-flowinto the virtual environmentpip install auth-code-flow
Create a Flow Manager
Subclass the Abstract Base Flow Manager Class
from auth_code_flow import AbstractBaseFlowManager
class StackExchangeFlowManager(AbstractBaseFlowManager):
pass
Configure the Required Attributes
access_token_pathauthorization_pathbase_uriclient_idclient_secretredirect_uriscope
from auth_code_flow import AbstractBaseFlowManager
class StackExchangeFlowManager(AbstractBaseFlowManager):
access_token_path = '/oauth/access_token/json'
authorization_path = '/oauth'
base_uri = 'https://stackoverflow.com'
client_id = 'your stack exchange client id'
client_secret = 'your stack exchange client secret'
redirect_uri = 'http://localhost:8000/oauth/callback/stackexchange'
scope = 'no_expiry'
Override Abstract Methods
store_user_state()check_user_state()
from auth_code_flow import AbstractBaseFlowManager
class StackExchangeFlowManager(AbstractBaseFlowManager):
access_token_path = '/oauth/access_token/json'
authorization_path = '/oauth'
base_uri = 'https://stackoverflow.com'
client_id = 'your stack exchange client id'
client_secret = 'your stack exchange client secret'
redirect_uri = 'http://localhost:8000/oauth/callback/stackexchange'
scope = 'no_expiry'
def store_user_state(self, user, state):
STORE[user]['state'] = state
def check_user_state(self, user, state):
try:
return STORE[user]['state'] == state
except KeyError:
return False
In production code you'll most definitely make use of a database instead of a global dictionary constant 😄.
Instantiate a Project-wide Manager from this Subclass
stack_exchange_flow_manager = StackExchangeFlowManager()
Working with the Flow Manager
First thing to do is to make a random state with the manager, store it against the user whose access token you're hoping to fetch, then ask the manager to build the appropriate authorization endpoint for you to send the user to.
state = stack_exchange_flow_manager.make_state()
stack_exchange_flow_manager.store_user_state(user, state)
authorization_endpoint = stack_exchange_flow_manager.get_authorization_endpoint(state)
When the user clicks on the link to the authorization endpoint, they will be taken to a dedicated page where they can either approve your authorization request or reject it. In any case, Stack Exchange will redirect to your callback uri with an appropriate response for their action.
In the view method/handler for the callback uri, extract the state and code query parameters sent by Stack Exchange, and fetch the access token with them.
# this is how we'd get the query parameters in a Django app
state = self.request.GET['state']
code = self.request.GET['code']
resp = stack_exchange_flow_manager.fetch_access_token(user, code, state, post_form_data=True)
resp_json = resp.json()
print(resp_json)
At the end of the flow, you'd get back something that looks like: {'access_token': 'yJNAvcyD120SY6lzBDkrWw))'}.
That is the user's access token. You can use it to make requests to the Stack Exchange API on behalf of the user.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for auth_code_flow-0.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6e6ab2a2889e7d34504345624e9a534c639851887dd16b7e2457b5403f400591 |
|
| MD5 | 8a971a18c10c0d34053e40d0aff466be |
|
| BLAKE2b-256 | 52a4a2dbac555fe2dda0e8546a4d7fde973a4f8bbe9256097c04eaf38c47d9cb |
