deprecated! see kinto-fxa instead. was: Firefox Accounts support in Cliquet
Project description
Deprecation Notice
With the rename of cliquet to kinto.core, this package is no longer supported. Please upgrade to kinto-fxa instead!
Firefox Accounts support in Cliquet
Cliquet-fxa enables authentication in Cliquet applications using Firefox Accounts OAuth2 bearer tokens.
It provides:
An authentication policy class;
Integration with Cliquet cache backend for token verifications;
Integration with Cliquet for heartbeat view checks;
Some optional endpoints to perform the OAuth dance (optional).
Installation
As stated in the official documentation, Firefox Accounts OAuth integration is currently limited to Mozilla relying services.
Install the Python package:
pip install cliquet-fxa
Include the package in the project configuration:
cliquet.includes = cliquet_fxa
And configure authentication policy using pyramid_multiauth formalism:
multiauth.policies = fxa
By default, it will rely on the cache configured in Cliquet.
Configuration
Fill those settings with the values obtained during the application registration:
fxa-oauth.client_id = 89513028159972bc fxa-oauth.client_secret = 9aced230585cc0aaea0a3467dd800 fxa-oauth.oauth_uri = https://oauth-stable.dev.lcip.org fxa-oauth.requested_scope = profile kinto fxa-oauth.required_scope = kinto fxa-oauth.webapp.authorized_domains = *.firefox.com # fxa-oauth.cache_ttl_seconds = 300 # fxa-oauth.state.ttl_seconds = 3600
In case the application shall not behave as a relier (a.k.a. OAuth dance endpoints disabled):
fxa-oauth.relier.enabled = false
If necessary, override default values for authentication policy:
# multiauth.policy.fxa.realm = Realm # multiauth.policy.fxa.use = cliquet_fxa.authentication.FxAOAuthAuthenticationPolicy
Login flow
OAuth Bearer token
Use the OAuth token with this header:
Authorization: Bearer <oauth_token>
- notes:
If the token is not valid, this will result in a 401 error response.
Obtain token using Web UI
Navigate the client to GET /fxa-oauth/login?redirect=http://app-endpoint/#. There, a session cookie will be set, and the client will be redirected to a login form on the FxA content server;
After submitting the credentials on the login page, the client will be redirected to http://app-endpoint/#{token} (the web-app).
Obtain token custom flow
The GET /v1/fxa-oauth/params endpoint can be use to get the configuration in order to trade the Firefox Accounts BrowserID with a Bearer Token. See Firefox Account documentation about this behavior
$ http GET http://localhost:8000/v0/fxa-oauth/params -v
GET /v0/fxa-oauth/params HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: localhost:8000
User-Agent: HTTPie/0.8.0
HTTP/1.1 200 OK
Content-Length: 103
Content-Type: application/json; charset=UTF-8
Date: Thu, 19 Feb 2015 09:28:37 GMT
Server: waitress
{
"client_id": "89513028159972bc",
"oauth_uri": "https://oauth-stable.dev.lcip.org",
"scope": "profile"
}Changelog
This document describes changes between each past release.
1.4.0 (2015-10-28)
Updated to Cliquet 2.9.0
Breaking changes
cliquet-fxa cannot be included using pyramid.includes setting. Use cliquet.includes instead.
1.3.2 (2015-10-22)
Bug fixes
In case the Oauth dance is interrupted, return a 408 Request Timeout error instead of the 401 Unauthenticated one. (#11)
Do not call cliquet.load_default_settings from cliquet-fxa (#12)
1.3.1 (2015-09-29)
Separate multiple scopes by a + in login URL.
1.3.0 (2015-09-29)
Bug fixes
Multiple scopes can be requested on the login flow.
Multiple scopes can be required for the app.
Configuration changes
fxa-oauth.scope is now deprecated. fxa-oauth.requested_scope and fxa-oauth.required_scope should be used instead.
1.2.0 (2015-06-24)
Add default settings to define a policy “fxa”. It is now possible to just include cliquet_fxa and add fxa to multiauth.policies setting list.
Do not check presence of cliquet cache in initialization phase.
Do not use Cliquet logger to prevent initialization errors.
1.1.0 (2015-06-18)
Do not prefix authenticated user with fxa_ anymore (#5)
1.0.0 (2015-06-09)
Imported code from Cliquet
Contributors
Alexis Metaireau <alexis@mozilla.com>
Mathieu Leplatre <mathieu@mozilla.com>
Nicolas Perriault <nperriault@mozilla.com>
Rémy Hubscher <rhubscher@mozilla.com>
Tarek Ziade <tarek@mozilla.com>
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file cliquet-fxa-1.4.0.tar.gz.
File metadata
- Download URL: cliquet-fxa-1.4.0.tar.gz
- Upload date:
- Size: 11.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4ac2e33aa5ab7c512acabeb97a16132798c6ef0f4027134479a8a466fe3d6b4a |
|
| MD5 | 3149b6041936e23c2048a06ccd620047 |
|
| BLAKE2b-256 | 0663512a659c09aca41dbf1da3e9010a84f16bd8697a3b473d9b24a25a6f2c08 |
Provenance
File details
Details for the file cliquet_fxa-1.4.0-py2.py3-none-any.whl.
File metadata
- Download URL: cliquet_fxa-1.4.0-py2.py3-none-any.whl
- Upload date:
- Size: 17.0 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f0065b27f31245f620b45c6d6a77ed4232c9199eaa397336276b1e211b022f85 |
|
| MD5 | 55324005576366a7011aa02d590a3779 |
|
| BLAKE2b-256 | e94913485b6bb79896dcfb80d4d8a1f85211b67f82b84cb03e10bfe2f52e3fd2 |
