Skip to main content

OAuth 1.0 Provider with Redis in Python

Project description

# OAuth 1.0a Provider with Redis in Python

I want to build a scalable OAuth 1.0a Provider that is easy to subclass specifically in authenticating users against
various databases. Focuses in leveraging performance by using Redis as the primary OAuth Provider backend, user
authentications can be handled differently using any other databases.

Coded against [RFC5849]( so please excuse any mishaps, everyone is welcomed to fork
and send pull requests.

## Compatibility Against [RFC5849](

With this README, I have no plans in supporting 3 legged authentications. I am only supporting XAuth at the moment.
Fork and contribute to add support to 3 legged authentications.

OAuth 1.0 Authorization components are all expected from Authorization header. Example below.

Authorization: OAuth realm="http://localhost:5000/",

## Usage

The main package depends on these Python modules:
- Redis

The examples/ file depends on these Python modules:
- flask

The file depends on these Python modules:
- oauthnesia

### Real Usage and Extending The Provider

You can use the provider with any Python web framework theoretically. Here are the codes to use the provider with flask.

from flask import Flask, jsonify
from oauth1 import Oauth1, Oauth1Errors

BASE_URL = "http://localhost:5000/"

app = Flask(__name__)

class ExampleProvider(Oauth1):
def _verify_xauth_credentials(cls, username, password):
return username == 'username' and password == 'password'

@app.route('/oauth/', methods=['GET', 'POST'])
@app.route('/oauth/<action>', methods=['POST'])
def oauth(action=None):
if action == 'access_token':
ExampleProvider.BASE_URL = BASE_URL

cons_check = ExampleProvider.authorize_consumer()
if isinstance(cons_check, str):
return Oauth1Errors.forbidden(cons_check)

authorized = ExampleProvider.authorize_request(uri='oauth/access_token')
if isinstance(authorized, str):
return Oauth1Errors.unauthorized(authorized)

# Check username/password from XAuth
x_check = ExampleProvider.authorize_xauth()
if isinstance(x_check, str):
return Oauth1Errors.bad_request(x_check)

return jsonify(status='ok')
return Oauth1Errors.not_found('There is no valid resource here')

@app.route('/user/<user_uri>', methods=['GET', 'POST'])
def user(user_uri=None):
if not user_uri:
return Oauth1Errors.bad_request('You must supply a User URI')

cons_check = Oauth1.authorize_consumer()
if isinstance(cons_check, str):
return Oauth1Errors.forbidden(cons_check)

authorized = Oauth1.authorize_request(uri='oauth/access_token')
if isinstance(authorized, str):
return Oauth1Errors.unauthorized(authorized)

return jsonify(uri=user_uri)

def not_found(error):
return Oauth1Errors.not_found()

if __name__ == "__main__":
app.debug = True

## Feedbacks

Again I am still new to Python, please give some feedbacks on best practices. Pull Requests are very welcomed.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

oauth1-provider-0.2.0.tar.gz (4.5 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page