Skip to main content

OAuth 1.0 extension for Talons WSGI middleware library

Project description

[![Build Status](](

# Talons OAuth authentication extension

`talons-oauth` provides OAuth 1.0 extension for
[Talons WSGI middleware library](
in `talons.auth` namespace. You can install it with pip:

pip install talons-oauth

## Usage example

Use `talons-oauth` the same way you would use any other talons auth middleware

import falcon
from falcon.auth.oauth import oauth1

# Assume getappconfig() returns a dictionary of application configuration
# options that may have been read from some INI file...
config = getappconfig()

auth_middleware = middleware.create_middleware(identify_with=[oauth1.Identifier],
app = falcon.API()

## `talons.auth.oauth.oauth1.Identifier`

OAuth authentication flow is a bit more sophisticated than `talons.auth`
middlewares assumes about typical authentication. There is no clear boundary
between identification and authentication in most of OAuth implementations.
There is no user credentials *per se* but credentials of oauth consumer
that authenticates on behalf of user. Because of that `oauth1.Identifier`
identificates "user" by whole set of request body, method, headers and url
parameters. This data will be needed then for verifing request signature.

`oauth1.Identifier.identify()` returns `True` only if request looks like
OAuth 1.0. request - has either valid auth header, body parameters or query
string (as specified in [RFC 5849](
Identity stored in request is a `talons.auth.oauth.oauth1.OAuthIdentity`
instance that subclasses `talons.auth.interfaces.Identity`. All its base
attributes (`login`, `key`, `roles`, `groups`) are set to `None' or default
value. This should not break other talons authenticators.

## `talons.auth.oauth.oauth1.Authenticator`

`oauth1.Authenticator` won't work OOTB. It uses
[oauthlib]( as oauth provider backend which as
well as falcon and talons do tries to be non opinionated. This means that it
doesn't assume anything about your your type of storage or data architecture.
You must provide an
subclass instance that tells library how to validate/save/verify/retrieve your
tokens, nonces, keys, etc. Fortunately this procedure is very simple and well
documented in [oauthlib's documentation](

Other thing you would like probably to configure is a list of available
authentication realms that are required by your API instance. It can be set as
a list of required realms for whole api instance. Unfortunately
falcon hooks are not aware of resource affected by request and realms cannot
be set per resource individually. If you would like to have diffrent
authentication realms for many resources I would advice you splitting your API
into many instances based on their realms.

Full list of configuration parameters:

* `oauth1_validator`: `oauthlib.oauth1.rfc5849.request_validator.RequestValidator`
(required). Defines how to validate/save/verify/retrieve your OAuth 1.0. tokens,
nonces, keys, etc. For full documentation refer to
[oauthlib's RequestValidator](
* `oauth1_realms`: list (defaults to []). list of required realms for consumer
access tokens.

## Providing OAuth 1.0. endpoints

Providing endpoints for accessing/authorizing request tokens and access tokens
is beyond the scope of this library. Once you create your `RequestValidator`
subclass it should be easy to use
[generic oauthlib endpoints](

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

talons.auth.oauth-0.0.1.tar.gz (8.3 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page