Providers¶

OAuth 2.0 Providers¶

Providers which implement the OAuth 2.0 protocol.

class authomatic.providers.oauth2.OAuth2(*args, **kwargs)[source]¶

Base class for OAuth 2.0 providers.

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

user_info_scope = []¶

A scope preset to get most of the user info. Use it in the Config like {'scope': oauth2.Facebook.user_info_scope}.

supports_csrf_protection = True¶

bool If False, the provider doesn’t support CSRF protection.

supports_user_state = True¶

bool If False, the provider doesn’t support user_state.

classmethod create_request_elements(request_type, credentials, url, method='GET', params=None, headers=None, body='', secret=None, redirect_uri='', scope='', csrf='', user_state='')[source]¶

Creates OAuth 2.0 request elements.

classmethod to_tuple(credentials)[source]¶

Must convert credentials to a tuple to be used by Credentials.serialize().

Warning

Must be a classmethod!

Parameters:	credentials – Credentials
Returns:	tuple

classmethod reconstruct(deserialized_tuple, credentials, cfg)[source]¶

Must convert the deserialized_tuple back to Credentials.

Warning

Must be a classmethod!

Parameters:	deserialized_tuple (tuple) – A tuple whose first index is the id and the rest are all the items of the tuple created by to_tuple(). credentials – A Credentials instance. cfg (dict) – Provider configuration from Config.

classmethod decode_state(state, param='user_state')[source]¶

Decode state and return param.

Parameters:	state (str) – state parameter passed through by provider param (str) – key to query from decoded state variable. Options include ‘csrf’ and ‘user_state’.
Returns:	string value from decoded state

refresh_credentials(credentials)[source]¶

Refreshes Credentials if it gives sense.

Parameters:	credentials – Credentials to be refreshed.
Returns:	Response.

class authomatic.providers.oauth2.Amazon(*args, **kwargs)[source]¶

Amazon OAuth 2.0 provider.

Thanks to Ghufran Syed.

• Dashboard: https://developer.amazon.com/lwa/sp/overview.html
• Docs: https://developer.amazon.com/public/apis/engage/login-with-amazon/docs/conceptual_overview.html
• API reference: https://developer.amazon.com/public/apis

Note

Amazon only accepts redirect_uri with https schema, Therefore the login handler must also be accessible through https.

Supported User properties:

• email
• id
• name
• postal_code

Unsupported User properties:

• birth_date
• city
• country
• first_name
• gender
• last_name
• link
• locale
• nickname
• phone
• picture
• timezone
• username

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Behance(*args, **kwargs)[source]¶

Behance OAuth 2.0 provider.

Note

Behance doesn’t support third party authorization anymore, which renders this class pretty much useless.

• Dashboard: http://www.behance.net/dev/apps
• Docs: http://www.behance.net/dev/authentication
• API reference: http://www.behance.net/dev/api/endpoints/

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Bitly(*args, **kwargs)[source]¶

Bitly OAuth 2.0 provider.

Warning

This provider doesn’t support CSRF protection!

• Dashboard: https://bitly.com/a/oauth_apps
• Docs: http://dev.bitly.com/authentication.html
• API reference: http://dev.bitly.com/api.html

Supported User properties:

• id
• link
• name
• picture
• username

Unsupported User properties:

• birth_date
• city
• country
• email
• first_name
• gender
• last_name
• locale
• nickname
• phone
• postal_code
• timezone

class authomatic.providers.oauth2.Cosm(*args, **kwargs)[source]¶

Cosm OAuth 2.0 provider.

Note

Cosm doesn’t provide any user info URL.

• Dashboard: https://cosm.com/users/{your_username}/apps
• Docs: https://cosm.com/docs/
• API reference: https://cosm.com/docs/v2/

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.DeviantART(*args, **kwargs)[source]¶

DeviantART OAuth 2.0 provider.

• Dashboard: https://www.deviantart.com/settings/myapps
• Docs: https://www.deviantart.com/developers/authentication
• API reference: http://www.deviantart.com/developers/oauth2

Note

Although it is not documented anywhere, DeviantART requires the access token request to contain a User-Agent header. You can apply a default User-Agent header for all API calls in the config like this:

CONFIG = {
    'deviantart': {
        'class_': oauth2.DeviantART,
        'consumer_key': '#####',
        'consumer_secret': '#####',
        'access_headers': {'User-Agent': 'Some User Agent'},
    }
}

Supported User properties:

• name
• picture
• username

Unsupported User properties:

• birth_date
• city
• country
• email
• first_name
• gender
• id
• last_name
• link
• locale
• nickname
• phone
• postal_code
• timezone

class authomatic.providers.oauth2.Eventbrite(*args, **kwargs)[source]¶

Eventbrite OAuth 2.0 provider.

Thanks to Paul Brown.

• Dashboard: http://www.eventbrite.com/myaccount/apps/
• Docs: https://developer.eventbrite.com/docs/auth/
• API: http://developer.eventbrite.com/docs/

Supported User properties:

• email
• first_name
• id
• last_name
• name

Unsupported User properties:

• birth_date
• city
• country
• gender
• link
• locale
• nickname
• phone
• picture
• postal_code
• timezone
• username

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Facebook(*args, **kwargs)[source]¶

Facebook OAuth 2.0 provider.

• Dashboard: https://developers.facebook.com/apps
• Docs: http://developers.facebook.com/docs/howtos/login/server-side-login/
• API reference: http://developers.facebook.com/docs/reference/api/
• API explorer: http://developers.facebook.com/tools/explorer

Supported User properties:

• birth_date
• email
• first_name
• id
• last_name
• name
• picture

Unsupported User properties:

• nickname
• phone
• postal_code
• username

access(url, params=None, **kwargs)[source]¶

Fetches the protected resource of an authenticated user.

Parameters:

credentials – The user’s Credentials (serialized or normal). url (str) – The URL of the protected resource. method (str) – HTTP method of the request. headers (dict) – HTTP headers of the request. body (str) – Body of POST, PUT and PATCH requests. max_redirects (int) – Maximum number of HTTP redirects to follow. content_parser (function) – A function to be used to parse the Response.data from Response.content.

Returns:

Response

class authomatic.providers.oauth2.Foursquare(*args, **kwargs)[source]¶

Foursquare OAuth 2.0 provider.

• Dashboard: https://foursquare.com/developers/apps
• Docs: https://developer.foursquare.com/overview/auth.html
• API reference: https://developer.foursquare.com/docs/

Note

Foursquare requires a version parameter in each request. The default value is v=20140501. You can override the version in the params parameter of the Authomatic.access() method. See https://developer.foursquare.com/overview/versioning

Supported User properties:

• city
• country
• email
• first_name
• gender
• id
• last_name
• location
• name
• phone
• picture

Unsupported User properties:

• birth_date
• link
• locale
• nickname
• postal_code
• timezone
• username

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.GitHub(*args, **kwargs)[source]¶

GitHub OAuth 2.0 provider.

• Dashboard: https://github.com/settings/developers
• Docs: http://developer.github.com/v3/#authentication
• API reference: http://developer.github.com/v3/

Note

GitHub API documentation says:

all API requests MUST include a valid User-Agent header.

You can apply a default User-Agent header for all API calls in the config like this:

CONFIG = {
    'github': {
        'class_': oauth2.GitHub,
        'consumer_key': '#####',
        'consumer_secret': '#####',
        'access_headers': {'User-Agent': 'Awesome-Octocat-App'},
    }
}

Supported User properties:

• email
• id
• link
• location
• name
• picture
• username

Unsupported User properties:

• birth_date
• city
• country
• first_name
• gender
• last_name
• locale
• nickname
• phone
• postal_code
• timezone

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Google(*args, **kwargs)[source]¶

Google OAuth 2.0 provider.

• Dashboard: https://console.developers.google.com/project
• Docs: https://developers.google.com/accounts/docs/OAuth2
• API reference: https://developers.google.com/gdata/docs/directory
• API explorer: https://developers.google.com/oauthplayground/

Supported User properties:

• email
• first_name
• gender
• id
• last_name
• link
• locale
• name
• picture

Unsupported User properties:

• birth_date
• city
• country
• nickname
• phone
• postal_code
• timezone
• username

Note

To get the user info, you need to activate the Google+ API in the APIs & auth >> APIs section of the`Google Developers Console <https://console.developers.google.com/project>`__.

class authomatic.providers.oauth2.LinkedIn(*args, **kwargs)[source]¶

Linked In OAuth 2.0 provider.

Note

Doesn’t support access token refreshment.

• Dashboard: https://www.linkedin.com/secure/developer
• Docs: http://developer.linkedin.com/documents/authentication
• API reference: http://developer.linkedin.com/rest

Supported User properties:

• city
• country
• email
• first_name
• id
• last_name
• link
• name
• picture

Unsupported User properties:

• birth_date
• gender
• locale
• location
• nickname
• phone
• postal_code
• timezone
• username

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.PayPal(*args, **kwargs)[source]¶

PayPal OAuth 2.0 provider.

• Dashboard: https://developer.paypal.com/webapps/developer/applications
• Docs: https://developer.paypal.com/webapps/developer/docs/integration/direct/make-your-first-call/
• API reference: https://developer.paypal.com/webapps/developer/docs/api/

Note

Paypal doesn’t redirect the user to authorize your app! It grants you an access token based on your app’s key and secret instead.

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Reddit(*args, **kwargs)[source]¶

Reddit OAuth 2.0 provider.

Note

Currently credentials refreshment returns {"error": "invalid_request"}.

• Dashboard: https://ssl.reddit.com/prefs/apps
• Docs: https://github.com/reddit/reddit/wiki/OAuth2
• API reference: http://www.reddit.com/dev/api

Note

According to Reddit API docs, you have to include a User-Agent header in each API call.

You can apply a default User-Agent header for all API calls in the config like this:

CONFIG = {
    'reddit': {
        'class_': oauth2.Reddit,
        'consumer_key': '#####',
        'consumer_secret': '#####',
        'access_headers': {'User-Agent': "Andy Pipkin's App"},
    }
}

Supported User properties:

• id
• username

Unsupported User properties:

• birth_date
• country
• city
• email
• first_name
• gender
• last_name
• link
• locale
• location
• name
• nickname
• phone
• picture
• postal_code
• timezone

class authomatic.providers.oauth2.Viadeo(*args, **kwargs)[source]¶

Viadeo OAuth 2.0 provider.

Note

As stated in the Viadeo documentation:

Viadeo restrains access to its API. They are now exclusively reserved for its strategic partners.

• Dashboard: http://dev.viadeo.com/dashboard/
• Docs: http://dev.viadeo.com/documentation/authentication/oauth-authentication/
• API reference: http://dev.viadeo.com/documentation/

Note

Viadeo doesn’t support credentials refreshment. As stated in their docs: “The access token has an infinite time to live.”

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.VK(*args, **kwargs)[source]¶

VK.com OAuth 2.0 provider.

• Dashboard: http://vk.com/apps?act=manage
• Docs: http://vk.com/developers.php?oid=-17680044&p=Authorizing_Sites
• API reference: http://vk.com/developers.php?oid=-17680044&p=API_ Method_Description

Note

VK uses a bitmask scope! Use it like this:

CONFIG = {
    'vk': {
        'class_': oauth2.VK,
        'consumer_key': '#####',
        'consumer_secret': '#####',
        'id': authomatic.provider_id(),
        'scope': ['1024'] # Always a single item.
    }
}

Supported User properties:

• birth_date
• city
• country
• first_name
• gender
• id
• last_name
• location
• name
• picture
• timezone

Unsupported User properties:

• email
• link
• locale
• nickname
• phone
• postal_code
• username

class authomatic.providers.oauth2.WindowsLive(*args, **kwargs)[source]¶

Windows Live OAuth 2.0 provider.

• Dashboard: https://account.live.com/developers/applications
• Docs: http://msdn.microsoft.com/en-us/library/hh243647.aspx
• API explorer: http://isdk.dev.live.com/?mkt=en-us

Supported User properties:

• email
• first_name
• id
• last_name
• link
• locale
• name
• picture

Unsupported User properties:

• birth_date
• city
• country
• gender
• nickname
• location
• phone
• postal_code
• timezone
• username

class authomatic.providers.oauth2.Yammer(*args, **kwargs)[source]¶

Yammer OAuth 2.0 provider.

• Dashboard: https://www.yammer.com/client_applications
• Docs: https://developer.yammer.com/authentication/
• API reference: https://developer.yammer.com/restapi/

Supported User properties:

• birth_date
• city
• country
• email
• first_name
• id
• last_name
• link
• locale
• location
• name
• phone
• picture
• timezone
• username

Unsupported User properties:

• gender
• nickname
• postal_code

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Yandex(*args, **kwargs)[source]¶

Yandex OAuth 2.0 provider.

• Dashboard: https://oauth.yandex.com/client/my
• Docs: http://api.yandex.com/oauth/doc/dg/reference/obtain-access-token.xml
• API reference:

Supported User properties:

• id
• name
• username

Unsupported User properties:

• birth_date
• city
• country
• email
• first_name
• gender
• last_name
• link
• locale
• location
• nickname
• phone
• picture
• postal_code
• timezone

Accepts additional keyword arguments:

Parameters:	scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec. offline (bool) – If True the provider will be set up to request an offline access token. Default is False.

As well as those inherited from AuthorizationProvider constructor.

OAuth 1.0a Providers¶

Providers which implement the OAuth 1.0a protocol.

class authomatic.providers.oauth1.OAuth1(*args, **kwargs)[source]¶

Base class for OAuth 1.0a providers.

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

request_token_url¶

str URL where we can get the OAuth 1.0a request token. see http://oauth.net/core/1.0a/#auth_step1.

classmethod create_request_elements(request_type, credentials, url, params=None, headers=None, body='', method='GET', verifier='', callback='')[source]¶

Creates OAuth 1.0a request elements.

static to_tuple(credentials)[source]¶

Must convert credentials to a tuple to be used by Credentials.serialize().

Warning

Must be a classmethod!

Parameters:	credentials – Credentials
Returns:	tuple

classmethod reconstruct(deserialized_tuple, credentials, cfg)[source]¶

Must convert the deserialized_tuple back to Credentials.

Warning

Must be a classmethod!

Parameters:	deserialized_tuple (tuple) – A tuple whose first index is the id and the rest are all the items of the tuple created by to_tuple(). credentials – A Credentials instance. cfg (dict) – Provider configuration from Config.

class authomatic.providers.oauth1.Bitbucket(*args, **kwargs)[source]¶

Bitbucket OAuth 1.0a provider.

• Dashboard: https://bitbucket.org/account/user/peterhudec/api
• Docs: https://confluence.atlassian.com/display/BITBUCKET/oauth+Endpoint
• API reference: https://confluence.atlassian.com/display/BITBUCKET/Using+the+Bitbucket+REST+APIs

Supported User properties:

• first_name
• id
• last_name
• link
• name
• picture
• username
• email

Unsupported User properties:

• birth_date
• city
• country
• gender
• locale
• location
• nickname
• phone
• postal_code
• timezone

Note

To get the full user info, you need to select both the Account Read and the Repositories Read permission in the Bitbucket application edit form.

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Flickr(*args, **kwargs)[source]¶

Flickr OAuth 1.0a provider.

• Dashboard: https://www.flickr.com/services/apps/
• Docs: https://www.flickr.com/services/api/auth.oauth.html
• API reference: https://www.flickr.com/services/api/

Supported User properties:

• id
• name
• username

Unsupported User properties:

• birth_date
• city
• country
• email
• first_name
• gender
• last_name
• link
• locale
• location
• nickname
• phone
• picture
• postal_code
• timezone

Note

If you encounter the “Oops! Flickr doesn’t recognise the permission set.” message, you need to add the perms=read or perms=write parameter to the user authorization request. You can do it by adding the user_authorization_params key to the Config:

CONFIG = {
    'flickr': {
        'class_': oauth1.Flickr,
        'consumer_key': '##########',
        'consumer_secret': '##########',
        'user_authorization_params': dict(perms='read'),
    },
}

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Meetup(*args, **kwargs)[source]¶

Meetup OAuth 1.0a provider.

Note

Meetup also supports OAuth 2.0 but you need the user ID to update the user info, which they don’t provide in the OAuth 2.0 access token response.

• Dashboard: http://www.meetup.com/meetup_api/oauth_consumers/
• Docs: http://www.meetup.com/meetup_api/auth/#oauth
• API: http://www.meetup.com/meetup_api/docs/

Supported User properties:

• city
• country
• id
• link
• locale
• location
• name
• picture

Unsupported User properties:

• birth_date
• email
• first_name
• gender
• last_name
• nickname
• phone
• postal_code
• timezone
• username

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Plurk(*args, **kwargs)[source]¶

Plurk OAuth 1.0a provider.

• Dashboard: http://www.plurk.com/PlurkApp/
• Docs:
• API: http://www.plurk.com/API
• API explorer: http://www.plurk.com/OAuth/test/

Supported User properties:

• birth_date
• city
• country
• email
• gender
• id
• link
• locale
• location
• name
• nickname
• picture
• timezone
• username

Unsupported User properties:

• first_name
• last_name
• phone
• postal_code

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Twitter(*args, **kwargs)[source]¶

Twitter OAuth 1.0a provider.

• Dashboard: https://dev.twitter.com/apps
• Docs: https://dev.twitter.com/docs
• API reference: https://dev.twitter.com/docs/api

Note

To prevent multiple authorization attempts, you should enable the option: Allow this application to be used to Sign in with Twitter in the Twitter ‘Application Management’ page. (http://apps.twitter.com)

Supported User properties:

• email
• city
• country
• id
• link
• locale
• location
• name
• picture
• username

Unsupported User properties:

• birth_date
• email
• gender
• first_name
• last_name
• locale
• nickname
• phone
• postal_code
• timezone

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Tumblr(*args, **kwargs)[source]¶

Tumblr OAuth 1.0a provider.

• Dashboard: http://www.tumblr.com/oauth/apps
• Docs: http://www.tumblr.com/docs/en/api/v2#auth
• API reference: http://www.tumblr.com/docs/en/api/v2

Supported User properties:

• id
• name
• username

Unsupported User properties:

• birth_date
• city
• country
• email
• gender
• first_name
• last_name
• link
• locale
• location
• nickname
• phone
• picture
• postal_code
• timezone

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.UbuntuOne(*args, **kwargs)[source]¶

Ubuntu One OAuth 1.0a provider.

Note

The UbuntuOne service has been shut down.

Warning

Uses the PLAINTEXT Signature method!

• Dashboard: https://one.ubuntu.com/developer/account_admin/auth/web
• Docs: https://one.ubuntu.com/developer/account_admin/auth/web
• API reference: https://one.ubuntu.com/developer/contents

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Vimeo(*args, **kwargs)[source]¶

Vimeo OAuth 1.0a provider.

Warning

Vimeo needs one more fetch to get rich user info!

• Dashboard: https://developer.vimeo.com/apps
• Docs: https://developer.vimeo.com/apis/advanced#oauth-endpoints
• API reference: https://developer.vimeo.com/apis

Supported User properties:

• id
• link
• location
• name
• picture

Unsupported User properties:

• birth_date
• city
• country
• email
• gender
• first_name
• last_name
• locale
• nickname
• phone
• postal_code
• timezone
• username

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Xero(*args, **kwargs)[source]¶

Xero OAuth 1.0a provider.

Note

API returns XML!

• Dashboard: https://api.xero.com/Application
• Docs: http://blog.xero.com/developer/api-overview/public-applications/
• API reference: http://blog.xero.com/developer/api/

Supported User properties:

• email
• first_name
• id
• last_name
• name

Unsupported User properties:

• birth_date
• city
• country
• gender
• link
• locale
• location
• nickname
• phone
• picture
• postal_code
• timezone
• username

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Yahoo(*args, **kwargs)[source]¶

Yahoo OAuth 1.0a provider.

• Dashboard: https://developer.apps.yahoo.com/dashboard/
• Docs: http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html
• API: http://developer.yahoo.com/everything.html
• API explorer: http://developer.yahoo.com/yql/console/

Supported User properties:

• city
• country
• id
• link
• location
• name
• nickname
• picture

Unsupported User properties:

• birth_date
• gender
• locale
• phone
• postal_code
• timezone
• username

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

class authomatic.providers.oauth1.Xing(*args, **kwargs)[source]¶

Xing OAuth 1.0a provider.

• Dashboard: https://dev.xing.com/applications
• Docs: https://dev.xing.com/docs/authentication
• API reference: https://dev.xing.com/docs/resources

Supported User properties:

• birth_date
• city
• country
• email
• first_name
• gender
• id
• last_name
• link
• locale
• location
• name
• phone
• picture
• postal_code
• timezone
• username

Unsupported User properties:

• nickname

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id – A unique short name used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access token request. request_token_params (dict) – A dictionary of additional request parameters for request token request.

OpenID Providers¶

Providers which implement the OpenID protocol based on the python-openid library.

class authomatic.providers.openid.OpenID(*args, **kwargs)[source]¶

OpenID provider based on the python-openid library.

Accepts additional keyword arguments:

Parameters:

store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library. use_realm (bool) – Whether to use OpenID realm If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm. realm_body (str) – Contents of the HTML body tag of the realm. realm_param (str) – Name of the query parameter to be used to serve the realm. xrds_param (str) – The name of the query parameter to be used to serve the XRDS document. sreg (list) – List of strings of optional SREG fields. Default = OpenID.SREG. sreg_required (list) – List of strings of required SREG fields. Default = []. ax (list) – List of strings of optional AX schemas. Default = OpenID.AX. ax_required (list) – List of strings of required AX schemas. Default = OpenID.AX_REQUIRED. pape (list) – of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

class authomatic.providers.openid.Yahoo(*args, **kwargs)[source]¶

Yahoo OpenID provider with the identifier predefined to "me.yahoo.com".

Accepts additional keyword arguments:

Parameters:

store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library. use_realm (bool) – Whether to use OpenID realm If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm. realm_body (str) – Contents of the HTML body tag of the realm. realm_param (str) – Name of the query parameter to be used to serve the realm. xrds_param (str) – The name of the query parameter to be used to serve the XRDS document. sreg (list) – List of strings of optional SREG fields. Default = OpenID.SREG. sreg_required (list) – List of strings of required SREG fields. Default = []. ax (list) – List of strings of optional AX schemas. Default = OpenID.AX. ax_required (list) – List of strings of required AX schemas. Default = OpenID.AX_REQUIRED. pape (list) – of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

class authomatic.providers.openid.Google(*args, **kwargs)[source]¶

Google OpenID provider with the identifier predefined to "https://www.google.com/accounts/o8/id".

Accepts additional keyword arguments:

Parameters:

store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library. use_realm (bool) – Whether to use OpenID realm If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm. realm_body (str) – Contents of the HTML body tag of the realm. realm_param (str) – Name of the query parameter to be used to serve the realm. xrds_param (str) – The name of the query parameter to be used to serve the XRDS document. sreg (list) – List of strings of optional SREG fields. Default = OpenID.SREG. sreg_required (list) – List of strings of required SREG fields. Default = []. ax (list) – List of strings of optional AX schemas. Default = OpenID.AX. ax_required (list) – List of strings of required AX schemas. Default = OpenID.AX_REQUIRED. pape (list) – of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

Abstract Classes for Providers¶

Abstract base classes for implementation of protocol specific providers.

authomatic.providers.login_decorator(func)[source]¶

Decorate the BaseProvider.login() implementations with this decorator.

Provides mechanism for error reporting and returning result which makes the BaseProvider.login() implementation cleaner.

class authomatic.providers.BaseProvider(settings, adapter, provider_name, session=None, session_saver=None, callback=None, js_callback=None, prefix='authomatic', **kwargs)[source]¶

Abstract base class for all providers.

name = None¶

str The provider name as specified in the Config.

callback = None¶

callable An optional callback called when the login procedure is finished with core.LoginResult passed as argument.

js_callback = None¶

str Name of an optional javascript callback.

user = None¶

core.User.

popup = None¶

bool If True, the BaseProvider.user_authorization_url will be displayed in a popup mode, if the provider supports it.

login()[source]¶

Launches the login procedure to get user’s credentials from provider.

Should be decorated with login_decorator(). The login procedure is considered finished when the user attribute is not empty when the method runs out of it’s flow or when there are errors.

to_dict()[source]¶

Converts the provider instance to a dict.

Returns:	dict

classmethod get_type()[source]¶

Returns the provider type.

Returns:	str The full dotted path to base class e.g. "authomatic.providers.oauth2.OAuth2".

update_user()[source]¶

Updates and returns user.

Returns:	User

static csrf_generator(secret)[source]¶

Generates CSRF token.

Inspired by this article: http://blog.ptsecurity.com/2012/10/random-number-security-in-python.html

Returns:	str Random unguessable string.

class authomatic.providers.AuthorizationProvider(*args, **kwargs)[source]¶

Base provider for authorization protocols i.e. protocols which allow a provider to authorize a consumer to access protected resources of a user.

e.g. OAuth 2.0 or OAuth 1.0a.

Accepts additional keyword arguments:

Parameters:

consumer_key (str) – The key assigned to our application (consumer) by the provider. consumer_secret (str) – The secret assigned to our application (consumer) by the provider. id (int) – A unique numeric ID used to serialize Credentials. user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request. access_token_params (dict) – A dictionary of additional request parameters for access_with_credentials token request. access_headers (dict) – A dictionary of default HTTP headers that will be used when accessing user’s protected resources. Applied by access(), update_user() and User.update() access_params (dict) – A dictionary of default query string parameters that will be used when accessing user’s protected resources. Applied by access(), update_user() and User.update()

same_origin = True¶

If True the provider doesn’t support Cross-site HTTP requests.

supports_jsonp = False¶

bool Whether the provider supports JSONP requests.

credentials = None¶

Credentials to access user’s protected resources.

access_token_response = None¶

Response of the access token request.

user_authorization_url¶

str URL to which we redirect the user to grant our app i.e. the consumer an authorization to access his protected resources. See http://tools.ietf.org/html/rfc6749#section-4.1.1 and http://oauth.net/core/1.0a/#auth_step2.

access_token_url¶

str URL where we can get the access token to access protected resources of a user. See http://tools.ietf.org/html/rfc6749#section-4.1.3 and http://oauth.net/core/1.0a/#auth_step3.

user_info_url¶

str URL where we can get the user info. see http://tools.ietf.org/html/rfc6749#section-7 and http://oauth.net/core/1.0a/#anchor12.

to_tuple(credentials)[source]¶

Must convert credentials to a tuple to be used by Credentials.serialize().

Warning

Must be a classmethod!

Parameters:	credentials – Credentials
Returns:	tuple

reconstruct(deserialized_tuple, credentials, cfg)[source]¶

Must convert the deserialized_tuple back to Credentials.

Warning

Must be a classmethod!

Parameters:	deserialized_tuple (tuple) – A tuple whose first index is the id and the rest are all the items of the tuple created by to_tuple(). credentials – A Credentials instance. cfg (dict) – Provider configuration from Config.

create_request_elements(request_type, credentials, url, method='GET', params=None, headers=None, body='')[source]¶

Must return RequestElements.

Warning

Must be a classmethod!

Parameters:	request_type (int) – Type of the request specified by one of the class’s constants. credentials – Credentials of the user whose protected resource we want to access. url (str) – URL of the request. method (str) – HTTP method of the request. params (dict) – Dictionary of request parameters. headers (dict) – Dictionary of request headers. body (str) – Body of POST, PUT and PATCH requests.
Returns:	RequestElements

type_id¶

A short string representing the provider implementation id used for serialization of Credentials and to identify the type of provider in JavaScript.

The part before hyphen denotes the type of the provider, the part after hyphen denotes the class id e.g. oauth2.Facebook.type_id = '2-5', oauth1.Twitter.type_id = '1-5'.

access(url, params=None, method='GET', headers=None, body='', max_redirects=5, content_parser=None)[source]¶

Fetches the protected resource of an authenticated user.

Parameters:

credentials – The user’s Credentials (serialized or normal). url (str) – The URL of the protected resource. method (str) – HTTP method of the request. headers (dict) – HTTP headers of the request. body (str) – Body of POST, PUT and PATCH requests. max_redirects (int) – Maximum number of HTTP redirects to follow. content_parser (function) – A function to be used to parse the Response.data from Response.content.

Returns:

Response

async_access(*args, **kwargs)[source]¶

Same as access() but runs asynchronously in a separate thread.

Warning

The internal implementation of the future pattern is quite naive. Use with caution!

Returns:	Future instance representing the separate thread.

update_user()[source]¶

Updates the BaseProvider.user.

Warning

Fetches the user_info_url!

Returns:	UserInfoResponse

class authomatic.providers.AuthenticationProvider(*args, **kwargs)[source]¶

Base provider for authentication protocols i.e. protocols which allow a provider to authenticate a claimed identity of a user.

e.g. OpenID.

Google Appengine 1st generation¶

The module authomatic.providers.gaeopenid is outdated and supports only first generation Google Appengine. It can be used for backward compatibility. For internals please look at the source code. Auto documentation is not supported.