Providers

Providers are abstractions of the provider party of the provider/consumer/user triangle and they are the very core of this library. There is no reason for you to instantiate them manually. You only should specify them in the Config and access members of their instances available in the LoginResult returned by the authomatic.login() function.

Some provider types accept additional keyword arguments in their constructor which you can pass to them through the authomatic.login() function’s keyword arguments or through the Config like this:

Note

Keyword arguments passed through authomatic.login() will override the values set in Config.

CONFIG = {
    'facebook': {
        'class_': oauth2.Facebook, # Subclass of AuthorizationProvider

        # AuthorizationProvider specific keyword arguments:
        'short_name': 1,
        'consumer_key': '###################',
        'consumer_secret': '###################',

        # oauth2.OAuth2 specific keyword arguments:
        'scope': ['user_about_me', 'email']
     },
     'openid': {
         'class_': openid.OpenID, # Subclass of AuthenticationProvider

         # AuthenticationProvider specific keyword arguments:
         'identifier_param': 'claimed_id',

         # openid.OpenID specific keyword arguments:
         'use_realm': True,
         'realm_body': 'OpenID Realm.',
         'realm_param': 'r',
         'xrds_param': 'x',
         'sreg': ['nickname', 'email'],
         'sreg_required': ['email'],
         'ax': ['http://axschema.org/contact/email', 'http://axschema.org/namePerson'],
         'ax_required': ['http://axschema.org/contact/email'],
         'pape': ['http://schemas.openid.net/pape/policies/2007/06/multi-factor']
    },
}

Additional keyword arguments by provider type:

Provider Type Argument Name Required  
OAuth2 consumer_key yes  
consumer_secret yes  
short_name yes  
scope    
offline    
user_authorization_params    
access_token_params    
popup    
OAuth1 consumer_key yes  
consumer_secret yes  
short_name yes  
request_token_params    
user_authorization_params    
access_token_params    
popup    
OpenID identifier_param    
use_realm    
realm_body    
realm_param    
xrds_param    
sreg    
sreg_required    
ax    
ax_required    
pape    
popup    
GAEOpenID identifier_param    
popup    

Available provider classes:

OAuth 2.0 OAuth 1.0a OpenID  
oauth2.Amazon oauth1.Bitbucket openid.OpenID  
oauth2.Behance oauth1.Flickr openid.Yahoo  
oauth2.Bitly oauth1.Meetup openid.Google  
oauth2.Cosm oauth1.Plurk gaeopenid.GAEOpenID  
oauth2.DeviantART oauth1.Twitter gaeopenid.Yahoo  
oauth2.Eventbrite oauth1.Tumblr gaeopenid.Google  
oauth2.Facebook oauth1.UbuntuOne    
oauth2.Foursquare oauth1.Vimeo    
oauth2.GitHub oauth1.Xero    
oauth2.Google oauth1.Yahoo    
oauth2.LinkedIn oauth1.Xing    
oauth2.PayPal      
oauth2.Reddit      
oauth2.Viadeo      
oauth2.VK      
oauth2.WindowsLive      
oauth2.Yammer      
oauth2.Yandex      

OAuth 2.0 Providers

Providers which implement the OAuth 2.0 protocol.

OAuth2(*args, **kwargs) Base class for OAuth 2.0 providers.
Amazon(*args, **kwargs) Amazon OAuth 2.0 provider.
Behance(*args, **kwargs) Behance OAuth 2.0 provider.
Bitly(*args, **kwargs) Bitly OAuth 2.0 provider.
Cosm(*args, **kwargs) Cosm OAuth 2.0 provider.
DeviantART(*args, **kwargs) DeviantART OAuth 2.0 provider.
Eventbrite(*args, **kwargs) Eventbrite OAuth 2.0 provider.
Facebook(*args, **kwargs) Facebook OAuth 2.0 provider.
Foursquare(*args, **kwargs) Foursquare OAuth 2.0 provider.
GitHub(*args, **kwargs) GitHub OAuth 2.0 provider.
Google(*args, **kwargs) Google OAuth 2.0 provider.
LinkedIn(*args, **kwargs) Linked In OAuth 2.0 provider.
PayPal(*args, **kwargs) PayPal OAuth 2.0 provider.
Reddit(*args, **kwargs) Reddit OAuth 2.0 provider.
Viadeo(*args, **kwargs) Viadeo OAuth 2.0 provider.
VK(*args, **kwargs) VK.com OAuth 2.0 provider.
WindowsLive(*args, **kwargs) Windows Live OAuth 2.0 provider.
Yammer(*args, **kwargs) Yammer OAuth 2.0 provider.
Yandex(*args, **kwargs) Yandex OAuth 2.0 provider.
class authomatic.providers.oauth2.OAuth2(*args, **kwargs)[source]

Base class for OAuth 2.0 providers.

Accepts additional keyword arguments:

Parameters:
  • scope (list) – List of strings specifying requested permissions as described in the OAuth 2.0 spec.
  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

user_info_scope = []

A scope preset to get most of the user info. Use it in the Config like {'scope': oauth2.Facebook.user_info_scope}.

supports_csrf_protection = True

bool If False, the provider doesn’t support CSRF protection.

classmethod create_request_elements(request_type, credentials, url, method='GET', params=None, headers=None, body='', secret=None, redirect_uri='', scope='', csrf='')[source]

Creates OAuth 2.0 request elements.

refresh_credentials(credentials)[source]

Refreshes Credentials if it gives sense.

Parameters:credentialsCredentials to be refreshed.
Returns:Response.
class authomatic.providers.oauth2.Amazon(*args, **kwargs)[source]

Amazon OAuth 2.0 provider.

Thanks to Ghufran Syed.

Note

Amazon only accepts redirect_uri with https schema, Therefore the login handler must also be accessible through https.

Supported User properties:

  • email
  • id
  • name
  • postal_code

Unsupported User properties:

  • birth_date
  • city
  • country
  • first_name
  • gender
  • last_name
  • link
  • locale
  • nickname
  • phone
  • picture
  • timezone
  • username

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Behance(*args, **kwargs)[source]

Behance OAuth 2.0 provider.

Note

Behance doesn’t support third party authorization anymore, which renders this class pretty much useless.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Bitly(*args, **kwargs)[source]

Bitly OAuth 2.0 provider.

Warning

This provider doesn’t support CSRF protection!

Supported User properties:

  • id
  • link
  • name
  • picture
  • username

Unsupported User properties:

  • birth_date
  • city
  • country
  • email
  • first_name
  • gender
  • last_name
  • locale
  • nickname
  • phone
  • postal_code
  • timezone
class authomatic.providers.oauth2.Cosm(*args, **kwargs)[source]

Cosm OAuth 2.0 provider.

Note

Cosm doesn’t provide any user info URL.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.DeviantART(*args, **kwargs)[source]

DeviantART OAuth 2.0 provider.

Supported User properties:

  • name
  • picture
  • username

Unsupported User properties:

  • birth_date
  • city
  • country
  • email
  • first_name
  • gender
  • id
  • last_name
  • link
  • locale
  • nickname
  • phone
  • postal_code
  • timezone
class authomatic.providers.oauth2.Eventbrite(*args, **kwargs)[source]

Eventbrite OAuth 2.0 provider.

Thanks to Paul Brown.

Supported User properties:

  • email
  • first_name
  • id
  • last_name
  • name

Unsupported User properties:

  • birth_date
  • city
  • country
  • gender
  • link
  • locale
  • nickname
  • phone
  • picture
  • postal_code
  • timezone
  • username

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Facebook(*args, **kwargs)[source]

Facebook OAuth 2.0 provider.

Supported User properties:

  • birth_date
  • city
  • country
  • email
  • first_name
  • gender
  • id
  • last_name
  • link
  • locale
  • location
  • name
  • picture
  • timezone

Unsupported User properties:

  • nickname
  • phone
  • postal_code
  • username
class authomatic.providers.oauth2.Foursquare(*args, **kwargs)[source]

Foursquare OAuth 2.0 provider.

Note

Foursquare requires a version parameter in each request. The default value is v=20140501. You can override the version in the params parameter of the Authomatic.access() method. See https://developer.foursquare.com/overview/versioning

Supported User properties:

  • city
  • country
  • email
  • first_name
  • gender
  • id
  • last_name
  • location
  • name
  • phone
  • picture

Unsupported User properties:

  • birth_date
  • link
  • locale
  • nickname
  • postal_code
  • timezone
  • username

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.GitHub(*args, **kwargs)[source]

GitHub OAuth 2.0 provider.

Note

GitHub API documentation sais:

all API requests MUST include a valid User-Agent header.

You can apply a default User-Agent header for all API calls in the config like this:

CONFIG = {
    'github': {
        'class_': oauth2.GitHub,
        'consumer_key': '#####',
        'consumer_secret': '#####',
        'access_headers': {'User-Agent': 'Awesome-Octocat-App'},
    }
}

Supported User properties:

  • email
  • id
  • link
  • location
  • name
  • picture
  • username

Unsupported User properties:

  • birth_date
  • city
  • country
  • first_name
  • gender
  • last_name
  • locale
  • nickname
  • phone
  • postal_code
  • timezone

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Google(*args, **kwargs)[source]

Google OAuth 2.0 provider.

Supported User properties:

  • email
  • first_name
  • gender
  • id
  • last_name
  • link
  • locale
  • name
  • picture

Unsupported User properties:

  • birth_date
  • city
  • country
  • nickname
  • phone
  • postal_code
  • timezone
  • username

Note

To get the user info, you need to activate the Google+ API in the APIs & auth >> APIs section of the`Google Developers Console <https://console.developers.google.com/project>`__.

class authomatic.providers.oauth2.LinkedIn(*args, **kwargs)[source]

Linked In OAuth 2.0 provider.

Note

Doesn’t support access token refreshment.

Supported User properties:

  • country
  • email
  • first_name
  • id
  • last_name
  • link
  • location
  • name
  • picture

Unsupported User properties:

  • birth_date
  • city
  • gender
  • locale
  • nickname
  • phone
  • postal_code
  • timezone
  • username

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.PayPal(*args, **kwargs)[source]

PayPal OAuth 2.0 provider.

Note

Paypal doesn’t redirect the user to authorize your app! It grants you an access token based on your app’s key and secret instead.

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Reddit(*args, **kwargs)[source]

Reddit OAuth 2.0 provider.

Note

Currently credentials refreshment returns {"error": "invalid_request"}.

Note

According to Reddit API docs, you have to include a User-Agent header in each API call.

You can apply a default User-Agent header for all API calls in the config like this:

CONFIG = {
    'reddit': {
        'class_': oauth2.Reddit,
        'consumer_key': '#####',
        'consumer_secret': '#####',
        'access_headers': {'User-Agent': "Andy Pipkin's App"},
    }
}

Supported User properties:

  • id
  • username

Unsupported User properties:

  • birth_date
  • country
  • city
  • email
  • first_name
  • gender
  • last_name
  • link
  • locale
  • location
  • name
  • nickname
  • phone
  • picture
  • postal_code
  • timezone
class authomatic.providers.oauth2.Viadeo(*args, **kwargs)[source]

Viadeo OAuth 2.0 provider.

Note

As stated in the Viadeo documentation:

Viadeo restrains access to its API. They are now exclusively reserved for its strategic partners.

Note

Viadeo doesn’t support credentials refreshment. As stated in their docs: “The access token has an infinite time to live.”

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.VK(*args, **kwargs)[source]

VK.com OAuth 2.0 provider.

Note

VK uses a bitmask scope! Use it like this:

CONFIG = {
    'vk': {
        'class_': oauth2.VK,
        'consumer_key': '#####',
        'consumer_secret': '#####',
        'id': authomatic.provider_id(),
        'scope': ['1024'] # Always a single item.
    }
}

Supported User properties:

  • birth_date
  • city
  • country
  • first_name
  • gender
  • id
  • last_name
  • location
  • name
  • picture
  • timezone

Unsupported User properties:

  • email
  • link
  • locale
  • nickname
  • phone
  • postal_code
  • username
class authomatic.providers.oauth2.WindowsLive(*args, **kwargs)[source]

Windows Live OAuth 2.0 provider.

Supported User properties:

  • email
  • first_name
  • id
  • last_name
  • link
  • locale
  • name
  • picture

Unsupported User properties:

  • birth_date
  • city
  • country
  • gender
  • nickname
  • location
  • phone
  • postal_code
  • timezone
  • username
class authomatic.providers.oauth2.Yammer(*args, **kwargs)[source]

Yammer OAuth 2.0 provider.

Supported User properties:

  • birth_date
  • city
  • country
  • email
  • first_name
  • id
  • last_name
  • link
  • locale
  • location
  • name
  • phone
  • picture
  • timezone
  • username

Unsupported User properties:

  • gender
  • nickname
  • postal_code

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

class authomatic.providers.oauth2.Yandex(*args, **kwargs)[source]

Yandex OAuth 2.0 provider.

Supported User properties:

  • id
  • name
  • username

Unsupported User properties:

  • birth_date
  • city
  • country
  • email
  • first_name
  • gender
  • last_name
  • link
  • locale
  • location
  • nickname
  • phone
  • picture
  • postal_code
  • timezone

Accepts additional keyword arguments:

Parameters:
  • scope (list) –

    List of strings specifying requested permissions as described in the OAuth 2.0 spec.

  • offline (bool) – If True the provider will be set up to request an offline access token. default is False.

As well as those inherited from AuthorizationProvider constructor.

OAuth 1.0a Providers

Providers which implement the OAuth 1.0a protocol.

OAuth1(*args, **kwargs) Base class for OAuth 1.0a providers.
Bitbucket(*args, **kwargs) Bitbucket OAuth 1.0a provider.
Flickr(*args, **kwargs) Flickr OAuth 1.0a provider.
Meetup(*args, **kwargs) Meetup OAuth 1.0a provider.
Plurk(*args, **kwargs) Plurk OAuth 1.0a provider.
Twitter(*args, **kwargs) Twitter OAuth 1.0a provider.
Tumblr(*args, **kwargs) Tumblr OAuth 1.0a provider.
UbuntuOne(*args, **kwargs) Ubuntu One OAuth 1.0a provider.
Vimeo(*args, **kwargs) Vimeo OAuth 1.0a provider.
Xero(*args, **kwargs) Xero OAuth 1.0a provider.
Xing(*args, **kwargs) Xing OAuth 1.0a provider.
Yahoo(*args, **kwargs) Yahoo OAuth 1.0a provider.
class authomatic.providers.oauth1.OAuth1(*args, **kwargs)[source]

Base class for OAuth 1.0a providers.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
request_token_url[source]

str URL where we can get the OAuth 1.0a request token. see http://oauth.net/core/1.0a/#auth_step1.

classmethod create_request_elements(request_type, credentials, url, params=None, headers=None, body='', method='GET', verifier='', callback='')[source]

Creates OAuth 1.0a request elements.

class authomatic.providers.oauth1.Bitbucket(*args, **kwargs)[source]

Bitbucket OAuth 1.0a provider.

Supported User properties:

  • first_name
  • id
  • last_name
  • link
  • name
  • picture
  • username

Unsupported User properties:

  • birth_date
  • city
  • country
  • email
  • gender
  • locale
  • location
  • nickname
  • phone
  • postal_code
  • timezone

Note

To get the full user info, you need to select both the Account Read and the Repositories Read permission in the Bitbucket application edit form.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Flickr(*args, **kwargs)[source]

Flickr OAuth 1.0a provider.

Supported User properties:

  • id
  • name
  • username

Unsupported User properties:

  • birth_date
  • city
  • country
  • email
  • first_name
  • gender
  • last_name
  • link
  • locale
  • location
  • nickname
  • phone
  • picture
  • postal_code
  • timezone

Note

If you encounter the “Oops! Flickr doesn’t recognise the permission set.” message, you need to add the perms=read or perms=write parameter to the user authorization request. You can do it by adding the user_authorization_params key to the Config:

CONFIG = {
    'flickr': {
        'class_': oauth1.Flickr,
        'consumer_key': '##########',
        'consumer_secret': '##########',
        'user_authorization_params': dict(perms='read'),
    },
}

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Meetup(*args, **kwargs)[source]

Meetup OAuth 1.0a provider.

Note

Meetup also supports OAuth 2.0 but you need the user ID to update the user info, which they don’t provide in the OAuth 2.0 access token response.

Supported User properties:

  • city
  • country
  • id
  • link
  • locale
  • location
  • name
  • picture

Unsupported User properties:

  • birth_date
  • email
  • first_name
  • gender
  • last_name
  • nickname
  • phone
  • postal_code
  • timezone
  • username

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Plurk(*args, **kwargs)[source]

Plurk OAuth 1.0a provider.

Supported User properties:

  • birth_date
  • city
  • country
  • email
  • gender
  • id
  • link
  • locale
  • location
  • name
  • nickname
  • picture
  • timezone
  • username

Unsupported User properties:

  • first_name
  • last_name
  • phone
  • postal_code

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Twitter(*args, **kwargs)[source]

Twitter OAuth 1.0a provider.

Supported User properties:

  • id
  • link
  • locale
  • location
  • name
  • picture
  • username

Unsupported User properties:

  • birth_date
  • city
  • country
  • email
  • gender
  • first_name
  • last_name
  • nickname
  • phone
  • postal_code
  • timezone

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Tumblr(*args, **kwargs)[source]

Tumblr OAuth 1.0a provider.

Supported User properties:

  • id
  • name
  • username

Unsupported User properties:

  • birth_date
  • city
  • country
  • email
  • gender
  • first_name
  • last_name
  • link
  • locale
  • location
  • nickname
  • phone
  • picture
  • postal_code
  • timezone

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.UbuntuOne(*args, **kwargs)[source]

Ubuntu One OAuth 1.0a provider.

Note

The UbuntuOne service has been shut down.

Warning

Uses the PLAINTEXT Signature method!

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Vimeo(*args, **kwargs)[source]

Vimeo OAuth 1.0a provider.

Warning

Vimeo needs one more fetch to get rich user info!

Supported User properties:

  • id
  • link
  • location
  • name
  • picture

Unsupported User properties:

  • birth_date
  • city
  • country
  • email
  • gender
  • first_name
  • last_name
  • locale
  • nickname
  • phone
  • postal_code
  • timezone
  • username

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Xero(*args, **kwargs)[source]

Xero OAuth 1.0a provider.

Note

API returns XML!

Supported User properties:

  • email
  • first_name
  • id
  • last_name
  • name

Unsupported User properties:

  • birth_date
  • city
  • country
  • gender
  • link
  • locale
  • location
  • nickname
  • phone
  • picture
  • postal_code
  • timezone
  • username

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Yahoo(*args, **kwargs)[source]

Yahoo OAuth 1.0a provider.

Supported User properties:

  • birth_date
  • city
  • country
  • gender
  • id
  • link
  • location
  • name
  • nickname
  • picture

Unsupported User properties:

  • locale
  • phone
  • postal_code
  • timezone
  • username

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.
class authomatic.providers.oauth1.Xing(*args, **kwargs)[source]

Xing OAuth 1.0a provider.

Supported User properties:

  • birth_date
  • city
  • country
  • email
  • first_name
  • gender
  • id
  • last_name
  • link
  • locale
  • location
  • name
  • phone
  • picture
  • postal_code
  • timezone
  • username

Unsupported User properties:

  • nickname

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id – A unique short name used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access token request.
  • request_token_params (dict) – A dictionary of additional request parameters for request token request.

OpenID Providers

Providers which implement the OpenID protocol based on the python-openid library.

Warning

This providers are dependent on the python-openid package.

OpenID(*args, **kwargs) OpenID provider based on the python-openid library.
Yahoo(*args, **kwargs) Yahoo OpenID provider with the identifier predefined to "me.yahoo.com".
Google(*args, **kwargs) Google OpenID provider with the identifier predefined to "https://www.google.com/accounts/o8/id".
class authomatic.providers.openid.OpenID(*args, **kwargs)[source]

OpenID provider based on the python-openid library.

Accepts additional keyword arguments:

Parameters:
  • store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
  • use_realm (bool) – Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.
  • realm_body (str) – Contents of the HTML body tag of the realm.
  • realm_param (str) – Name of the query parameter to be used to serve the realm.
  • xrds_param (str) – The name of the query parameter to be used to serve the XRDS document.
  • sreg (list) – List of strings of optional SREG fields. Default = OpenID.SREG.
  • sreg_required (list) –

    List of strings of required SREG fields. Default = [].

  • ax (list) – List of strings of optional AX schemas. Default = OpenID.AX.
  • ax_required (list) –

    List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.

  • pape (list) – of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

class authomatic.providers.openid.Yahoo(*args, **kwargs)[source]

Yahoo OpenID provider with the identifier predefined to "me.yahoo.com".

Accepts additional keyword arguments:

Parameters:
  • store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
  • use_realm (bool) –

    Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.

  • realm_body (str) – Contents of the HTML body tag of the realm.
  • realm_param (str) – Name of the query parameter to be used to serve the realm.
  • xrds_param (str) –

    The name of the query parameter to be used to serve the XRDS document.

  • sreg (list) –

    List of strings of optional SREG fields. Default = OpenID.SREG.

  • sreg_required (list) –

    List of strings of required SREG fields. Default = [].

  • ax (list) –

    List of strings of optional AX schemas. Default = OpenID.AX.

  • ax_required (list) –

    List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.

  • pape (list) –

    of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

class authomatic.providers.openid.Google(*args, **kwargs)[source]

Google OpenID provider with the identifier predefined to "https://www.google.com/accounts/o8/id".

Accepts additional keyword arguments:

Parameters:
  • store – Any object which implements openid.store.interface.OpenIDStore of the python-openid library.
  • use_realm (bool) –

    Whether to use OpenID realm. If True the realm HTML document will be accessible at {current url}?{realm_param}={realm_param} e.g. http://example.com/path?realm=realm.

  • realm_body (str) – Contents of the HTML body tag of the realm.
  • realm_param (str) – Name of the query parameter to be used to serve the realm.
  • xrds_param (str) –

    The name of the query parameter to be used to serve the XRDS document.

  • sreg (list) –

    List of strings of optional SREG fields. Default = OpenID.SREG.

  • sreg_required (list) –

    List of strings of required SREG fields. Default = [].

  • ax (list) –

    List of strings of optional AX schemas. Default = OpenID.AX.

  • ax_required (list) –

    List of strings of required AX schemas. Default = OpenID.AX_REQUIRED.

  • pape (list) –

    of requested PAPE policies. Default = OpenID.PAPE.

As well as those inherited from AuthenticationProvider constructor.

Google App Engine OpenID Providers

OpenID provider implementations based on the Google App Engine Users API.

Note

When using the GAEOpenID provider, the User object will always have only the User.user_id, User.email, User.gae_user attributes populated with data. Moreover the User.user_id will always be empty on the GAE Development Server.

GAEOpenID(*args, **kwargs) OpenID provider based on the Google App Engine Users API.
Yahoo(*args, **kwargs) GAEOpenID provider with the identifier set to "me.yahoo.com".
Google(*args, **kwargs) GAEOpenID provider with the identifier set to "https://www.google.com/accounts/o8/id".
class authomatic.providers.gaeopenid.GAEOpenID(*args, **kwargs)[source]

OpenID provider based on the Google App Engine Users API.

Accepts additional keyword arguments inherited from AuthenticationProvider.

class authomatic.providers.gaeopenid.Yahoo(*args, **kwargs)[source]

GAEOpenID provider with the identifier set to "me.yahoo.com".

class authomatic.providers.gaeopenid.Google(*args, **kwargs)[source]

GAEOpenID provider with the identifier set to "https://www.google.com/accounts/o8/id".

Abstract Classes for Providers

Abstract base classes for implementation of protocol specific providers.

Note

Attributes prefixed with _x_ serve the purpose of unification of differences across providers.

login_decorator(func) Decorate the BaseProvider.login() implementations with this decorator.
BaseProvider(settings, adapter, provider_name) Abstract base class for all providers.
AuthorizationProvider(*args, **kwargs) Base provider for authorization protocols i.e.
AuthenticationProvider(*args, **kwargs) Base provider for authentication protocols i.e.
authomatic.providers.login_decorator(func)[source]

Decorate the BaseProvider.login() implementations with this decorator.

Provides mechanism for error reporting and returning result which makes the BaseProvider.login() implementation cleaner.

class authomatic.providers.BaseProvider(settings, adapter, provider_name, session=None, session_saver=None, callback=None, js_callback=None, prefix='authomatic', **kwargs)[source]

Abstract base class for all providers.

name = None

str The provider name as specified in the Config.

callback = None

callable An optional callback called when the login procedure is finished with core.LoginResult passed as argument.

js_callback = None

str Name of an optional javascript callback.

user = None

core.User.

popup = None

bool If True, the BaseProvider.user_authorization_url will be displayed in a popup mode, if the provider supports it.

login()[source]

Launches the login procedure to get user’s credentials from provider.

Should be decorated with login_decorator(). The login procedure is considered finished when the user attribute is not empty when the method runs out of it’s flow or when there are errors.

to_dict()[source]

Converts the provider instance to a dict.

Returns:dict
classmethod get_type()[source]

Returns the provider type.

Returns:str The full dotted path to base class e.g. "authomatic.providers.oauth2.OAuth2".
update_user()[source]

Updates and returns user.

Returns:User
static csrf_generator(secret)[source]

Generates CSRF token.

Inspired by this article: http://blog.ptsecurity.com/2012/10/random-number-security-in-python.html

Returns:str Random unguessable string.
class authomatic.providers.AuthorizationProvider(*args, **kwargs)[source]

Base provider for authorization protocols i.e. protocols which allow a provider to authorize a consumer to access protected resources of a user. e.g. OAuth 2.0 or OAuth 1.0a.

Accepts additional keyword arguments:

Parameters:
  • consumer_key (str) – The key assigned to our application (consumer) by the provider.
  • consumer_secret (str) – The secret assigned to our application (consumer) by the provider.
  • id (int) – A unique numeric ID used to serialize Credentials.
  • user_authorization_params (dict) – A dictionary of additional request parameters for user authorization request.
  • access_token_params (dict) – A dictionary of additional request parameters for access_with_credentials token request.
  • access_headers (dict) – A dictionary of default HTTP headers that will be used when accessing user’s protected resources. Applied by access(), update_user() and User.update()
  • access_params (dict) – A dictionary of default query string parameters that will be used when accessing user’s protected resources. Applied by access(), update_user() and User.update()
same_origin = True

If True the provider doesn’t support Cross-site HTTP requests.

supports_jsonp = False

bool Whether the provider supports JSONP requests.

credentials = None

Credentials to access user’s protected resources.

access_token_response = None

Response of the access token request.

user_authorization_url[source]

str URL to which we redirect the user to grant our app i.e. the consumer an authorization to access his protected resources. see http://tools.ietf.org/html/rfc6749#section-4.1.1 and http://oauth.net/core/1.0a/#auth_step2.

access_token_url[source]

str URL where we can get the access token to access protected resources of a user. see http://tools.ietf.org/html/rfc6749#section-4.1.3 and http://oauth.net/core/1.0a/#auth_step3.

user_info_url[source]

str URL where we can get the user info. see http://tools.ietf.org/html/rfc6749#section-7 and http://oauth.net/core/1.0a/#anchor12.

to_tuple(credentials)[source]

Must convert credentials to a tuple to be used by Credentials.serialize().

Warning

Must be a classmethod!

Parameters:credentialsCredentials
Returns:tuple
reconstruct(deserialized_tuple, credentials, cfg)[source]

Must convert the deserialized_tuple back to Credentials.

Warning

Must be a classmethod!

Parameters:
  • deserialized_tuple (tuple) – A tuple whose first index is the id and the rest are all the items of the tuple created by to_tuple().
  • credentials – A Credentials instance.
  • cfg (dict) – Provider configuration from Config.
create_request_elements(request_type, credentials, url, method='GET', params=None, headers=None, body='')[source]

Must return RequestElements.

Warning

Must be a classmethod!

Parameters:
  • request_type (int) – Type of the request specified by one of the class’s constants.
  • credentialsCredentials of the user whose protected resource we want to access.
  • url (str) – URL of the request.
  • method (str) – HTTP method of the request.
  • params (dict) – Dictionary of request parameters.
  • headers (dict) – Dictionary of request headers.
  • body (str) – Body of POST, PUT and PATCH requests.
Returns:

RequestElements

type_id[source]

A short string representing the provider implementation id used for serialization of Credentials and to identify the type of provider in JavaScript. The part before hyphen denotes the type of the provider, the part after hyphen denotes the class id e.g. oauth2.Facebook.type_id = '2-5', oauth1.Twitter.type_id = '1-5'.

access(url, params=None, method='GET', headers=None, body='', max_redirects=5, content_parser=None)[source]

Fetches the protected resource of an authenticated user.

Parameters:
  • credentials – The user’s Credentials (serialized or normal).
  • url (str) – The URL of the protected resource.
  • method (str) – HTTP method of the request.
  • headers (dict) – HTTP headers of the request.
  • body (str) – Body of POST, PUT and PATCH requests.
  • max_redirects (int) – Maximum number of HTTP redirects to follow.
  • content_parser (function) – A function to be used to parse the Response.data from Response.content.
Returns:

Response

async_access(*args, **kwargs)[source]

Same as access() but runs asynchronously in a separate thread.

Warning

The internal implementation of the future pattern is quite naive. Use with caution!

Returns:Future instance representing the separate thread.
update_user()[source]

Updates the BaseProvider.user.

Warning

Fetches the user_info_url!

Returns:UserInfoResponse
class authomatic.providers.AuthenticationProvider(*args, **kwargs)[source]

Base provider for authentication protocols i.e. protocols which allow a provider to authenticate a claimed identity of a user. e.g. OpenID.

has_protected_resources = False

Indicates whether the provider supports access_with_credentials to user’s protected resources.

Fork me on GitHub