django-oauth-consumer

A django application providing infrastructure for consuming OAuth services. It is not for providing OAuth services.

The code is hosted here at github. The latest code can be downloaded as a zip file or a tarball.

Requires Python 2.6 or newer and:

Can be installed using pip:

pip install -r http://code.daaku.org/django-oauth-consumer/reqs

OAuthConsumerApp

Multiple OAuth services are supported by creating an application for each service provider you need to access. This application is an instance of OAuthConsumerApp. It is bound to some configuration and has a name which must be unique across all OAuthConsumerApp instances.

This application instance gives you the ability to:

  • Make signed requests (2 & 3 legged)
  • Validate incoming (2 legged) signed requests
  • Handle the access token flow

In order to use this application, you must:

  • Create an instance of OAuthConsumerApp
  • Include the urls from that instance in your urlconf
  • Optional. Provide some templates. Which one depends on your needs.
class django_oauth_consumer.OAuthConsumerApp(name, consumer_key=None, consumer_secret=None, request_token_url=None, authorization_url=None, access_token_url=None, realm=None, signature_method=None)

Provides OAuth Consumer functionality for Django. Depending on your use of the library, some of these arguments can be ignored. But most likely you’ll need to supply all of them.

Arguments:

name
Required. This is used in making this application instance unique. Make sure you dont use the same name for different instances of OAuthConsumerApp.
consumer_key

The consumer key issued to you by the service provider.

http://oauth.net/core/1.0/#rfc.section.4.3

consumer_secret

The consumer secret issued to you by the service provider.

http://oauth.net/core/1.0/#rfc.section.4.3

request_token_url

The URL to fetch request tokens from.

http://oauth.net/core/1.0/#request_urls

authorization_url

The URL to redirect the user to for obtaining Authorization.

http://oauth.net/core/1.0/#request_urls

access_token_url

The URL to exchange the authorized request token for an access token.

http://oauth.net/core/1.0/#request_urls

realm

Optional realm for the Authorization header.

http://oauth.net/core/1.0/#rfc.section.5.4.2

signature_method

A Signature Method for use with the OAuth flow. Defaults to

oauth.signature_method.hmac_sha1.OAuthSignatureMethod_HMAC_SHA1
store_access_token(request, token)

This must store an access token (a dict).

This can be overridden to allow alternate storage mechanisms.

Default is session based storage.

get_access_token(request)

This must return an access token (a dict) or raise NoAccessToken.

This can be overridden to allow alternate storage mechanisms. Make sure to raise NoAccessToken() if an access token is not found.

Default is session based storage.

start_access_token_flow(request)
This triggers the access token flow without checking if an access token already exists. That’s your job. It returns a HttpResponse.
require_access_token(view)
A decorator for views that require an Access Token. This will ensure that you have an access token by automatically triggering the access token flow if needed before the view gets processed.
make_signed_req(url, method='GET', content={}, headers={}, token=None, request=None)

Identical to the make_request API, and accepts an additional (optional) token parameter and request object (required if dealing with Scalable OAuth service providers). It adds the OAuth Authorization header based on the consumer set on this instance. If content not a Mapping object, it will be ignored with respect to signing. This means you need to either pass the query parameters as a dict/Mapping object, or pass a encoded query string as part of the URL which will be extracted and included in the signature.

http://oauth.net/core/1.0/#rfc.section.7

Arguments:

url
The URL - query parameters will be parsed out.
method
The HTTP method to use.
content
A dict of key/values or string/unicode value.
headers
A dict of headers.
token
An optional access token. If this is provided, you will be making a 3-legged request. If it is missing, you will be making a 2-legged request.
request

Optional. Needed if using Scalable OAuth in order to transparently handle access token renewal.

http://wiki.oauth.net/ScalableOAuth#AccessTokenRenewal

is_valid_signature(request)

Validates the incoming 2 legged signed request. This is useful for signed requests from OpenSocial Containers such as YAP.

It calls OAuthRequest.validate_signature which throws an OAuthError if the signature validation fails.

FIXME Missing nonce validation.

validate_signature(view)

A decorator for Django views to validate incoming signed requests. This is for 2 legged signed requests. This is useful for requests from OpenSocial Containers such as YAP.

It will render this template when it recieves an invalid signature:

django_oauth_consumer/{NAME}/invalid_signature.html

FIXME Missing nonce validation.

need_authorization(request)

The view that triggers the access token flow by sending the user to the authorization url. If you wish to show the user a message, you may provide a template named:

django_oauth_consumer/{NAME}/need_authorization.html

The template will be provided an authorization_url in the context.

If you do not provide a template, the user will be redirected there immediately.

success_auth(request, oauth_token=None)

The view that handles a successful OAuth Authorization flow from the user’s side. The Service Provider redirect returns the user here. If you wish to show the user a message here before continuing to the original URL that triggered the access token flow, you may provide a template named:

django_oauth_consumer/{NAME}/successful_authorization.html

The template will be provided the access_token and the next_url (the original URL the user visited that triggered the access token flow).

If you do not provide a template, the view will simply redirect the user back to the original URL.

urls
Provides the urls for this application instance. These must be included for the access token flow to work.