search

ib-lundgren / flask-oauthprovider

Create a secure OAuth provider easily, powered by OAuthLib
BSD 3-Clause "New" or "Revised" License
86 stars 21 forks source link

readme

Flask-OAuthProvider

July/2013: Good news and Bad news.

Bad: Unfortunately I am unable to dedicate much time to this extension and with the refactoring of OAuth 1 provider in oauthlib 0.5 quite a few changes are required to flask-oauthprovider. Some might break existing implementations. I've set version requirement of oauthlib to < 0.5 to prevent breakage for now.

Good: There is a great new flask extension called flask-oauthlib under active development with support for both OAuth 1 and 2. I strongly encourage every user of flask-oauthprovider to move over to flask-oauthlib. It should be quite painless and result in a cleaner, more Flasky, implementation for all =)

.. _flask-oauthlib: https://github.com/lepture/flask-oauthlib

Flask-OAuthProvider is an extension that makes it easy to secure your views with OAuth::

@provider.require_oauth()
def user_feed(self):
    ...

It gives you fine grained control over access through the use of realms::

@provider.require_oauth(realm="photos")
def user_photos(self):
    ...

As well as the OAuth parameters such as client key and token::

@provider.require_oauth()
def whoami(self):
    return request.oauth.client_key

Note this extension does NOT give you an OAuth client. For that simply use requests which has OAuthLib backed OAuth support built in. If you want to know more about OAuth check out the excellent guide at hueniverse or dig into the very readable OAuth 1 RFC 5849 spec_.

.. requests: https://github.com/kennethreitz/requests .. hueniverse: http://hueniverse.com/oauth/ .. _OAuth 1 RFC 5849 spec: http://tools.ietf.org/html/rfc5849

Example

Take a look at the example application for a fully working, SQLite / SQLAlchemy backed OAuth provider in the /examples_ folder.

Before running the demo you need to install a few dependencies (virtualenv is highly recommended). This will be replaced by a single line of pip soon...::

$ virtualenv venv
$ source venv/bin/activate
(venv)$ git clone https://github.com/idan/oauthlib.git
(venv)$ python oauthlib/setup.py install
(venv)$ git clone https://github.com/ib-lundgren/flask-oauthprovider.git 
(venv)$ python flask-oauthprovider/setup.py install
(venv)$ pip install flask-openid sqlalchemy

After installing you can run the demo application::

(venv)$ python flask-oauthprovider/examples/runserver.py

MongoDB Example

This repo also includes a fully working, MongoDB / pymongo backed OAuth provider in the /examples_ folder.

Before running the demo you need to install a few dependencies (virtualenv is highly recommended).::

$ virtualenv venv
$ source venv/bin/activate
(venv)$ git clone https://github.com/idan/oauthlib.git
(venv)$ python oauthlib/setup.py install
(venv)$ git clone https://github.com/ib-lundgren/flask-oauthprovider.git 
(venv)$ python flask-oauthprovider/setup.py install
(venv)$ pip install flask-openid pymongo

After installing you can run the demo application::

(venv)$ python flask-oauthprovider/examples/runserver_mongo.py

Usage

Flask-OAuthProvider builds opon OAuthLib and its OAuth 1 RFC 5849 Server class. You will need to implement a number of abstract methods, required from either Server (OAuthLib_) or OAuthProvider(Flask-OAuthProvider). These methods are mainly data storage or retrieval methods. No assumptions are made about the persistence system you use and as such you are free to use any you see fit.

While implementing your provider class you want to give OAuthLib Server docs and the OAuthProvider source a thorough read.

The implementation guide is on its way, feel free to take a look at the overview pictures of how Flask-OAuthProvider and OAuthLib fit into the OAuth workflow.

When you have hacked together a shiny provider class it will be easy to secure your API with OAuth::

app = Flask(__name__)
provider = YourProvider(app)

@app.route("/my_secrets")
@provider.require(realm="secrets")
def my_secrets(self):
    ...

.. OAuth 1 RFC 5849 Server: https://github.com/idan/oauthlib/blob/master/oauthlib/oauth1/rfc5849/__init__.py .. OAuthLib: https://github.com/idan/oauthlib .. /examples: https://github.com/ib-lundgren/flask-oauthprovider/tree/master/examples .. OAuthLib Server docs: https://github.com/idan/oauthlib/blob/master/docs/server.rst .. _OAuthProvider source: https://github.com/ib-lundgren/flask-oauthprovider/blob/master/flask_oauthprovider.py .. _Client registration: https://github.com/ib-lundgren/flask-oauthprovider/raw/master/docs/images/client_registration.png .. _Request tokens: https://github.com/ib-lundgren/flask-oauthprovider/raw/master/docs/images/request_token.png .. _Access tokens: https://github.com/ib-lundgren/flask-oauthprovider/raw/master/docs/images/access_token.png .. _Request verification: https://github.com/ib-lundgren/flask-oauthprovider/raw/master/docs/images/request_verification.png

Install

Flask-OAuthProvider will be easily installed using pip when OAuthLib 0.2.0 is available on pypi ::

pip install flask-oauthprovider