x1ddos / simpleauth

Simple authentication for Python on Google App Engine supporting OAuth 2.0, OAuth 1.0(a) and OpenID
https://simpleauth.appspot.com
327 stars 61 forks source link

Option to use stored tokens #15

Open x1ddos opened 11 years ago

x1ddos commented 11 years ago

Reported by muijsenbergq


Hi,

I'm using your library and i need to be able to use stored tokens and try to reuse them. As a separate path from the OAuth flow.

At the moment a hacked away a little bit to achieve this functionality but maybe it's an idea to implement this (the right way)?

This i my method to use existing tokens and tap into your library. I made "get_consumer_info_for()" a class method,made it always return a 3-tuple and for the rest using the implementation from your demo.

def try_oauth(tokens):
    provider = tokens.provider
    client_id, client_secret, scope = AuthHandler.get_consumer_info_for(provider)
    fetcher = getattr(AuthHandler(), '_get_%s_user_info' % provider)
    auth_info = {'oauth_token': tokens.oauth_token, 'oauth_token_secret': tokens.oauth_secret}
    user_data = fetcher(auth_info, key=client_id, secret=client_secret)
    if user_data:
        auth_id = get_auth_id(user_data, provider)
        ....

btw, using this class to store tokens in db

class UserTokens(db.Model):
    created = db.IntegerProperty(required=True)
    provider = db.StringProperty(indexed=False, required=True)
    cookie = db.StringProperty()
    oauth_token = db.StringProperty(indexed=False, required=True)
    oauth_secret = db.StringProperty(indexed=False, required=True)
    user = ....

Thanks!

Moved here from https://code.google.com/p/gae-simpleauth/issues/detail?id=6

chafreaky commented 9 years ago

I'd actually be very interested in this enhancement. I am trying to pass a token from an iOS app to GAE using simpleauth (Facebook auth in the app, Open Graph call in App Engine) and I believe this would be a good step towards achieving what I am looking for.

x1ddos commented 9 years ago

I'm not sure there's a real benefit in adding it as a feature to the library as OAuth 2.0 access tokens are normally short lived, unless you're using offline mode.

Do you have a demo or maybe a PR?

chafreaky commented 9 years ago

Good point, I think it might be better for me to just create a normal session on GAE and store the FB token as a session variable instead of going through the trouble of implementing FB Auth on the backend when the front-end already takes care of it.