oauth_dropins

Reference documentation.

blogger

Blogger v2 GData API OAuth drop-in.

Blogger API docs: https://developers.google.com/blogger/docs/2.0/developers_guide_protocol

Python GData API docs: http://gdata-python-client.googlecode.com/hg/pydocs/gdata.blogger.data.html

Uses requests-oauthlib to auth via Google Sign-In’s OAuth 2: https://requests-oauthlib.readthedocs.io/

Known issues:

  • If the user approves the OAuth prompt but has no Blogger blogs, we redirect to the callback with declined=True, which is wrong.

class oauth_dropins.blogger.BloggerV2Auth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Blogger user.

Provides methods that return information about this user (or page) and make OAuth-signed requests to the Blogger API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Blogger-specific details: implements api() but not urlopen(). api() returns a gdata.blogger.client.BloggerClient. The datastore entity key name is the Blogger user id.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]
Returns:

the user’s Blogger username

Return type:

str

access_token()[source]
Returns:

the OAuth access token string

Return type:

str

modify_request(http_request)[source]

Makes this class usable as an auth_token object in a gdata Client.

Background in gdata.client.GDClient and gdata.client.GDClient.request(). Other similar classes include gdata.gauth.ClientLoginToken and gdata.gauth.AuthSubToken.

class oauth_dropins.blogger.Scopes[source]

Bases: object

https://developers.google.com/blogger/docs/2.0/developers_guide_protocol#OAuth2Authorizing (the scope for the v3 API is https://www.googleapis.com/auth/blogger)

class oauth_dropins.blogger.Start(to_path, scopes=None)[source]

Bases: Scopes, Start

Connects a Blogger account. Authenticates via OAuth.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

class oauth_dropins.blogger.Callback(to_path, scopes=None)[source]

Bases: Scopes, Callback

Finishes the OAuth flow.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

disqus

Disqus OAuth drop-in.

Disqus API docs: https://disqus.com/api/docs/

This drop-in is even more similar to Instagram than Instagram is to Facebook. Differences:

  • urlopen must pass the api_key with each request (in addition to the access_token)

  • Response to access_token does not give much information about the user, so we additionally fetch /user/details before saving

  • Deny appears to be broken on Disqus’s side (clicking “No Thanks” has no effect), so we ignore that possibility for now.

TODO: unify Disqus, Facebook, and Instagram

class oauth_dropins.disqus.DisqusAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Disqus user.

Provides methods that return information about this user (or page) and make OAuth-signed requests to Instagram’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Disqus-specific details: implements urlopen() but not api(). The key name is the Disqus user id.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user’s name.

access_token()[source]

Returns the OAuth access token string.

urlopen(url, **kwargs)[source]

Wraps models.BaseAuth.urlopen() and adds OAuth credentials to the request.

class oauth_dropins.disqus.Start(to_path, scopes=None)[source]

Bases: Start

Starts Disqus auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

class oauth_dropins.disqus.Callback(to_path, scopes=None)[source]

Bases: Callback

The auth callback. Fetches an access token, stores it, and redirects home.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

handle_error()[source]

Handles any error reported in the callback query parameters.

Parameters:

handler (Callback) –

Returns:

True if there was an error, False otherwise

Return type:

bool

dropbox

Dropbox OAuth drop-in.

Standard OAuth 2.0 flow. Docs:

class oauth_dropins.dropbox.DropboxAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Dropbox user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to Dropbox’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Implements urlopen() but not api().

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the Dropbox user id.

access_token()[source]

Returns the OAuth access token string.

urlopen(url, **kwargs)[source]

Wraps urlopen() and adds OAuth credentials to the request.

class oauth_dropins.dropbox.DropboxCsrf(**kwargs)[source]

Bases: Model

Stores a CSRF token for the Dropbox OAuth2 flow.

class oauth_dropins.dropbox.Start(to_path, scopes=None)[source]

Bases: Start

Starts Dropbox auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.dropbox.Callback(to_path, scopes=None)[source]

Bases: Callback

The auth callback. Fetches an access token, stores it, and redirects home.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

facebook

Facebook OAuth drop-in.

https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow

class oauth_dropins.facebook.FacebookAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Facebook user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to Facebook’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Facebook-specific details: implements urlopen() but not api(). The key name is the user’s or page’s Facebook ID.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user’s or page’s name.

access_token()[source]

Returns the OAuth access token string.

urlopen(url, **kwargs)[source]

Wraps models.BaseAuth.urlopen() and adds OAuth credentials to the request.

for_page(page_id)[source]

Returns a new, unsaved FacebookAuth entity for a page in pages_json.

The returned entity’s properties will be populated with the page’s data. access_token will be the page access token, user_json will be the page object, and pages_json will be a single-element list with the page.

If page_id is not in pages_json, returns None.

Parameters:

page_id (str) – Facebook page id

is_authority_for(key)[source]

Additionally check if the key represents a Page that this user has authority over.

Parameters:

auth_entity_key (google.cloud.ndb.key.Key) –

Returns:

True if key represents this user or one of the user’s pages.

Return type:

bool

class oauth_dropins.facebook.Start(to_path, scopes=None)[source]

Bases: Start

Starts Facebook auth. Requests an auth code and expects a redirect back.

redirect_url(state=None, app_id=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

class oauth_dropins.facebook.Callback(to_path, scopes=None)[source]

Bases: Callback

The auth callback. Fetches an access token, stores it, and redirects home.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

static handle_error(handler)[source]

Handles any error reported in the callback query parameters.

Parameters:

handler (Callback) –

Returns:

response if there was an error, otherwise None

Return type:

flask.Response

flickr

Flickr OAuth drop-in.

Uses oauthlib directly to authenticate and sign requests with OAuth 1.0 credentials. https://www.flickr.com/services/api/auth.oauth.html

Note that when users decline Flickr’s OAuth prompt by clicking the Cancel button, Flickr redirects them to its home page, not to us.

class oauth_dropins.flickr.FlickrAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Flickr user.

Provides methods that return information about this user and make OAuth-signed requests to the Flickr API. Stores OAuth credentials in the datastore. Key is the Flickr user ID. See models.BaseAuth for usage details.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user id.

access_token()[source]

Returns the OAuth access token as a (string key, string secret) tuple.

urlopen(url, **kwargs)[source]

Wraps urllib.request.urlopen() and adds OAuth credentials to the request.

Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.

The arguments, return value (urllib.request.Response), and exceptions raised (urllib.error.URLError) are the same as urllib2.urlopen.

class oauth_dropins.flickr.Start(to_path, scopes=None)[source]

Bases: Start

Starts three-legged OAuth with Flickr.

Fetches an OAuth request token, then redirects to Flickr’s auth page to request an access token.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.flickr.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and redirects to the front page.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

flickr_auth

Utility functions for calling signed Flickr API methods.

Supports Python 3. Should not depend on App Engine API or SDK packages.

oauth_dropins.flickr_auth.signed_urlopen(url, token_key, token_secret, **kwargs)[source]

Call urllib.request.urlopen(), signing the request with Flickr credentials.

Parameters:

  • url (str) – the url to open

  • token_key (str) – user’s access token

  • token_secret (str) – the user’s access token secret

  • timeout (int) – the request timeout, optional, falls back to webutil.util.HTTP_TIMEOUT if not specified

Returns:

the file-like object that is the result of urllib.request.urlopen()

oauth_dropins.flickr_auth.call_api_method(method, params, token_key, token_secret)[source]

Call a Flickr API method.

Flickr has one API endpoint, where different methods are called by name.

If the stat field contains fail, then this method creates an artificial HTTPError 400 or 401 depending on the type of failure.

Parameters:

  • method (str) – the API method name (e.g. flickr.photos.getInfo)

  • params (dict) – the parameters to send to the API method

  • token_key (str) – the user’s API access token

  • token_secret (str) – the user’s API access token secret

Returns:

json object response from the API

Return type:

dict

oauth_dropins.flickr_auth.upload(params, file, token_key, token_secret)[source]

Upload a photo or video to this user’s Flickr account.

Flickr uploads use their own API endpoint, that returns only XML. https://www.flickr.com/services/api/upload.api.html

Unlike call_api_method(), this uses the requests library because urllib doesn’t support multi-part POSTs on its own.

Parameters:

  • params (dict) – the parameters to send to the API method

  • file (file-like object) – the image or video to upload

  • token_key (str) – the user’s API access token

  • token_secret (str) – the user’s API access token secret

Returns:

contains the photo id as id

Return type:

dict

Raises:

github

GitHub OAuth drop-in.

API docs:

class oauth_dropins.github.GitHubAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated GitHub user.

Provides methods that return information about this user and make OAuth-signed requests to the GitHub REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

GitHub-specific details: implements get() but not urlopen(), or api(). The key name is the username.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user’s full name or username.

access_token()[source]

Returns the OAuth access token string.

get(*args, **kwargs)[source]

Wraps requests.get() and adds the Bearer token header.

TODO: unify with medium.py.

post(*args, **kwargs)[source]

Wraps requests.post() and adds the Bearer token header.

TODO: unify with medium.py.

class oauth_dropins.github.Start(to_path, scopes=None)[source]

Bases: Start

Starts GitHub auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.github.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and stores it.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

google_signin

Google Sign-In OAuth drop-in.

Google Sign-In API docs: https://developers.google.com/identity/protocols/OAuth2WebServer

Python API client docs: https://developers.google.com/api-client-library/python/

requests-oauthlib docs:

class oauth_dropins.google_signin.GoogleUser(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Google user.

Provides methods that return information about this user and make OAuth-signed requests to Google APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

To make Google API calls: https://google-auth.readthedocs.io/

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user’s name.

access_token()[source]

Returns the OAuth access token string.

class oauth_dropins.google_signin.Start(to_path, scopes=None)[source]

Bases: Scopes, Start

Starts the OAuth flow.

LABEL = 'Google'

//developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth

Type:

https

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

class oauth_dropins.google_signin.Callback(to_path, scopes=None)[source]

Bases: Scopes, Callback

Finishes the OAuth flow.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

indieauth

IndieAuth drop-in.

https://indieauth.com/developers

oauth_dropins.indieauth.discover_endpoint(rel, resp)[source]

Fetch a URL and look for the rel Link header or HTML value.

Parameters:
Returns:

discovered rel value, or None if no endpoint was discovered

Return type:

str

oauth_dropins.indieauth.build_user_json(me)[source]

Returns a JSON dict with h-card, rel-me links, and me value.

Parameters:
Returns:

keys include me, the URL for this person; h-card, the representative h-card for this page; rel-me, a list of rel-me URLs found at this page

Return type:

dict

class oauth_dropins.indieauth.IndieAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated IndieAuth user.

Provides methods that return information about this user. Stores credentials in the datastore. Key is the authed me URL value. See models.BaseAuth for usage details.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user’s domain.

access_token()[source]

Return the access token, N/A for IndieAuth

class oauth_dropins.indieauth.Start(to_path, scopes=None)[source]

Bases: Start

Starts the IndieAuth flow. Requires the me parameter with the user URL that we want to authenticate.

redirect_url(state=None, me=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.indieauth.Callback(to_path, scopes=None)[source]

Bases: Callback

The callback view from the IndieAuth request. Performs an Authorization Code grant to verify the code.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

instagram

Instagram OAuth drop-in.

Instagram API docs: http://instagram.com/developer/endpoints/

Almost identical to Facebook, except the access token request has code and grant_type query parameters instead of just auth_code, the response has a user object instead of id, and the call to GET_ACCESS_TOKEN_URL is a POST instead of a GET. TODO: unify them.

class oauth_dropins.instagram.InstagramAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Instagram user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to Instagram’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Instagram-specific details: implements urlopen() but not api(). The key name is the Instagram username.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the Instagram username.

access_token()[source]

Returns the OAuth access token string.

urlopen(url, **kwargs)[source]

Wraps urlopen() and adds OAuth credentials to the request.

class oauth_dropins.instagram.Start(to_path, scopes=None)[source]

Bases: Start

Starts Instagram auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.instagram.Callback(to_path, scopes=None)[source]

Bases: Callback

The auth callback. Fetches an access token, stores it, and redirects home.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

linkedin

LinkedIn OAuth drop-in.

API docs: https://www.linkedin.com/developers/ https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin

class oauth_dropins.linkedin.LinkedInAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated LinkedIn user.

Provides methods that return information about this user and make OAuth-signed requests to the LinkedIn REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Implements get() but not urlopen() or api(). The key name is the ID (a URN).

Note that LI access tokens can be over 500 chars (up to 1k!), so they need to be TextProperty instead of StringProperty. https://docs.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/consumer/context#access-token-response

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user’s first and last name.

access_token()[source]

Returns the OAuth access token string.

get(*args, **kwargs)[source]

Wraps requests.get() and adds the Bearer token header.

TODO: unify with github.py, medium.py.

post(*args, **kwargs)[source]

Wraps requests.post() and adds the Bearer token header.

TODO: unify with github.py, medium.py.

class oauth_dropins.linkedin.Start(to_path, scopes=None)[source]

Bases: Start

Starts LinkedIn auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.linkedin.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and stores it.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

mastodon

Mastodon OAuth drop-in.

Mastodon is an ActivityPub implementation, but it also has a REST + OAuth 2 API independent of AP.

API docs: https://docs.joinmastodon.org/api/

Interestingly: as usual w/OAuth, they require registering apps beforehand…but since AP and Mastodon are decentralized, there’s no single place to register an app. So they have an API for registering apps, per instance: https://docs.joinmastodon.org/api/authentication/ Surprising, and unusual, but makes sense.

class oauth_dropins.mastodon.MastodonApp(**kwargs)[source]

Bases: Model

A Mastodon API OAuth2 app registered with a specific instance.

class oauth_dropins.mastodon.MastodonLogin(**kwargs)[source]

Bases: Model

An in-progress Mastodon OAuth login. Ephemeral.

Stores the state query parameter across the three-way OAuth user login process. Only needed as a workaround for a long-standing Mastodon/Doorkeeper configuration bug: https://github.com/snarfed/bridgy/issues/911 https://github.com/mastodon/mastodon/issues/12915

class oauth_dropins.mastodon.MastodonAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Mastodon user.

Provides methods that return information about this user and make OAuth-signed requests to the Mastodon REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Key name is the fully qualified actor address, ie @username@instance.tld.

Mastodon scopes are per access token, so SCOPES_RESET is True.

Implements get() and post() but not urlopen() or api().

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user’s full ActivityPub address, eg @ryan@mastodon.social.

instance()[source]

Returns the instance base URL, eg https://mastodon.social/.

username()[source]

Returns the user’s username, eg ryan.

user_id()[source]

Returns the user’s id, eg 123.

access_token()[source]

Returns the OAuth access token string.

get(*args, **kwargs)[source]

Wraps requests.get() and adds instance base URL and Bearer token header.

post(*args, **kwargs)[source]

Wraps requests.post() and adds the Bearer token header.

class oauth_dropins.mastodon.Start(to_path, scopes=None)[source]

Bases: Start

Starts Mastodon auth. Requests an auth code and expects a redirect back.

DEFAULT_SCOPE

string, default OAuth scope(s) to request

REDIRECT_PATHS

sequence of string URL paths (on this host) to register as OAuth callback (aka redirect) URIs in the OAuth app

SCOPE_SEPARATOR

string, used to separate multiple scopes

APP_CLASS

API app datastore class

EXPIRE_APPS_BEFORE

datetime, if the API client app was created before this, it will be discarded and a new one will be created. Set to the last time you changed something material about the client, eg redirect URLs or scopes.

APP_CLASS

alias of MastodonApp

app_name()[source]

Returns the user-visible name of this application.

To be overridden by subclasses. Displayed in Mastodon’s OAuth prompt.

app_url()[source]

Returns this application’s web site.

To be overridden by subclasses. Displayed in Mastodon’s OAuth prompt.

redirect_url(state=None, instance=None)[source]

Returns the local URL for Mastodon to redirect back to after OAuth prompt.

Parameters:

  • state – string, user-provided value to be returned as a query parameter in the return redirect

  • instance – string, Mastodon instance base URL, e.g. ‘https://mastodon.social’. May also be provided in the ‘instance’ request as a URL query parameter or POST body.

Raises: ValueError if instance isn’t a Mastodon instance.

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.mastodon.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and stores it.

AUTH_CLASS

alias of MastodonAuth

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

medium

Medium OAuth drop-in.

API docs: https://github.com/Medium/medium-api-docs#contents https://medium.com/developers/welcome-to-the-medium-api-3418f956552

Medium doesn’t let you use a localhost redirect URL. :/ A common workaround is to map an arbitrary host to localhost in your /etc/hosts, e.g.:

127.0.0.1 my.dev.com

You can then test on your local machine by running dev_appserver and opening http://my.dev.com:8080/ instead of http://localhost:8080/ .

class oauth_dropins.medium.MediumAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Medium user.

Provides methods that return information about this user and make OAuth-signed requests to the Medium REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Medium-specific details: implements get() but not urlopen() or api(). The key name is the user id (not username).

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the user’s full name or username.

access_token()[source]

Returns the OAuth access token string.

get(*args, **kwargs)[source]

Wraps requests.get() and adds the Bearer token header.

class oauth_dropins.medium.Start(to_path, scopes=None)[source]

Bases: Start

Starts Medium auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

class oauth_dropins.medium.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and stores it.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

meetup

Meetup.com drop-in.

API docs: https://www.meetup.com/meetup_api/

oauth_dropins.meetup.urlopen_bearer_token(url, access_token, data=None, **kwargs)[source]

Wraps urlopen() and adds OAuth credentials to the request.

class oauth_dropins.meetup.MeetupAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Meetup.com user.

Provides methods that return information about this user and make OAuth-signed requests to Meetup’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Implements urlopen() but not api().

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the Meetup.com user id.

access_token()[source]

Returns the OAuth access token string.

urlopen(url, **kwargs)[source]

Wraps urllib.request.urlopen() and adds OAuth credentials to the request.

Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.

The arguments, return value (urllib.request.Response), and exceptions raised (urllib.error.URLError) are the same as urllib2.urlopen.

class oauth_dropins.meetup.MeetupCsrf(**kwargs)[source]

Bases: Model

Stores a CSRF token for the Meetup.com OAuth2 flow.

class oauth_dropins.meetup.Start(to_path, scopes=None)[source]

Bases: Start

Starts Meetup.com auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.meetup.Callback(to_path, scopes=None)[source]

Bases: Callback

The auth callback. Fetches an access token, stores it, and redirects home.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

models

Base datastore model class for an authenticated account.

class oauth_dropins.models.BaseAuth(*args, id=None, **kwargs)[source]

Bases: StringIdModel

Datastore base model class for an authenticated user.

Provides methods that return information about this user and make OAuth-signed requests to the site’s API(s). Stores OAuth credentials in the datastore.

The key name is usually the user’s username or id. If it starts with two underscores (__), this class will prefix it with a \ character, since that prefix is not allowed in datastore key names: https://cloud.google.com/datastore/docs/concepts/entities

Many sites provide additional methods and store additional user information in a JSON property.

SCOPES_RESET

True if scopes granted to a given user reset to the just the most recent scopes requested, False if they accumulate across auth flows. Currently unused, informational only.

Type:

bool

key_id()[source]

Returns the key’s unescaped string id.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns a string user identifier, e.g. Ryan Barrett or snarfed.

api()[source]

Returns the site-specific Python API object, if any.

Returns None if the site doesn’t have a Python API. Only some do, currently Blogger, Instagram, Google, and Tumblr.

access_token()[source]

Returns the OAuth access token.

This is a string for OAuth 2 sites or a (string key, string secret) tuple for OAuth 1.1 sites (currently just Twitter and Tumblr).

urlopen(url, **kwargs)[source]

Wraps urllib.request.urlopen() and adds OAuth credentials to the request.

Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.

The arguments, return value (urllib.request.Response), and exceptions raised (urllib.error.URLError) are the same as urllib2.urlopen.

is_authority_for(key)[source]

When disabling or modifying an account, it’s useful to re-auth the user to make sure they have have permission to modify that account. Typically this means the auth entity represents the exact same user, but in some cases (e.g., Facebook Pages), a user may control several unique identities. So authenticating as a user should give you authority over their pages.

Parameters:

key – ndb.Key

Returns:

boolean, true if key represents the same account as this entity

static urlopen_access_token(url, access_token, api_key=None, **kwargs)[source]

Wraps urllib.request.urlopen() and adds an access_token query parameter.

Kwargs are passed through to urlopen().

class oauth_dropins.models.OAuthRequestToken(**kwargs)[source]

Bases: StringIdModel

Datastore model class for an OAuth 1.1 request token.

This is only intermediate data. Client should use BaseAuth subclasses to make API calls.

The key name is the token key.

class oauth_dropins.models.PkceCode(**kwargs)[source]

Bases: StringIdModel

An OAuth2 PKCE code challenge and code verifier.

The key name is the state query param value.

pixelfed

Pixelfed OAuth drop-in.

Pixelfed’s API is a clone of Mastodon’s v1 API: https://docs.pixelfed.org/technical-documentation/api-v1.html

class oauth_dropins.pixelfed.PixelfedApp(**kwargs)[source]

Bases: MastodonApp

A Pixelfed API OAuth2 app registered with a specific instance.

class oauth_dropins.pixelfed.PixelfedAuth(*args, id=None, **kwargs)[source]

Bases: MastodonAuth

An authenticated Pixelfed user.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

class oauth_dropins.pixelfed.Start(to_path, scopes=None)[source]

Bases: Start

Starts Pixelfed auth. Requests an auth code and expects a redirect back.

APP_CLASS

alias of PixelfedApp

class oauth_dropins.pixelfed.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and stores it.

AUTH_CLASS

alias of PixelfedAuth

reddit

reddit OAuth drop-in.

reddit API docs: https://github.com/reddit-archive/reddit/wiki/API https://www.reddit.com/dev/api https://www.reddit.com/prefs/apps

praw API docs: https://praw.readthedocs.io/en/v3.6.0/pages/oauth.html

class oauth_dropins.reddit.RedditAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated reddit user.

Provides methods that return information about this user and make OAuth-signed requests to the Tumblr API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

reddit-specific details: implements “access_token,” which is really a refresh_token see: https://stackoverflow.com/questions/28955541/how-to-get-access-token-reddit-api The datastore entity key name is the reddit username.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the username.

class oauth_dropins.reddit.Start(to_path, scopes=None)[source]

Bases: Start

Starts reddit auth. goes directly to redirect. passes to_path in “state”

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.reddit.Callback(to_path, scopes=None)[source]

Bases: Callback

OAuth callback. Only ensures that identity access was granted.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

oauth_dropins.reddit.praw_to_user(user)[source]

Converts a PRAW user to a dict user.

Parameters:

userpraw.models.Redditor

Note 1: accessing redditor attributes lazily calls reddit API Note 2: if user.is_suspended is True, other attributes will not exist Note 3: subreddit refers to a user profile (stored as a subreddit) Ref: https://praw.readthedocs.io/en/latest/code_overview/models/redditor.html

Returns: dict

Raises:

  • prawcore.exceptions.NotFound

  • deleted

tumblr

Tumblr OAuth drop-in.

API docs: http://www.tumblr.com/docs/en/api/v2 http://www.tumblr.com/oauth/apps

class oauth_dropins.tumblr.TumblrAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Tumblr user.

Provides methods that return information about this user and make OAuth-signed requests to the Tumblr API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Tumblr-specific details: implements api() but not urlopen(). api() returns a tumblpy.Tumblpy. The datastore entity key name is the Tumblr username.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the username.

access_token()[source]

Returns the OAuth access token as a (string key, string secret) tuple.

class oauth_dropins.tumblr.Start(to_path, scopes=None)[source]

Bases: Start

Starts Tumblr auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.tumblr.Callback(to_path, scopes=None)[source]

Bases: Callback

OAuth callback. Fetches the user’s blogs and stores the credentials.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

twitter

Twitter OAuth drop-in.

TODO: port to http://code.google.com/p/oauth/source/browse/#svn%2Fcode%2Fpython . tweepy is just a wrapper around that anyway.

class oauth_dropins.twitter.TwitterAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated Twitter user.

Provides methods that return information about this user and make OAuth-signed requests to the Twitter v1.1 API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Twitter-specific details: implements api(), get(), and post(). api() returns a tweepy.API; get() and post() wrap the corresponding requests methods. The datastore entity key name is the Twitter username.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the username.

access_token()[source]

Returns the OAuth access token as a (string key, string secret) tuple.

urlopen(url, **kwargs)[source]

Wraps urllib.request.urlopen() and adds an OAuth signature.

get(*args, **kwargs)[source]

Wraps requests.get() and adds an OAuth signature.

post(*args, **kwargs)[source]

Wraps requests.post() and adds an OAuth signature.

api()[source]

Returns a tweepy.API.

class oauth_dropins.twitter.Start(to_path, scopes=None, access_type=None)[source]

Bases: Start

Starts three-legged OAuth with Twitter.

Fetches an OAuth request token, then redirects to Twitter’s auth page to request an access token.

access_type

optional, ‘read’ or ‘write’. Passed through to Twitter as x_auth_access_type. If the twitter app has read/write or read/write/dm permissions, this lets you request a read-only token. Details: https://dev.twitter.com/docs/api/1/post/oauth/request_token

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

class oauth_dropins.twitter.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and redirects to the front page.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

twitter_auth

Utility functions for generating Twitter OAuth headers and making API calls.

This is a separate module from twitter.py so that projects like granary can use it without pulling in App Engine dependencies.

Supports Python 3. Should not depend on App Engine API or SDK packages.

oauth_dropins.twitter_auth.auth_header(url, token_key, token_secret, method='GET')[source]

Generates an Authorization header and returns it in a header dict.

Parameters:

  • url – string

  • token_key – string

  • token_secret – string

  • method – string

Returns:

single element with key ‘Authorization’

Return type:

dict

oauth_dropins.twitter_auth.signed_urlopen(url, token_key, token_secret, headers=None, **kwargs)[source]

Wraps urllib.request.urlopen() and adds an OAuth signature.

oauth_dropins.twitter_auth.tweepy_auth(token_key, token_secret)[source]

Returns a tweepy.OAuth.

twitter_v2

Twitter OAuth 2 drop-in.

https://developer.twitter.com/en/docs/authentication/oauth-2-0/user-access-token https://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code https://developer.twitter.com/en/docs/authentication/api-reference/token

class oauth_dropins.twitter_v2.TwitterOAuth2(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An OAuth2-authenticated Twitter user.

Provides methods that return information about this user and store OAuth 2 tokens in the datastore. See models.BaseAuth for usage details.

The datastore entity key name is the Twitter username.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the username.

access_token()[source]

Returns the OAuth access token JSON.

session()[source]

Returns a requests_oauthlib.OAuth2Session.

class oauth_dropins.twitter_v2.Start(to_path, scopes=None)[source]

Bases: Start

Starts three-legged OAuth with Twitter.

Redirects to Twitter’s auth prompt for user approval.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

class oauth_dropins.twitter_v2.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and redirects to the front page.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

views

Base OAuth flow views. Clients should use the individual site modules.

Example usage:

app = Flask()
app.add_url_rule('/start',
                 view_func=twitter.Start.as_view('start', '/callback'),
                 methods=['POST'])
app.add_url_rule('/callback',
                 view_func=twitter.Callback.as_view('callback', '/after'))
class oauth_dropins.views.BaseView(to_path, scopes=None)[source]

Bases: View

Base view class. Provides the to() factory method.

DEFAULT_SCOPE

default OAuth scope(s) to request

Type:

str

SCOPE_SEPARATOR

used to separate multiple scopes

Type:

str

LABEL

human-readable label, eg ‘Blogger’

Type:

str

NAME

module name; usually same as __name__.split(‘.’)[-1]

Type:

str

to_path

the base redirect URL path for the OAuth callback

Type:

str

scope

OAuth scopes, comma-separated

Type:

str

classmethod make_scope_str(extra)[source]

Returns an OAuth scopes query parameter value.

Combines DEFAULT_SCOPE and extra.

Parameters:

extra (sequence of str, or None) –

to_url(state=None)[source]

Returns a fully qualified callback URL based on to_path.

Includes scheme, host, and optional state.

request_url_with_state()[source]

Returns the current request URL, with the state query param if provided.

class oauth_dropins.views.Start(to_path, scopes=None)[source]

Bases: BaseView

Base class for starting an OAuth flow.

Users should use the to() class method when using this view in a WSGI application. See the file docstring for details.

If the state query parameter is provided in the request data, it will be returned to the client in the OAuth callback view. If the scope query parameter is provided, it will be added to the existing OAuth scopes.

Alternatively, clients may call redirect_url() and HTTP 302 redirect to it manually, which will start the same OAuth flow.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(to_path, form_classes='', form_method='post', form_extra='', image_prefix='', image_file=None, input_style='', scopes='', outer_classes='')[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.views.Callback(to_path, scopes=None)[source]

Bases: BaseView

Base OAuth callback view.

Users can use to() when using this view in a WSGI application to make it redirect to a given URL path on completion. See the file docstr for details.

Alternatively, you can subclass it and implement finish(), which will be called in the OAuth callback request directly, after the user has been authenticated.

The auth entity and optional state parameter provided to Start will be passed to finish() or as query parameters to the redirect URL.

finish(auth_entity, state=None)[source]

Called when the OAuth flow is complete. Clients may override.

Parameters:
Return type:

werkzeug.wrappers.Response

wordpress_rest

WordPress.com OAuth drop-in.

API docs:

Note that unlike Blogger and Tumblr, WordPress.com’s OAuth tokens are per blog. It asks you which blog to use on its authorization page.

Also, wordpress.com doesn’t let you use an oauth redirect URL with “local” or “localhost” anywhere in it. A common workaround is to map an arbitrary host to localhost in your /etc/hosts, e.g.:

127.0.0.1 my.dev.com

You can then test on your local machine by running dev_appserver and opening http://my.dev.com:8080/ instead of http://localhost:8080/ .

class oauth_dropins.wordpress_rest.WordPressAuth(*args, id=None, **kwargs)[source]

Bases: BaseAuth

An authenticated WordPress user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to the WordPress REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

WordPress-specific details: implements urlopen() but not api(). The key name is the blog hostname.

site_name()[source]

Returns the string name of the site, e.g. Facebook.

user_display_name()[source]

Returns the blog hostname.

access_token()[source]

Returns the OAuth access token string.

urlopen(url, **kwargs)[source]

Wraps urllib.request.urlopen() and adds OAuth credentials to the request.

class oauth_dropins.wordpress_rest.Start(to_path, scopes=None)[source]

Bases: Start

Starts WordPress auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)[source]

Returns the local URL for the OAuth service to redirect back to.

Subclasses must implement this.

Parameters:

state (str) – user-provided value to be returned as a query parameter in the return redirect

classmethod button_html(*args, **kwargs)[source]

Returns an HTML string with a login form and button for this site.

Parameters:

  • to_path (str) – path or URL for the form to POST to

  • form_classes (str) – optional, HTML classes to add to the <form>

  • form_classes – optional, HTML classes to add to the outer <div>

  • form_method (str) – optional, form action ie HTTP method, eg ‘get’; defaults to ‘post’

  • form_extra (str) – optional, extra HTML to insert inside the <form> before the button

  • scopes (str) – optional, OAuth scopes to override site’s default(s)

  • image_prefix (str) – optional, prefix to add to the beginning of image URL path, eg ‘/oauth_dropins/’

  • image_file (str) – optional, image filename. defaults to [cls.NAME].png

  • input_style (str) – optional, inline style to apply to the button <input>

Return type:

str

class oauth_dropins.wordpress_rest.Callback(to_path, scopes=None)[source]

Bases: Callback

The OAuth callback. Fetches an access token and stores it.

dispatch_request()[source]

The actual view function behavior. Subclasses must override this and return a valid response. Any variables from the URL rule are passed as keyword arguments.