oauth_dropins

Reference documentation.

• oauth_dropins
  • blogger_v2
  • disqus
  • dropbox
  • facebook
  • flickr
  • flickr_auth
  • googleplus
  • handlers
  • indieauth
  • instagram
  • medium
  • models
  • tumblr
  • twitter
  • twitter_auth
  • wordpress_rest

blogger_v2

Blogger v2 GData API OAuth drop-in.

Blogger API docs: https://developers.google.com/blogger/docs/2.0/developers_guide_protocol

Python GData API docs: http://gdata-python-client.googlecode.com/hg/pydocs/gdata.blogger.data.html

Uses google-api-python-client to auth via OAuth 2. This describes how to get gdata-python-client to use an OAuth 2 token from google-api-python-client: http://blog.bossylobster.com/2012/12/bridging-oauth-20-objects-between-gdata.html#comment-form

Support was added to gdata-python-client here: https://code.google.com/p/gdata-python-client/source/detail?r=ecb1d49b5fbe05c9bc6c8525e18812ccc02badc0

class oauth_dropins.blogger_v2.BloggerV2Auth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Blogger user.

Provides methods that return information about this user (or page) and make OAuth-signed requests to the Blogger API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Blogger-specific details: implements http() and api() but not urlopen(). api() returns a gdata.blogger.client.BloggerClient. The datastore entity key name is the Blogger user id.

access_token()

Returns the OAuth access token string.

static api_from_creds()

Returns a gdata.blogger.client.BloggerClient.

Parameters:oauth2_creds – OAuth2Credentials

blog_hostnames

An indexed Property whose value is a text string of limited length.

blog_ids

An indexed Property whose value is a text string of limited length.

blog_titles

An indexed Property whose value is a text string of limited length.

blogs_atom

An unindexed Property whose value is a text string of unlimited length.

creds()

Returns an oauth2client.OAuth2Credentials.

creds_json

An unindexed Property whose value is a text string of unlimited length.

http()

Returns an httplib2.Http that adds OAuth credentials to requests.

name

An indexed Property whose value is a text string of limited length.

picture_url

An unindexed Property whose value is a text string of unlimited length.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

user_atom

An unindexed Property whose value is a text string of unlimited length.

user_display_name()

Returns the user’s Blogger username.

class oauth_dropins.blogger_v2.CallbackHandler

Bases: object

OAuth callback handler factory.

static to()

class oauth_dropins.blogger_v2.CredentialsModel_Blogger(parent=None, key_name=None, _app=None, _from_entity=False, **kwds)

Bases: oauth2client.appengine.CredentialsModel

class oauth_dropins.blogger_v2.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler, oauth_dropins.handlers.CallbackHandler

Connects a Blogger account. Authenticates via OAuth.

AUTHOR_URI_RE = <_sre.SRE_Pattern object at 0x34126f0>

DEFAULT_SCOPE = 'https://www.blogger.com/feeds/'

handle_exception(e, debug)

Exception handler that passes back HttpErrors as real HTTP errors.

classmethod to(to_path, scopes=None)

Override this since we need to_path to instantiate the oauth decorator.

class oauth_dropins.blogger_v2.StorageByKeyName_Blogger(**kwargs)

Bases: oauth2client.appengine.StorageByKeyName

disqus

Disqus OAuth drop-in.

Disqus API docs: https://disqus.com/api/docs/

This drop-in is even more similar to Instagram than Instagram is to Facebook. Differences:

• urlopen must pass the api_key with each request (in addition to the access_token)
• Response to access_token does not give much information about the user, so we additionally fetch /user/details before saving
• Deny appears to be broken on Disqus’s side (clicking “No Thanks” has no effect), so we ignore that possibility for now.

TODO unify Disqus, Facebook, and Instagram

class oauth_dropins.disqus.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The auth callback. Fetches an access token, stores it, and redirects home.

get()

handle_error()

Handles any error reported in the callback query parameters.

Parameters:handler – CallbackHandler

Returns: True if there was an error, False otherwise.

class oauth_dropins.disqus.DisqusAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Disqus user.

Provides methods that return information about this user (or page) and make OAuth-signed requests to Instagram’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Disqus-specific details: implements urlopen() but not http() or api(). The key name is the Disqus user id.

access_token()

Returns the OAuth access token string.

access_token_str

An indexed Property whose value is a text string of limited length.

auth_code

An indexed Property whose value is a text string of limited length.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

urlopen(url, **kwargs)

Wraps urllib2.urlopen() and adds OAuth credentials to the request.

user_display_name()

Returns the user’s name.

user_json

An unindexed Property whose value is a text string of unlimited length.

class oauth_dropins.disqus.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts Disqus auth. Requests an auth code and expects a redirect back.

DEFAULT_SCOPE = 'read'

redirect_url(state=None)

oauth-dropin subclasses must implement this.

dropbox

Dropbox OAuth drop-in.

Standard OAuth 2.0 flow. Docs: https://www.dropbox.com/developers/core/docs https://www.dropbox.com/developers/reference/oauthguide

class oauth_dropins.dropbox.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The auth callback. Fetches an access token, stores it, and redirects home.

get()

class oauth_dropins.dropbox.DropboxAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Dropbox user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to Dropbox’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Implements urlopen() but not http() or api().

access_token()

Returns the OAuth access token string.

access_token_str

An indexed Property whose value is a text string of limited length.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

urlopen(url, **kwargs)

Wraps urllib2.urlopen() and adds OAuth credentials to the request.

user_display_name()

Returns the Dropbox user id.

class oauth_dropins.dropbox.DropboxCsrf(**kwds)

Bases: google.appengine.ext.ndb.model.Model

Stores a CSRF token for the Dropbox OAuth2 flow.

state

An unindexed Property whose value is a text string of unlimited length.

token

An indexed Property whose value is a text string of limited length.

class oauth_dropins.dropbox.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts Dropbox auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)

oauth-dropin subclasses must implement this.

facebook

Facebook OAuth drop-in.

https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow

TODO: implement client state param TODO: unify this with instagram. see file docstring comment there.

class oauth_dropins.facebook.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The auth callback. Fetches an access token, stores it, and redirects home.

get()

static handle_error()

Handles any error reported in the callback query parameters.

Parameters:handler – CallbackHandler

Returns: True if there was an error, False otherwise.

class oauth_dropins.facebook.FacebookAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Facebook user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to Facebook’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Facebook-specific details: implements urlopen() but not http() or api(). The key name is the user’s or page’s Facebook ID.

access_token()

Returns the OAuth access token string.

access_token_str

An indexed Property whose value is a text string of limited length.

auth_code

An indexed Property whose value is a text string of limited length.

for_page(page_id)

Returns a new, unsaved FacebookAuth entity for a page in pages_json.

The returned entity’s properties will be populated with the page’s data. access_token will be the page access token, user_json will be the page object, and pages_json will be a single-element list with the page.

If page_id is not in pages_json, returns None.

Parameters:page_id – string, Facebook page id

is_authority_for(key)

Additionally check if the key represents a Page that this user has authority over.

Parameters:auth_entity_key – ndb.Key

Returns: boolean, true if key represents this user or one of the user’s pages.

pages_json

An unindexed Property whose value is a text string of unlimited length.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

type

An indexed Property whose value is a text string of limited length.

urlopen(url, **kwargs)

Wraps urllib2.urlopen() and adds OAuth credentials to the request.

user_display_name()

Returns the user’s or page’s name.

user_json

An unindexed Property whose value is a text string of unlimited length.

class oauth_dropins.facebook.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts Facebook auth. Requests an auth code and expects a redirect back.

redirect_url(state=None, app_id=None)

oauth-dropin subclasses must implement this.

flickr

Flickr OAuth drop-in.

Uses oauthlib directly to authenticate and sign requests with OAuth 1.0 credentials. https://www.flickr.com/services/api/auth.oauth.html

Note that when users decline Flickr’s OAuth prompt by clicking the Cancel button, Flickr redirects them to its home page, not to us.

class oauth_dropins.flickr.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The OAuth callback. Fetches an access token and redirects to the front page.

get()

class oauth_dropins.flickr.FlickrAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Flickr user.

Provides methods that return information about this user and make OAuth-signed requests to the Flickr API. Stores OAuth credentials in the datastore. Key is the Flickr user ID. See models.BaseAuth for usage details.

access_token()

Returns the OAuth access token as a (string key, string secret) tuple.

call_api_method(method, params)

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

token_key

An indexed Property whose value is a text string of limited length.

token_secret

An indexed Property whose value is a text string of limited length.

urlopen(url, **kwargs)

Wraps urllib2.urlopen() and adds OAuth credentials to the request.

Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.

The arguments, return value (urllib2.Response), and exceptions raised (urllib2.URLError) are the same as urllib2.urlopen.

user_display_name()

Returns the user id.

user_json

An unindexed Property whose value is a text string of unlimited length.

class oauth_dropins.flickr.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts three-legged OAuth with Flickr.

Fetches an OAuth request token, then redirects to Flickr’s auth page to request an access token.

redirect_url(state=None)

oauth-dropin subclasses must implement this.

flickr_auth

Utility functions for calling signed Flickr API methods.

oauth_dropins.flickr_auth.call_api_method(method, params, token_key, token_secret)

Call a Flickr API method.

Flickr has one API endpoint, where different methods are called by name.

If the “stat” field contains “fail”, then this method creates an artificial HTTPError 400 or 401 depending on the type of failure.

Parameters:

• method (string) – the API method name (e.g. flickr.photos.getInfo)
• params (dict) – the parameters to send to the API method
• token_key (string) – the user’s API access token
• token_secret (string) – the user’s API access token secret

Returns:

json object response from the API

oauth_dropins.flickr_auth.raise_for_failure(url, code, msg)

oauth_dropins.flickr_auth.signed_urlopen(url, token_key, token_secret, **kwargs)

Call urllib2.urlopen(), signing the request with Flickr credentials.

Parameters:

• url (string) – the url to open
• token_key (string) – user’s access token
• token_secret (string) – the user’s access token secret
• timeout (Optional[int]) – the request timeout, falls back to HTTP_TIMEOUT if not specified

Returns:

the file-like object that is the result of urllib2.urlopen()

oauth_dropins.flickr_auth.upload(params, file, token_key, token_secret)

Upload a photo or video to this user’s Flickr account.

Flickr uploads use their own API endpoint, that returns only XML. https://www.flickr.com/services/api/upload.api.html

Unlike call_api_method(), this uses the requests library because urllib2 doesn’t support multi-part POSTs on its own.

Parameters:

• params (dict) – the parameters to send to the API method
• file (file-like object) – the image or video to upload
• token_key (string) – the user’s API access token
• token_secret (string) – the user’s API access token secret

Returns:

dict containing the photo id (as ‘id’)

Raises:

• requests.HTTPError on HTTP error or urllib2.HTTPError if
• we get a stat=’fail’ response from Flickr.

googleplus

Google+ OAuth drop-in.

Google+ API docs: https://developers.google.com/+/api/latest/ Python API client docs: https://developers.google.com/api-client-library/python/

TODO: check that overriding CallbackHandler.finish() actually works.

class oauth_dropins.googleplus.CallbackHandler

Bases: object

OAuth callback handler factory.

static to()

class oauth_dropins.googleplus.GooglePlusAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Google+ user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to the Google+ API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Google+-specific details: implements http() and api() but not urlopen(). api() returns a apiclient.discovery.Resource. The datastore entity key name is the Google+ user id. Uses credentials from the stored CredentialsModel since google-api-python-client stores refresh tokens there.

access_token()

Returns the OAuth access token string.

api()

Returns an apiclient.discovery.Resource for the Google+ JSON API.

To use it, first choose a resource type (e.g. People), then make a call, then execute that call with an authorized Http instance. For example:

gpa = GooglePlusAuth.get_by_id(‘123’) results_json = gpa.people().search(query=’ryan’).execute(gpa.http())

More details: https://developers.google.com/api-client-library/python/

creds()

Returns an oauth2client.OAuth2Credentials.

creds_json

An unindexed Property whose value is a text string of unlimited length.

creds_model

A Property whose value is a Key object.

Optional keyword argument: kind=<kind>, to require that keys assigned to this property always have the indicated kind. May be a string or a Model subclass.

http(**kwargs)

Returns an httplib2.Http that adds OAuth credentials to requests.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

user_display_name()

Returns the user’s name.

user_json

An unindexed Property whose value is a text string of unlimited length.

class oauth_dropins.googleplus.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler, oauth_dropins.handlers.CallbackHandler

Starts and finishes the OAuth flow. The decorator handles the redirects.

DEFAULT_SCOPE = 'https://www.googleapis.com/auth/plus.me'

handle_exception(e, debug)

Exception handler that passes back HttpErrors as real HTTP errors.

classmethod to(to_path, scopes=None)

Override this since we need to_path to instantiate the oauth decorator.

oauth_dropins.googleplus.handle_exception(self, e, debug)

Exception handler that passes back HttpErrors as real HTTP errors.

oauth_dropins.googleplus.init_json_service()

handlers

Based flow request handlers. Clients should use the individual site modules.

Example usage:

application = webapp2.WSGIApplication([

(‘/oauth_start’, facebook.StartHandler.to(‘/oauth_callback’)), (‘/oauth_callback’, facebook.CallbackHandler.to(‘/done’)), (‘/done’, AuthenticatedHandler), … ]

class oauth_dropins.handlers.BaseHandler(request=None, response=None)

Bases: webapp2.RequestHandler

Base request handler class. Provides the to() factory method.

DEFAULT_SCOPE = ''

handle_exception(e, debug)

A webapp2 exception handler that propagates HTTP exceptions into the response.

Use this as a webapp2.RequestHandler handle_exception() method by adding this line to your handler class definition:

handle_exception = handlers.handle_exception

I originally tried to put this in a RequestHandler subclass, but it gave me this exception:

File ".../webapp2-2.5.1/webapp2_extras/local.py", line 136, in _get_current_object
  raise RuntimeError('no object bound to %s' % self.__name__) RuntimeError: no object bound to app

These are probably related: * http://eemyop.blogspot.com/2013/05/digging-around-in-webapp2-finding-out.html * http://code.google.com/p/webapp-improved/source/detail?r=d962ac4625ce3c43a3e59fd7fc07daf8d7b7c46a

classmethod make_scope_str(extra, separator=', ')

Returns an OAuth scopes query parameter value.

Combines DEFAULT_SCOPE and extra.

Parameters:

• extra – string, sequence of strings, or None
• separator – string (optional), the separator between multiple scopes. defaults to ‘,’

request_url_with_state()

Returns the current request URL, with the state query param if provided.

classmethod to(path, scopes=None)

to_path = None

to_url(state=None)

Returns a fully qualified callback URL based on to_path.

Includes scheme, host, and optional state.

class oauth_dropins.handlers.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.BaseHandler

Base OAuth callback request handler.

Users can use the to() class method when using this request handler in a WSGI application to make it redirect to a given URL path on completion. See the file docstring for details.

Alternatively, you can subclass it and implement finish(), which will be called in the OAuth callback request directly, after the user has been authenticated.

The auth entity and optional state parameter provided to StartHandler will be passed to finish() or as query parameters to the redirect URL.

finish(auth_entity, state=None)

Called when the OAuth flow is complete. Clients may override.

Parameters:

• auth_entity – a site-specific subclass of models.BaseAuth, or None if the user declined the site’s OAuth authorization request.
• state – the string passed to StartHandler.redirect_url()

class oauth_dropins.handlers.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.BaseHandler

Base class for starting an OAuth flow.

Users should use the to() class method when using this request handler in a WSGI application. See the file docstring for details.

If the ‘state’ query parameter is provided in the request data, it will be returned to the client in the OAuth callback handler. If the ‘scope’ query parameter is provided, it will be added to the existing OAuth scopes.

Alternatively, clients may call redirect_url() and HTTP 302 redirect to it manually, which will start the same OAuth flow.

get()

post()

redirect_url(state=None)

oauth-dropin subclasses must implement this.

indieauth

IndieAuth drop-in.

https://indieauth.com/developers

class oauth_dropins.indieauth.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The callback handler from the IndieAuth request. POSTs back to the auth endpoint to verify the authentication code.

get()

class oauth_dropins.indieauth.IndieAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated IndieAuth user.

Provides methods that return information about this user. Stores credentials in the datastore. Key is the domain name. See models.BaseAuth for usage details.

access_token()

Return the access token, N/A for IndieAuth

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

user_display_name()

Returns the user’s domain.

user_json

An unindexed Property whose value is a text string of unlimited length.

class oauth_dropins.indieauth.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts the IndieAuth flow. Requires the ‘me’ parameter with the user URL that we want to authenticate.

redirect_url(state=None)

oauth-dropin subclasses must implement this.

oauth_dropins.indieauth.build_user_json(me, resp=None)

user_json contains an h-card, rel-me links, and “me” :param me: string, URL of the user, returned by :param resp: requests.Response (optional), re-use response if it’s already been fetched

Returns:

dict, with ‘me’, the URL for this person; ‘h-card’, the representative h-card

for this page; ‘rel-me’, a list of rel-me URLs found at this page

oauth_dropins.indieauth.discover_authorization_endpoint(me, resp=None)

Fetch a URL and look for authorization_endpoint Link header or rel-value.

Parameters:

• me – string, URL to fetch
• resp – requests.Response (optional), re-use response if it’s already been fetched

Returns:

string, the discovered indieauth URL or the default indieauth.com URL

instagram

Instagram OAuth drop-in.

Instagram API docs: http://instagram.com/developer/endpoints/

Almost identical to Facebook, except the access token request has code and grant_type query parameters instead of just auth_code, the response has a user object instead of id, and the call to GET_ACCESS_TOKEN_URL is a POST instead of a GET. TODO: unify them.

class oauth_dropins.instagram.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The auth callback. Fetches an access token, stores it, and redirects home.

get()

class oauth_dropins.instagram.InstagramAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Instagram user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to Instagram’s HTTP-based APIs. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Instagram-specific details: implements urlopen() but not api() nor http(). The key name is the Instagram username.

access_token()

Returns the OAuth access token string.

access_token_str

An indexed Property whose value is a text string of limited length.

auth_code

An indexed Property whose value is a text string of limited length.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

urlopen(url, **kwargs)

Wraps urllib2.urlopen() and adds OAuth credentials to the request.

user_display_name()

Returns the Instagram username.

user_json

An unindexed Property whose value is a text string of unlimited length.

class oauth_dropins.instagram.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts Instagram auth. Requests an auth code and expects a redirect back.

DEFAULT_SCOPE = 'basic'

redirect_url(state=None)

oauth-dropin subclasses must implement this.

medium

Medium OAuth drop-in.

API docs: https://github.com/Medium/medium-api-docs#contents https://medium.com/developers/welcome-to-the-medium-api-3418f956552

Medium doesn’t let you use a localhost redirect URL. : / A common workaround is to map an arbitrary host to localhost in your /etc/hosts, e.g.:

127.0.0.1 my.dev.com

You can then test on your local machine by running dev_appserver and opening http://my.dev.com:8080/ instead of http://localhost:8080/ .

class oauth_dropins.medium.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The OAuth callback. Fetches an access token and stores it.

get()

class oauth_dropins.medium.MediumAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Medium user.

Provides methods that return information about this user and make OAuth-signed requests to the Medium REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Medium-specific details: implements get() but not urlopen(), http(), or api(). The key name is the user id (not username).

access_token()

Returns the OAuth access token string.

access_token_str

An indexed Property whose value is a text string of limited length.

get(*args, **kwargs)

Wraps requests.get() and adds the Bearer token header.

publications_json

An unindexed Property whose value is a text string of unlimited length.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

user_display_name()

Returns the user’s full name or username.

user_json

An unindexed Property whose value is a text string of unlimited length.

class oauth_dropins.medium.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts Medium auth. Requests an auth code and expects a redirect back.

DEFAULT_SCOPE = 'basicProfile'

redirect_url(state=None)

oauth-dropin subclasses must implement this.

models

Base datastore model class for an authenticated account.

class oauth_dropins.models.BaseAuth(**kwds)

Bases: oauth_dropins.webutil.models.StringIdModel

Datastore base model class for an authenticated user.

Provides methods that return information about this user and make OAuth-signed requests to the site’s API(s). Stores OAuth credentials in the datastore. The key name is usually the user’s username or id.

Many sites provide additional methods and store additional user information in a JSON property.

access_token()

Returns the OAuth access token.

This is a string for OAuth 2 sites or a (string key, string secret) tuple for OAuth 1.1 sites (currently just Twitter and Tumblr).

api()

Returns the site-specific Python API object, if any.

Returns None if the site doesn’t have a Python API. Only some do, currently Blogger, Instagram, Google+, and Tumblr.

http()

Returns an httplib2.Http that adds OAuth credentials to requests.

Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.

is_authority_for(key)

When disabling or modifying an account, it’s useful to re-auth the user to make sure they have have permission to modify that account. Typically this means the auth entity represents the exact same user, but in some cases (e.g., Facebook Pages), a user may control several unique identities. So authenticating as a user should give you authority over their pages.

Parameters:key – ndb.Key

Returns: boolean, true if key represents the same account as this entity

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

urlopen(url, **kwargs)

Wraps urllib2.urlopen() and adds OAuth credentials to the request.

Use this for making direct HTTP REST request to a site’s API. Not guaranteed to be implemented by all sites.

The arguments, return value (urllib2.Response), and exceptions raised (urllib2.URLError) are the same as urllib2.urlopen.

static urlopen_access_token(access_token, api_key=None, **kwargs)

Wraps urllib2.urlopen() and adds an access_token query parameter.

Kwargs are passed through to urlopen().

user_display_name()

Returns a string user identifier, e.g. ‘Ryan Barrett’ or ‘snarfed’.

class oauth_dropins.models.OAuthRequestToken(**kwds)

Bases: oauth_dropins.webutil.models.StringIdModel

Datastore model class for an OAuth 1.1 request token.

This is only intermediate data. Client should use BaseAuth subclasses to make API calls.

The key name is the token key.

state

An indexed Property whose value is a text string of limited length.

token_secret

An indexed Property whose value is a text string of limited length.

tumblr

Tumblr OAuth drop-in.

API docs: http://www.tumblr.com/docs/en/api/v2 http://www.tumblr.com/oauth/apps

class oauth_dropins.tumblr.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

OAuth callback. Fetches the user’s blogs and stores the credentials.

get()

handle_exception(e, debug)

Exception handler that handles Tweepy errors.

class oauth_dropins.tumblr.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts Tumblr auth. Requests an auth code and expects a redirect back.

handle_exception(e, debug)

Exception handler that handles Tweepy errors.

redirect_url(state=None)

oauth-dropin subclasses must implement this.

class oauth_dropins.tumblr.TumblrAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Tumblr user.

Provides methods that return information about this user and make OAuth-signed requests to the Tumblr API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Tumblr-specific details: implements api() but not urlopen() or http(). api() returns a tumblpy.Tumblpy. The datastore entity key name is the Tumblr username.

access_token()

Returns the OAuth access token as a (string key, string secret) tuple.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

token_key

An indexed Property whose value is a text string of limited length.

token_secret

An indexed Property whose value is a text string of limited length.

user_display_name()

Returns the username.

user_json

An unindexed Property whose value is a text string of unlimited length.

oauth_dropins.tumblr.handle_exception(self, e, debug)

Exception handler that handles Tweepy errors.

twitter

Twitter OAuth drop-in.

TODO: port to http://code.google.com/p/oauth/source/browse/#svn%2Fcode%2Fpython . tweepy is just a wrapper around that anyway.

class oauth_dropins.twitter.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The OAuth callback. Fetches an access token and redirects to the front page.

get()

handle_exception(e, debug)

Exception handler that handles Tweepy errors.

class oauth_dropins.twitter.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts three-legged OAuth with Twitter.

Fetches an OAuth request token, then redirects to Twitter’s auth page to request an access token.

access_type

optional, ‘read’ or ‘write’. Passed through to Twitter as x_auth_access_type. If the twitter app has read/write or read/write/dm permissions, this lets you request a read-only token. Details: https://dev.twitter.com/docs/api/1/post/oauth/request_token

handle_exception(e, debug)

Exception handler that handles Tweepy errors.

redirect_url(state=None)

oauth-dropin subclasses must implement this.

classmethod to(path, scopes=None, access_type=None)

class oauth_dropins.twitter.TwitterAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated Twitter user.

Provides methods that return information about this user and make OAuth-signed requests to the Twitter v1.1 API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

Twitter-specific details: implements api(), get(), and post() but not http(). api() returns a tweepy.API; get() and post() wrap the corresponding requests methods. The datastore entity key name is the Twitter username.

access_token()

Returns the OAuth access token as a (string key, string secret) tuple.

api()

Returns a tweepy.API.

get(*args, **kwargs)

Wraps requests.get() and adds an OAuth signature.

post(*args, **kwargs)

Wraps requests.post() and adds an OAuth signature.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

token_key

An indexed Property whose value is a text string of limited length.

token_secret

An indexed Property whose value is a text string of limited length.

urlopen(url, **kwargs)

Wraps urllib2.urlopen() and adds an OAuth signature.

user_display_name()

Returns the username.

user_json

An unindexed Property whose value is a text string of unlimited length.

oauth_dropins.twitter.handle_exception(self, e, debug)

Exception handler that handles Tweepy errors.

twitter_auth

Utility functions for generating Twitter OAuth headers and making API calls.

This is a separate module from twitter.py so that projects like granary can use it without pulling in App Engine dependencies.

oauth_dropins.twitter_auth.auth_header(url, token_key, token_secret, method='GET')

Generates an Authorization header and returns it in a header dict.

Parameters:

• url – string
• token_key – string
• token_secret – string
• method – string

Returns: single element dict with key ‘Authorization’

oauth_dropins.twitter_auth.signed_urlopen(url, token_key, token_secret, headers=None, **kwargs)

Wraps urllib2.urlopen() and adds an OAuth signature.

oauth_dropins.twitter_auth.tweepy_auth(token_key, token_secret)

Returns a tweepy.OAuthHandler.

wordpress_rest

WordPress.com OAuth drop-in.

API docs: https://developer.wordpress.com/docs/api/ https://developer.wordpress.com/docs/oauth2/

Note that unlike Blogger and Tumblr, WordPress.com’s OAuth tokens are per blog. It asks you which blog to use on its authorization page.

Also, wordpress.com doesn’t let you use an oauth redirect URL with “local” or “localhost” anywhere in it. : / A common workaround is to map an arbitrary host to localhost in your /etc/hosts, e.g.:

127.0.0.1 my.dev.com

You can then test on your local machine by running dev_appserver and opening http://my.dev.com:8080/ instead of http://localhost:8080/ .

class oauth_dropins.wordpress_rest.CallbackHandler(request=None, response=None)

Bases: oauth_dropins.handlers.CallbackHandler

The OAuth callback. Fetches an access token and stores it.

get()

class oauth_dropins.wordpress_rest.StartHandler(*args, **kwargs)

Bases: oauth_dropins.handlers.StartHandler

Starts WordPress auth. Requests an auth code and expects a redirect back.

redirect_url(state=None)

oauth-dropin subclasses must implement this.

class oauth_dropins.wordpress_rest.WordPressAuth(**kwds)

Bases: oauth_dropins.models.BaseAuth

An authenticated WordPress user or page.

Provides methods that return information about this user (or page) and make OAuth-signed requests to the WordPress REST API. Stores OAuth credentials in the datastore. See models.BaseAuth for usage details.

WordPress-specific details: implements urlopen() but not http() or api(). The key name is the blog hostname.

access_token()

Returns the OAuth access token string.

access_token_str

An indexed Property whose value is a text string of limited length.

blog_id

An indexed Property whose value is a text string of limited length.

blog_url

An indexed Property whose value is a text string of limited length.

site_name()

Returns the string name of the site, e.g. ‘Facebook’.

urlopen(url, **kwargs)

Wraps urllib2.urlopen() and adds OAuth credentials to the request.

user_display_name()

Returns the blog hostname.

user_json

An unindexed Property whose value is a text string of unlimited length.