The OAuth library for Python
See all
Members (304)
Ib Lundgren's profile photo
SeongHyun Ahn's profile photo
Niels Roosen's profile photo
Dima Polsky's profile photo
Kym McInerney's profile photo
Andrew Cameron's profile photo
ravindra mudumby's profile photo
joe dumoulin's profile photo
Tuan Cuong's profile photo
Steve Martinelli's profile photo
Henrique Cardoso de Faria (henriquecf)'s profile photo
Lunang C's profile photo
Akana's profile photo
Gunnar Scherf's profile photo
Joshua Fonollosa's profile photo
Daishin Labs's profile photo
Federico Carbonell's profile photo
Hsiaoming Yang's profile photo
Golden Land Myanmar CMM's profile photo
Mohd Helmy Othman's profile photo
Cheng-Lung Sung's profile photo
Tyler Jones's profile photo
Bob Troia's profile photo
Charlie Ward's profile photo

Stream

Join this community to post or comment

Eric Stein

Discussion  - 
 
Can someone look at https://github.com/idan/oauthlib/issues/435 and tell me if I'm understanding this right?
The OAuth2.0 RFC requires the authorization server to support using Basic auth to pass the client authentication to the identity provider, but the Request class doesn't appear to support this. htt...
1
Add a comment...

Adam Addamsky

Discussion  - 
 
Hello. Are there any generic real life examples of how to build a provider with oauthlib? I'm going though the documentation at http://oauthlib.readthedocs.org/en/latest/oauth2/server.html, it is all nice but half of it is in relation to django and even that does not go into the details of HOWTO.
1
andrei sura's profile photo
 
Here is a working provider implementation https://github.com/lepture/example-oauth2-server
Add a comment...

Michel Jung

Discussion  - 
 
Forged Alliance Forever is implementing a RESTful API using Flask-OAuthlib. Great library. And a great game :-)
1
Add a comment...

Theodore Siu

Discussion  - 
 
Hi all,

I am here because I trying to use tornado to manually implement oauth logins on facebook. I keep running into mismatching state errors which I do not understand how to fix. More information can be found in my stackoverflow question http://stackoverflow.com/questions/32195573/passing-a-facebook-oauth2-object-while-using-tornado. Any help is appreciated!
1
Add a comment...

Alejandro Mora

Discussion  - 
 
I want to integrate oauthlib to app built in tornado, but i don't know how start, i want implement a resource owner authentication, somebody can explain me where start.
1
Alejandro Mora's profile photoOscar Giraldo Castillo's profile photo
4 comments
Add a comment...

Steve Lay

Discussion  - 
 
Thanks for this project, I've just moved some code for implementing IMS LTI from the old oauth module to oauthlib. The SignatureOnlyEndpoint is great, just what I needed.  If you are interested my code is in https://github.com/swl10/pyslet/blob/master/pyslet/imsbltiv1p0.py

The only issue I have is that my RequestValidator gets called twice with a client_key and each time I have to look it up in the database.  I do a DB lookup in validate_client_key and get_client_secret.  These calls happen during validate_request, after which I have to lookup my consumer object again, for a third time.  The old oauth module used a consumer object which was passed around and eventually returned by the validator.  I'd be interested in any tips for dealing with this situation.
1
Add a comment...

Ib Lundgren
owner

Discussion  - 
 
If you would like to help oauthlib by doing code reviews please ping https://github.com/idan/oauthlib/issues/294 and I will ask you to review  pull requests I make in the future. 

Your help will be much appreciated!
1
Add a comment...

Shakir Thowseen

Discussion  - 
 
This is a well documented awesome Lib. I implemented it for google AppEngine by using NDB and Cloud SQL and it works! #oauth2  
1
Rob Harrison's profile photo
5 comments
 
Hey Shakir, in your article you reference example files but there is no link.  Did you ever make those example files or are they available?  I'm trying to get this library to work but really struggling.  Lots of the docs don't seem to relate to app engine framework and not much info on the validators.  
Add a comment...

Moiz Tankiwala

Discussion  - 
 
I am having this issue with Microsoft Windows Live oAuth setup. Can anyone help?
I have an ASP.Net C# Web Application in which I have added Windows Live oAuth authentication (I am not using the code supplied by the Visual Studio project template for oAuth). I have two return p...
1
1
Ib Lundgren's profile photoMoiz Tankiwala's profile photo
2 comments
 
I already tried registering another application with Microsoft. But they allow only one application per root domain name
Add a comment...
 
Oauthlib used in python based frappe framework https://github.com/revant/mnt_oauth

Contribute to mnt_oauth development by creating an account on GitHub.
1
Add a comment...

Joel Stevenson

Discussion  - 
 
Hey all. I'm hoping to include support for OpenID Connect for a project I'm working on and I noticed that there was some past work done on an experimental branch in oauthlib (by ib-lundgren on https://github.com/idan/oauthlib/issues/238). I've gone ahead and tried to bring that fork up to date with master, done some work to complete what's needed to support the Authorization Code Flow (and a bit for the Implicit Flow).

I'm validating the code using the tox tests and have modified a version of the django-oauth2-tookit in my project that's using it successfully (dev environment).

I wonder if there's anyone who would be willing to take a look and give me feedback so I can try to get the code into some sort of shape that it might eventually be considered for merging into master?

Code's at https://github.com/joelstevenson/oauthlib/tree/openid_connect

Any feedback would be really appreciated!

Hello, I've been reading the OpenID Connect spec to implement it on top of Django-OAuth-Toolkit, but I think this feature belongs to oauthlib, what do you think? I have some code (inside DOT, not...
1
Johan Hartzenberg's profile photo
 
I've been waiting for someone with the know-how to tackle this. Thank you.

Add a comment...

Niels Roosen

Discussion  - 
 
Hi, could it be that a bug was introduced with this change? https://github.com/idan/oauthlib/commit/fb04a84e331e6b0a8fd51ed38cd09445af232b31

I'm authenticating against an API without scope, and then I get a NoneType exception on line 32 in this particular spot. Shouldn't line 31 read: if 'scope' in params and params['scope']: ?
1
Niels Roosen's profile photo
2 comments
 
I submitted a pull request: https://github.com/idan/oauthlib/pull/400
Add a comment...
 
Hey guys. I'm implement OAuth just for authenticate a mobile client and I don't undestand why this require an user related to the client, here is the code who forces me to have this relationship:

```
if grant_type == 'client_credentials':
if not hasattr(client, 'user'):
log.debug('Client should have a user property')
return False
request.user = client.user
```

Some one can enlight this for me? Thanks a lot!
1
Pablo Palácios's profile photo
 
According to docs, it is a good practice to link a client with a user. This is so to prevent malicious clients to connect with your API.

Check it: https://oauthlib.readthedocs.org/en/latest/oauth2/server.html#client-or-consumer
Add a comment...

Randall Leeds

Discussion  - 
 
Hello everyone! I just joined because I wanted to drop a link to some work I've been doing with integrating Pyramid and OAuthLib and some work I've done to implement a grant type for draft-ietf-oauth-jwt-bearer (https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer).

I'll submit a PR to add documentation links to my Pyramid integration, but I wanted feedback on the thoughts in this thread about JWT use.

Thanks!

https://groups.google.com/d/msg/pylons-discuss/exa0etgNX48/vKC1lrz4_1EJ
Google Groups allows you to create and participate in online forums and email-based groups with a rich experience for community conversations.
1
Add a comment...

Rob Harrison

Discussion  - 
 
Anyone who'd be able to help me put together some sort of implementation for app engine?  I'm reading the docs but I must be missing something somewhere.  Unable to get the simplest grant type to work at the moment.  
1
Add a comment...

mike waites

Discussion  - 
 
Hey guys, is there somewhere you know of where i can field more specific questions about how to handle certain flows like (client credentials for first party single page apps, node web kit apps) - Ive not had much luck on stack overflow and im hoping i can get in touch with someone that has worked on these types of apps in production to help me clear up some grey areas i have.

Hoping maybe you guys might have some advice for me perhaps?
1
Add a comment...

孔庆超

Discussion  - 
 
Hello, everyone! I am new to OAuthlib. Could you please give me some guidance on how to use it, like tutorials or examples? Thanks!
1
Ib Lundgren's profile photo孔庆超's profile photo
2 comments
 
+Ib Lundgren Thanks for your reply. I am currently reading the docs of OAuthLib. I am planning to start a OAuth provider service and implementing related ORM and RESTful API design.
Add a comment...
 
I'm upgrading my app from oauthlib 0.6.1 to 0.7.1 and something odd is happening. The code at https://pypi.python.org/packages/source/o/oauthlib/oauthlib-0.7.1.tar.gz does not match the code at https://github.com/idan/oauthlib/archive/0.7.1.tar.gz . For example, these are the diff in the file oauthlib/oauth2/rfc6749/grant_types/authorization_code.py : http://pastebin.com/pAPVsPsS

I noticed this while running the tests of my app. The version at PyPI is less secure because it does not invalidate the authorization token after exchanging it for an access token.

What happened?
3
Ib Lundgren's profile photoLorenzo Gil Sánchez's profile photo
2 comments
 
I can help with the code review. But in this case the problem was not the code. The code in Github is fine. The problem is that the sdist that was uploaded to PyPI didn't match the code in Github. Or maybe I'm missing something here.

Btw, I catched the problem because my project does have tests that cover the issue. I implemented a small oauth2 server a couple of years ago and then I migrated to oauthlib so I didn't have to maintain my custom oauth2 implementation that nobody else was using. Thanks a lot for the library!

The project is located here: https://github.com/lorenzogil/yith-library-server
Add a comment...
 
I am trying to use OAuthLib as oauth provider with pyramid, but do not find any pointers to get started. any help would be very much appreciated
1
Ib Lundgren's profile photo
2 comments
 
Forgot to mention. All these views require certain validation methods to be invoked (to check client credentials etc). This is where the request validator comes in. The validator is more or less a bunch of database queries.
Add a comment...

Joseph Bowman

Discussion  - 
 
Hi everyone, I've recently volunteered to work on a new auth library for the Tornado framework. Ben Darnell suggested I look at oauthlib to implement the oauth1 and 2 implementations. Found the reference to the community on the github page so dropping in to say hi. 
1
Kevin O'Connor's profile photoJoseph Bowman's profile photo
7 comments
 
I've had 0 time to work on this over the summer. If you have anything you could offer as a working starting point I could use as a head start I would love to see it 
Add a comment...