The OAuth library for Python
See all
Members (232)
Ib Lundgren's profile photo
Christoffer Holmstedt's profile photo
Bob Troia's profile photo
Chitrank Dixit's profile photo
Ahsanul Karim's profile photo
Daiana Deisi Dany's profile photo
Carlos Vigueras's profile photo
Carlos Aguilar's profile photo
Cullen Jennings's profile photo
Bart Mosley's profile photo
Alexey S.'s profile photo
Brian Wilpon's profile photo
Amit Gupta's profile photo
Daishin Labs's profile photo
Brian J. Hong's profile photo
azu nwaokobia's profile photo
Cheng-Lung Sung's profile photo
Cloud Identity's profile photo
Andrés Castro García's profile photo
Anthony Lenton's profile photo
Aryé H's profile photo
Ashish Kumar Sahoo's profile photo
Auction markete's profile photo
Axel Haustant's profile photo

Stream

Join this community to post or comment

Randall Leeds

Discussion  - 
 
Hello everyone! I just joined because I wanted to drop a link to some work I've been doing with integrating Pyramid and OAuthLib and some work I've done to implement a grant type for draft-ietf-oauth-jwt-bearer (https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer).

I'll submit a PR to add documentation links to my Pyramid integration, but I wanted feedback on the thoughts in this thread about JWT use.

Thanks!

https://groups.google.com/d/msg/pylons-discuss/exa0etgNX48/vKC1lrz4_1EJ
Google Groups allows you to create and participate in online forums and email-based groups with a rich experience for community conversations.
1
Add a comment...

Steve Lay

Discussion  - 
 
Thanks for this project, I've just moved some code for implementing IMS LTI from the old oauth module to oauthlib. The SignatureOnlyEndpoint is great, just what I needed.  If you are interested my code is in https://github.com/swl10/pyslet/blob/master/pyslet/imsbltiv1p0.py

The only issue I have is that my RequestValidator gets called twice with a client_key and each time I have to look it up in the database.  I do a DB lookup in validate_client_key and get_client_secret.  These calls happen during validate_request, after which I have to lookup my consumer object again, for a third time.  The old oauth module used a consumer object which was passed around and eventually returned by the validator.  I'd be interested in any tips for dealing with this situation.
1
Add a comment...

孔庆超

Discussion  - 
 
Hello, everyone! I am new to OAuthlib. Could you please give me some guidance on how to use it, like tutorials or examples? Thanks!
1
Ib Lundgren's profile photo孔庆超's profile photo
2 comments
 
+Ib Lundgren Thanks for your reply. I am currently reading the docs of OAuthLib. I am planning to start a OAuth provider service and implementing related ORM and RESTful API design.
Add a comment...
 
I'm upgrading my app from oauthlib 0.6.1 to 0.7.1 and something odd is happening. The code at https://pypi.python.org/packages/source/o/oauthlib/oauthlib-0.7.1.tar.gz does not match the code at https://github.com/idan/oauthlib/archive/0.7.1.tar.gz . For example, these are the diff in the file oauthlib/oauth2/rfc6749/grant_types/authorization_code.py : http://pastebin.com/pAPVsPsS

I noticed this while running the tests of my app. The version at PyPI is less secure because it does not invalidate the authorization token after exchanging it for an access token.

What happened?
3
Ib Lundgren's profile photoLorenzo Gil Sánchez's profile photo
2 comments
 
I can help with the code review. But in this case the problem was not the code. The code in Github is fine. The problem is that the sdist that was uploaded to PyPI didn't match the code in Github. Or maybe I'm missing something here.

Btw, I catched the problem because my project does have tests that cover the issue. I implemented a small oauth2 server a couple of years ago and then I migrated to oauthlib so I didn't have to maintain my custom oauth2 implementation that nobody else was using. Thanks a lot for the library!

The project is located here: https://github.com/lorenzogil/yith-library-server
Add a comment...
 
I am trying to use OAuthLib as oauth provider with pyramid, but do not find any pointers to get started. any help would be very much appreciated
1
Ib Lundgren's profile photo
2 comments
 
Forgot to mention. All these views require certain validation methods to be invoked (to check client credentials etc). This is where the request validator comes in. The validator is more or less a bunch of database queries.
Add a comment...

Joseph Bowman

Discussion  - 
 
Hi everyone, I've recently volunteered to work on a new auth library for the Tornado framework. Ben Darnell suggested I look at oauthlib to implement the oauth1 and 2 implementations. Found the reference to the community on the github page so dropping in to say hi. 
1
Kevin O'Connor's profile photoJoseph Bowman's profile photo
7 comments
 
I've had 0 time to work on this over the summer. If you have anything you could offer as a working starting point I could use as a head start I would love to see it 
Add a comment...

Wiliam Souza

Discussion  - 
 
Setting DEBUG oauthlib raises InsecureTransportError look this[1]
I see nothing checking if debugging is activated on the code for example [2].
I can send a PR to correct that I only not sure the correct way to do that. 

[1] https://gist.github.com/wiliamsouza/6f9d03ad12ca91c510b3
[2] https://github.com/idan/oauthlib/blob/master/oauthlib/oauth2/rfc6749/parameters.py#L64-L65
1
Wiliam Souza's profile photo
 
The correct environment environment is OAUTHLIB_INSECURE_TRANSPORT
Add a comment...
 
I just updated our custom OAuth2 provider implementation, which only supported the Authorization Code Grant, to the fantastic OAuthLib.

I'm glad to say it was an easy decision to make and to accomplish.

Thanks to the OAuthLib authors for this awesome library.

Check out our new implementation live at https://yithlibrary.herokuapp.com/
1
Add a comment...

Chris White

Discussion  - 
1
Chris White's profile photo
2 comments
 
I've edited my post on stackoverflow to provide clearer logging to help debug.
Add a comment...

Ib Lundgren
owner

Discussion  - 
 
Hey everyone!

Finally have some time after a long crunch of course assignments and other pressing duties and am happy to say that the loooong overdue release of OAuthLib 0.6.1 is pushed to PyPI. This includes numerous small updates so check out the README. It might contain some fairly raw features related to revocation so please let me know if you run into anything!

That was OAuthlib, going to catch up on requests-oauthlib (cc Cory Benfield)  on Wednesday :)
2
Add a comment...

Alejandro Mora

Discussion  - 
 
I want to integrate oauthlib to app built in tornado, but i don't know how start, i want implement a resource owner authentication, somebody can explain me where start.
1
Kevin O'Connor's profile photo
 
Hey - it'd be good to check out the  flask-oauthlib and django-oauthlib integrations for good starting points.
Add a comment...

Rob Harrison

Discussion  - 
 
Anyone who'd be able to help me put together some sort of implementation for app engine?  I'm reading the docs but I must be missing something somewhere.  Unable to get the simplest grant type to work at the moment.  
1
Add a comment...

mike waites

Discussion  - 
 
Hey guys, is there somewhere you know of where i can field more specific questions about how to handle certain flows like (client credentials for first party single page apps, node web kit apps) - Ive not had much luck on stack overflow and im hoping i can get in touch with someone that has worked on these types of apps in production to help me clear up some grey areas i have.

Hoping maybe you guys might have some advice for me perhaps?
1
Add a comment...

Ib Lundgren
owner

Discussion  - 
 
If you would like to help oauthlib by doing code reviews please ping https://github.com/idan/oauthlib/issues/294 and I will ask you to review  pull requests I make in the future. 

Your help will be much appreciated!
1
Add a comment...

Shakir Thowseen

Discussion  - 
 
This is a well documented awesome Lib. I implemented it for google AppEngine by using NDB and Cloud SQL and it works! #oauth2  
1
Rob Harrison's profile photo
5 comments
 
Hey Shakir, in your article you reference example files but there is no link.  Did you ever make those example files or are they available?  I'm trying to get this library to work but really struggling.  Lots of the docs don't seem to relate to app engine framework and not much info on the validators.  
Add a comment...

Moiz Tankiwala

Discussion  - 
 
I am having this issue with Microsoft Windows Live oAuth setup. Can anyone help?
I have an ASP.Net C# Web Application in which I have added Windows Live oAuth authentication (I am not using the code supplied by the Visual Studio project template for oAuth). I have two return p...
1
1
Ib Lundgren's profile photoMoiz Tankiwala's profile photoAnna Seck's profile photo
2 comments
 
I already tried registering another application with Microsoft. But they allow only one application per root domain name
Add a comment...

vikram patil

Discussion  - 
 
Hello All ,I am using django-oauth-toolkit which is build on oauthlib and would like to know which algorithm is being used for token generation "HMAC-SHA-1" and "HMAC-SHA-256" or is there any configurable way to change used algorithm.
1
Add a comment...

Aad 't Hart

Discussion  - 
 
Did anyone already implement a OAuth 2 provider RequestValidator in Google AppEngine? 

Before I start doing this, I would like to know if someone already did this.

Thx
1
Add a comment...

Kevin O'Connor

Discussion  - 
 
If I have an OAuth2 Client that's configured to only allow the 'password' grant type, shouldn't oauthlib stop me from displaying a web page in conjunction with the 'authorization_code' grant type?  It seems like 'validate_grant_type' (https://github.com/idan/oauthlib/blob/8671b4bf6bfb4c6e457d97a8d0b3ad7f638d75e1/oauthlib/oauth2/rfc6749/request_validator.py#L359) isn't getting called when displaying the /authorize endpoint that I'm generating after using  'validate_authorization_request'.
1
Ib Lundgren's profile photo
 
Sounds like this could do with some testing as the grant type checking might be a bit spotty atm, would need to look into this in more detail.

How are you creating the endpoint? Via LegacyApplicationServer? I think opening an issue on Github with more details will be better for digging into this than G+.

Terribly sorry I completely missed this post :( 
Add a comment...

Kristen Bond

Discussion  - 
 
Excellent library but I am having an issue setting this up in Flask (using Flask-OAuthlib) and Yang is away for who knows how long. Details on SO (http://stackoverflow.com/questions/21638355/flask-oauthlib-typeerror-sequence-index-must-be-integer-not-str)
2
Ib Lundgren's profile photoKristen Bond's profile photo
2 comments
 
Hsiaoming released an update and it works. I guess the release of oauthlib 0.6.1 caused a chain reaction. My issue is resolved but I just tried Chris White's issue re: requests-oauthlib and flask-oauthlib and am having the same issue.
Add a comment...