oauth2.0提供者的便利库
authicola的Python项目详细描述
Authicola
一个python包,为oauth2.0身份验证提供了方便的方法
目前,google和github已经实现了
需要在authicola类实例化时将配置对象传递到类中。
作用域被配置接受为参数,但它们也可以作为驱动程序的authicola类方法的kwarg或驱动程序本身的方法传入。
例如
DRIVERS = {
'google': {
'client_id': os.environ.get('GOOGLE_CLIENT'),
'client_secret': os.environ.get('GOOGLE_SECRET'),
'redirect_uri': os.environ.get('GOOGLE_REDIRECT'),
'scopes': ['profile', 'email']
},
'github': {
'client_id': os.environ.get('GITHUB_CLIENT'),
'client_secret': os.environ.get('GITHUB_SECRET'),
'redirect_uri': os.environ.get('GITHUB_REDIRECT'),
'scopes': ['read:user', 'public_repo']
}
}
from authicola import Authicola
a = Authicola(DRIVERS)
# default scope from config used
authorization_url = a.driver('google').redirect_uri()
# https://accounts.google.com/o/oauth2/v2/auth?scope=email+profile&access_type=offline&redirect_uri=<your-redirect-uri>&response_type=code&client_id=<your-client-id>
# only email scope requested as kwarg, overrides config for driver
authorization_url = a.driver('google', scopes=['email']).redirect_uri()
# https://accounts.google.com/o/oauth2/v2/auth?scope=email&access_type=offline&redirect_uri=<your-redirect-uri>&response_type=code&client_id=<your-client-id>
# only profile and email scopes requested manually, this time as method on the driver class .scopes, overrides config for driver
authorization_url = a.driver('google').scopes('email', 'profile').redirect_uri()
# https://accounts.google.com/o/oauth2/v2/auth?scope=email+profile&access_type=offline&redirect_uri=<your-redirect-uri>&response_type=code&client_id=<your-client-id>
可选的状态参数可以与scope(不带默认值)相同的方式使用,以防止csrf攻击。
例如
# not state param used
authorization_url = a.driver('github').redirect_uri()
# state param set as kwarg
authorization_url = a.driver('github', state='state-string-here').redirect_uri()
# state param set as class method state
authorization_url = a.driver('github').state('state-string-here').redirect_uri()
从身份验证提供程序回调时,需要一个params dict用于解析以检索用户。一个可选的状态参数也被接受,如果传入它,它将用于根据回调url params state param进行验证
例如
# callack endpoint
a = Authicola(DRIVERS)
params = request.GET
user = a.driver('google').user(params)
###
{
'id': <id>,
'email': 'garyburgmann@gmail.com',
'verified_email': True,
'name': 'Gary Burgmann',
'given_name': 'Gary',
'family_name': 'Burgmann',
'picture': '<pic-url>',
'locale': 'en-GB'
}
###
# or to validate the state between redirect and callback. the state sting can be any unguessable string you like
def redirect(self):
state = uuid.uuid4().hex
self.request.session.set('github_redirect', state)
authorization_url = self.authicola.driver('github').state(state).redirect_uri()
return request().redirect(authorization_url)
def callback(self):
state = self.request.session.get('github_redirect')
user = self.authicola.driver('github').user(request().all(), state)
return user