class AuthMaker(object):
def __init__(self):
self.client = None
self.consumer_key = None
self.consumer_secret = None
self.access_token = None
self.access_token_secret = None
self.token = None
self.oauth_verifier = None
def step1(self, key, secret):
self.consumer_key = key
self.consumer_secret = secret
self.client = UserClient(self.consumer_key, self.consumer_secret)
def step2(self, callback_url):
self.token = self.client.get_authorize_token(callback_url)
self.access_token = self.token.oauth_token
self.access_token_secret = self.token.oauth_token_secret
print('Please go to: {}'.format(self.token.auth_url))
def step3(self, oauth_verifier):
self.oauth_verifier = oauth_verifier
self.client = UserClient(
self.consumer_key,
self.consumer_secret,
self.access_token,
self.access_token_secret,
)
self.token = self.client.get_access_token(oauth_verifier)
print('---- ok ----')
print('ACCESS_TOKEN = {}'.format(self.token.oauth_token))
print('ACCESS_TOKEN_SECRET = {}'.format(self.token.oauth_token_secret))
def auth_check():
"""
Check authorization. Get signin token and auth_url, if needed.
@redirect = redirect to this url post-authorization verification
"""
try:
access_token = session.get('access_token')
access_token_secret = session.get('access_token_secret')
tk = config.get_twitter_keys()
print tk
if access_token and access_token_secret:
client = UserClient(
tk.consumer_key,
tk.consumer_secret,
tk.access_token,
tk.access_token_secret)
# We need to make a call to verify_credentials in case the user
# has revoked access for this application. This is a rate-limited
# call and so this approach might not be ideal.
verif = client.api.account.verify_credentials.get()
if verif.headers['status'].split()[0] == '200':
return jsonify({'is_auth': 1})
else:
# possibly revoked access, although this will probably
# get handled by the TwitterAuthError catch
auth_clear()
return jsonify({'is_auth': 0})
client = UserClient(tk.consumer_key, tk.consumer_secret)
callback = 'http://'+request.host+url_for('auth_verify')
print 'getting auth token for callback:', callback
token = client.get_authorize_token(callback)
session['auth_token'] = token.oauth_token
session['auth_token_secret'] = token.oauth_token_secret
session['auth_redirect'] = request.args.get('redirect') or ''
# START DEBUG
#print 'AUTH_CHECK', app
#for k, v in session.iteritems():
# print k, v
# END DEBUG
data = {'is_auth': 0, 'auth_url': token.auth_url}
return jsonify(data)
except TwitterAuthError:
auth_clear()
return jsonify({'is_auth': 0})
except Exception, e:
traceback.print_exc()
return jsonify({'error': str(e)})
def auth_check():
"""
Check authorization. Get signin token and auth_url, if needed.
@redirect = redirect to this url post-authorization verification
"""
try:
access_token = session_get('access_token')
access_token_secret = session_get('access_token_secret')
if access_token and access_token_secret:
tk = get_twitter_keys()
client = UserClient(
tk.consumer_key,
tk.consumer_secret,
access_token=access_token,
access_token_secret=access_token_secret)
"""
We need to make a call to verify_credentials in case the user
has revoked access for this application. This is a rate-limited
call and so this approach might not be ideal. If we end up
having rate-limiting problems, we might try giving each user
a unique application ID that is kept in local storage and used
as a lookup for Twitter creds (vs. session data which is domain-
specific and thus problematic for our extension-approach). This
might allow us to consolidate Twitter creds per user rather than
storing them for each domain visited."""
verif = client.api.account.verify_credentials.get()
if verif.headers['status'].split()[0] == '200':
return jsonify({'is_auth': 1})
else:
# possibly revoked access, although this will probably
# get handled by the TwitterAuthError catch
remove_session_credentials()
return jsonify({'is_auth': 0})
tk = get_twitter_keys()
client = UserClient(tk.consumer_key, tk.consumer_secret)
callback = 'http://'+request.host+url_for('auth_verify')
token = client.get_authorize_token(callback)
session_set('auth_token', token.oauth_token)
session_set('auth_token_secret', token.oauth_token_secret)
session_set('auth_redirect',
request.args.get('redirect') or '')
if (
'html' in request.headers['Accept']
and request.args.get('_format') != 'json'):
return redirect(token.auth_url)
else:
data = {'is_auth': 0, 'auth_url': token.auth_url}
return jsonify(data)
except TwitterAuthError:
remove_session_credentials()
return jsonify({'is_auth': 0})
except Exception, e:
traceback.print_exc()
return jsonify({'error': str(e)})
def auth_check():
"""
Check authorization. Get signin token and auth_url, if needed.
@redirect = redirect to this url post-authorization verification
"""
try:
access_token = session_get('access_token')
access_token_secret = session_get('access_token_secret')
if access_token and access_token_secret:
tk = get_twitter_keys()
client = UserClient(tk.consumer_key,
tk.consumer_secret,
access_token=access_token,
access_token_secret=access_token_secret)
"""
We need to make a call to verify_credentials in case the user
has revoked access for this application. This is a rate-limited
call and so this approach might not be ideal. If we end up
having rate-limiting problems, we might try giving each user
a unique application ID that is kept in local storage and used
as a lookup for Twitter creds (vs. session data which is domain-
specific and thus problematic for our extension-approach). This
might allow us to consolidate Twitter creds per user rather than
storing them for each domain visited."""
verif = client.api.account.verify_credentials.get()
if verif.headers['status'].split()[0] == '200':
return jsonify({'is_auth': 1})
else:
# possibly revoked access, although this will probably
# get handled by the TwitterAuthError catch
remove_session_credentials()
return jsonify({'is_auth': 0})
tk = get_twitter_keys()
client = UserClient(tk.consumer_key, tk.consumer_secret)
callback = 'http://' + request.host + url_for('auth_verify')
token = client.get_authorize_token(callback)
session_set('auth_token', token.oauth_token)
session_set('auth_token_secret', token.oauth_token_secret)
session_set('auth_redirect', request.args.get('redirect') or '')
if ('html' in request.headers['Accept']
and request.args.get('_format') != 'json'):
return redirect(token.auth_url)
else:
data = {'is_auth': 0, 'auth_url': token.auth_url}
return jsonify(data)
except TwitterAuthError:
remove_session_credentials()
return jsonify({'is_auth': 0})
except Exception, e:
traceback.print_exc()
return jsonify({'error': str(e)})
def _upload_to_twitter(image: BytesIO) -> None:
"""Upload an icon to Twitter.
:param image: the image to upload
"""
client = UserClient(CONSUMER_KEY, CONSUMER_SECRET)
verifier = client.get_authorize_token('oob') # get auth URL
open(verifier.auth_url) # open auth URL so user can get PIN
pin = input('PIN: ') # get PIN from user
client = UserClient(CONSUMER_KEY, CONSUMER_SECRET,
verifier.oauth_token, verifier.oauth_token_secret)
client.get_access_token(pin.strip()) # authorize with Twitter, after making sure no stray characters got in
encoded = b64encode(image.getvalue()) # read bytes from image and encode for Twitter
client.api.account.update_profile_image.post(image=encoded) # upload the icon
def register(request, platform):
if platform == 'twitter':
#Twitter Authorization p1
client = UserClient(CONSUMER_KEY, CONSUMER_SECRET)
token = client.get_authorize_token(CALLBACK_URL)
ACCESS_TOKEN = token.oauth_token
request.session['ACCESS_TOKEN'] = ACCESS_TOKEN
ACCESS_TOKEN_SECRET = token.oauth_token_secret
request.session['ACCESS_TOKEN_SECRET'] = ACCESS_TOKEN_SECRET
twitter_url = token.auth_url
return render(request, 'register.html', {'twitter_url': twitter_url, 'platform': platform})
elif platform == 'facebook':
#Facebook Authorization p1
attrs = {'client_id': FB_APP_ID, 'redirect_uri': redirect_uri, 'scope': 'public_profile, publish_actions, manage_pages'}
facebook_url = 'https://graph.facebook.com/oauth/authorize?%s' % urllib.parse.urlencode(attrs)
return render(request, 'register.html', {'facebook_url': facebook_url, 'platform': platform})
from birdy.twitter import UserClient CONSUMER_KEY = CONSUMER_KEY CONSUMER_SECRET = CONSUMER_SECRET CALLBACK_URL = 'https://127.0.0.1:8000/register' client = UserClient(CONSUMER_KEY, CONSUMER_SECRET) token = client.get_authorize_token(CALLBACK_URL) ACCESS_TOKEN = token.oauth_token ACCESS_TOKEN_SECRET = token.oauth_token_secret TWITTER_URL = token.auth_url OAUTH_VERIFIER = request.GET['oauth_verifier']
from config import *
from birdy.twitter import UserClient
# Use the client to generate the auth token and auth secret
client = UserClient(get_consumer_key(), get_consumer_secret())
token = client.get_authorize_token()
AUTH_TOKEN = token.oauth_token
AUTH_TOKEN_SECRET = token.oauth_token_secret
# Prompt the user to visit the auth URL
print "Go to the following URL to get the PIN: "
print token.auth_url
# Get PIN (OAUTH_VERIFIER) from user
OAUTH_VERIFIER = raw_input("Enter PIN: ")
# Use the client to generate the access token and access secret
client = UserClient(get_consumer_key(), get_consumer_secret(), AUTH_TOKEN,
AUTH_TOKEN_SECRET)
token = client.get_access_token(OAUTH_VERIFIER)
# Display OAUTH token and secret
print "Save these values in your application's config.py file: "
print "OAUTH_TOKEN = '" + token.oauth_token + "'"
print "OAUTH_TOKEN_SECRET = '" + token.oauth_token_secret + "'"