def callback(): """ Step 3: Retrieving an access token. The user has been redirected back from Projectplace to your registered callback URL. With this redirection comes an authorization code included in the redirect URL. We will use that to obtain an access token. """ pp_session = PPClient(client_id, state=session['oauth_state']) token = pp_session.fetch_token(client_secret=client_secret, authorization_response=request.url) # At this point you can fetch protected resources but lets save # the token and show how to fetch the user's profile. session['oauth_token'] = token path = '1/user/me/profile' # If the user tried to access a protected resource we saved the # url and now is the time to call it. if 'path' in session and session['path'] is not None: path = session['path'] session['path'] = None print 'api/' + path # Redirect to the real API call return redirect('api/' + path)
def call_api(path): """Fetching a protected resource from our API with saved token. Eg. '/api/user/me/projects' will fetch the user's projects. """ # If not authorized we do that now and save the path if not 'oauth_token' in session: session['path'] = path return redirect('/') pp_session = PPClient(client_id, token=session['oauth_token']) response = pp_session.get(path) return Response(response.text, mimetype='application/json')
def demo(): """Step 1: User Authorization. Redirect the user Projectplace, where the users needs to authenticate using email and password. """ pp_session = PPClient(client_id) authorization_url, state = pp_session.authorization_url() # State is used to prevent CSRF, save this and send back # when fetching access token. session['oauth_state'] = state return redirect(authorization_url)