Doing the OAuth dance with style using Flask, requests, and oauthlib. Currently, only OAuth consumers are supported, but this project could easily support OAuth providers in the future, as well. The full documentation for this project is hosted on ReadTheDocs, but this README will give you a taste of the features.
Just the basics:
$ pip install Flask-DanceOr if you're planning on using the built-in SQLAlchemy support:
$ pip install Flask-Dance[models]For a few popular OAuth providers, Flask-Dance provides pre-set configurations. For example, to authenticate with Github, just do the following:
from flask import Flask, redirect, url_for
from flask_dance.contrib.github import make_github_blueprint, github
app = Flask(__name__)
app.secret_key = "supersekrit"
blueprint = make_github_blueprint(
client_id="my-key-here",
client_secret="my-secret-here",
redirect_to="index",
)
app.register_blueprint(blueprint, url_prefix="/login")
@app.route("/")
def index():
if not github.authorized:
return redirect(url_for("github.login"))
resp = github.get("/user")
assert resp.ok
return "You are @{login} on Github".format(login=resp.json()["login"])
if __name__ == "__main__":
app.run()NOTE: For this example to work, you must first register an application on Github to get a client_id and client_secret. The application's authorization callback URL must be http://localhost:5000/login/github/authorized. You'll also need to set the OAUTHLIB_INSECURE_TRANSPORT environment variable, so that oauthlib allows you to use HTTP rather than HTTPS.
The github object is a context local, just like flask.request. That means that you can import it in any Python file you want, and use it in the context of an incoming HTTP request. If you've split your Flask app up into multiple different files, feel free to import this object in any of your files, and use it just like you would use the requests module.
You can also use Flask-Dance with any OAuth provider you'd like, not just the pre-set configurations. See the documentation for how to use other OAuth providers.
By default, OAuth access tokens are stored in Flask's session object. This means that if the user ever clears their browser cookies, they will have to go through the OAuth flow again, which is not good. You're better off storing access tokens in a database or some other persistent store. If you're using SQLAlchemy, it's easy: just pass your database model and session to the blueprint. Flask-Dance even comes with a mixin to help you define your database model, and it works with User models, too!
from flask_sqlalchemy import SQLAlchemy
from flask_dance.models import OAuthConsumerMixin
db = SQLAlchemy()
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
# ... other columns as needed
class OAuth(db.Model, OAuthConsumerMixin):
user_id = db.Column(db.Integer, db.ForeignKey(User.id))
user = db.relationship(User)
# get_current_user() is a function that returns the current logged in user
blueprint.set_token_storage_sqlalchemy(OAuth, db.session, user=get_current_user)Flask-Dance can seamlessly integrate with Flask-SQLAlchemy for database integration, Flask-Login for user management, and Flask-Cache for caching. However, none of these other extensions are required. You don't even have to use SQLAlchemy at all; if you'd prefer to use a different storage system, writing a custom integration is easy. See the documentation for how to use other token storage systems.