Skip to content
/ oauth2u Public
forked from globocom/oauth2u

OAuth 2 client and server implementation

1 star 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hltbra/oauth2u

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits

oauth2u

oauth2u

 
 

tests

tests

 
 

.coveragerc

.coveragerc

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

requirements-dev.txt

requirements-dev.txt

 
 

requirements.txt

requirements.txt

 
 

runtests

runtests

 
 

setup.py

setup.py

 
 

Repository files navigation

OAuth 2 server and client implementation

The idea is to implement an extensible server and a client of the OAuth 2.0 Authorization Protocol.

How to contribue

  1. Create a fork on github: https://github.com/igorsobreira/oauth2u

  2. Install the package for development:

    $ pip install -e oauth2u

  3. Run tests:

    $ ./runtests

  4. Open an issue, if it doesn't exist yet, assign it to you and commit your changes in your fork.

  5. Send a pull request

Extending the Server

There are two possible ways to extend the server: new urls and plugins

Plugins

With plugins is possible to customize specific behaviours from the server. It's similar to a Template Method pattern, but doesn't require you to extend (or even know) the class that calls it.

You cannot create new plugins, unless you want to call them yourself. But there are some pre-defined plugins called on specific parts of the server.

Using

TODO

authorization-GET
  • Parameters
  • handler: tornado Request Handler reference

Is called on the Authorization Request handler GET HTTP method, after all validations are made and the authorization code has already been generated and saved on database.

If no plugin is registered here the server redirects to redirect_uri without any specific verification.

There is an example usage on how to build a login windown using this plugin and authorization-POST on examples folder

authorization-POST
  • Parameters
  • handler: tornado Request Handler reference

Is called on the Authorization Request handler POST HTTP method. There is not default behaviour, if no plugins is registered a 405 status code response is generated

access-token-response
  • Parameters
  • handler: tornado Request Handler reference
  • response: the default dict to build the json response, with keys: access_token, token_type and expires_in

Is called in the end of Access Token request handler, when the json is about to be written in the HTTP response. The plugin callback can edit the response dict adding, removing or editing keys. Just be careful to don't remove required OAuth 2.0 parameters

Example:

    @plugins.register('access-token-response')
    def customize_response(handler, response):
        response.pop('expires_in')   # it's optional, and I don't want it...
        response['user_name'] = 'Bob'

About

OAuth 2 client and server implementation

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 98.5%
  • Shell 1.5%