Interface to remote OAuth authentication process server.
Class Client( cust_id, cust_secret, [mode] )
| cust_id | The consumer key identifying the requester on the remote OAuth server. |
| cust_secret | The consumer secret used to sign OAuth requests. |
| mode | One of the Via methods (Defaults to POST). |
This class acts as an authentication client connecting with a remote server.
| Properties | |
| cust_id | |
| mode | |
| secret | |
| signature_method | |
| use_header | Should we use the header field? |
| version | |
| Methods | |
| callAPI | Call an API protected by OAuth. |
| getToken | Perform a token request. |
| makeOAuthHandler | |
| makeSecret | Signature key-string generator. |
| parseQS | Static utility to parse a query string into a dictionary of values. |
Should we use the header field?
Should be one of the UseHeader enumeration values.
If UseHeader.NONE, the Authorization header field is never sent.
If UseHeader.ALTERN, the OAuth fields are MOVED in the header, and the selected mode ("GET" or "POST") is used only to send the non-oauth parameters.
If UseHeader.FULL, the OAuth fields are copied in the Authorization header, but they are sent also via the POST or GET query string.
Call an API protected by OAuth.
callAPI( token, uri, [params] )
| token | An instance of Token. |
| uri | The URI of the remote OAuth protected Web API to be called. |
| params | Optional parameters for the call. |
| Return | The raw data returned by the remote OAuth procedure. |
Calls a remote web API and blocks until a result is available.
Perform a token request.
getToken( address, [callback],[token] )
| address | The address of the remote token provider. | ||
| callback | Address to be called back by authenticator if the caller is of a web application. | ||
| token | An instance of the Token class to be exchanged token exchange. | ||
| Return | A new Token created through this call. | ||
| Raise |
|
This method requests a "Request token" or an "Access token" the remote OAuth service.
Initially, the caller must create a request token by calling this method; on success, a valid (but not yet authorized) request token is returned.
Once this token is authorized through other means (i.e. redirecting the user to the remote service site), it can be exchanged with an access token calling this method and passing the previously returned token. The request token is discarded and the parameter becomes an access token, that can then be used to access reserved resources (via the callAPI method).
For example, a theoretic workflow may be
import from web.oauth in oauth
client = oauth.Client( "MyClientID", "MyClientSecret" )
req_token = client.getToken( "https://TheRemoteService/get_req_token" )
//...
// authorize the token
//...
access_token = client.getToken( "https://TheRemoteService/login", nil, req_token )
userData = client.callAPI( access_token,
"https://TheRemoteService/get_user",
["user_id"=> my_user_id] )
Note: This method blocks until the remote side replies.
makeOAuthHandler( address, tsecret, oauth_params, params )
Signature key-string generator.
makeSecret( cust_secret, [token_secret] )
| cust_secret | The customer signature part. |
| token_secret | The part of the secret associated with a token. |
The OAuth protocol doesn't dictate exactly the way in which authorization strings must be signed, but in cases where counter-signature is required, it mandates that both the customer secret and the token secret must be used.
The most common way to counter-sign the authorization string is to concatenate them through a "&" character, which is what this method does.
In case different OAuth applications requires different conuter-signature strategies, this method can be overridden by subclasses.
Static utility to parse a query string into a dictionary of values.
parseQS( data )
| data | A query string |
| Return | a dictionary of values. |
Typically, the query string is a pair of "key=value" strings separated by "&" valeus, and encoded as URI encoded values.