| Trees | Indices | Help |
|---|
|
|
An OAuth 2.0 client. Tools for interacting with OAuth 2.0 protected resources.
Author: jcgregorio@google.com (Joe Gregorio)
|
|||
|
Error Base error for this module. |
|||
|
FlowExchangeError Error trying to exchange an authorization grant for an access token. |
|||
|
AccessTokenRefreshError Error trying to refresh an expired access token. |
|||
|
TokenRevokeError Error trying to revoke a token. |
|||
|
UnknownClientSecretsFlowError The client secrets file called for an unknown type of OAuth 2.0 flow. |
|||
|
AccessTokenCredentialsError Having only the access_token means no refresh is possible. |
|||
|
VerifyJwtTokenError Could on retrieve certificates for validation. |
|||
|
NonAsciiHeaderError Header names and values must be ASCII strings. |
|||
|
MemoryCache httplib2 Cache implementation which only caches locally. |
|||
|
Credentials Base class for all Credentials objects. |
|||
|
Flow Base class for all Flow objects. |
|||
|
Storage Base class for all Storage objects. |
|||
|
OAuth2Credentials Credentials object for OAuth 2.0. |
|||
|
AccessTokenCredentials Credentials object for OAuth 2.0. |
|||
|
AssertionCredentials Abstract Credentials object used for OAuth 2.0 assertion grants. |
|||
|
SignedJwtAssertionCredentials Credentials object used for OAuth 2.0 Signed JWT assertion grants. |
|||
|
OAuth2WebServerFlow Does the Web Server Flow for OAuth 2.0. |
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
HAS_CRYPTO = True
|
|||
HAS_OPENSSL = True
|
|||
logger = logging.getLogger(__name__)
|
|||
EXPIRY_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
|
|||
ID_TOKEN_VERIFICATON_CERTS = 'https://www.googleapis.com/oauth
|
|||
OOB_CALLBACK_URN = 'urn:ietf:wg:oauth:2.0:oob'
|
|||
REFRESH_STATUS_CODES = [401]
|
|||
_cached_http = httplib2.Http(MemoryCache())
|
|||
|
|||
Forces header keys and values to be strings, i.e not unicode. The httplib module just concats the header keys and values in a way that may make the message header a unicode string, which, if it then tries to contatenate to a binary request body may result in a unicode decode error. Args: headers: dict, A dictionary of headers. Returns: The same dictionary but with all the keys converted to strings. |
Updates a URI with new query parameters. Args: uri: string, A valid URI, with potential existing query parameters. params: dict, A dictionary of query parameters. Returns: The same URI but with the new query parameters added. |
Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError if the JWT fails to verify.
|
Extract the JSON payload from a JWT. Does the extraction w/o checking the signature. Args: id_token: string, OAuth 2.0 id_token. Returns: object, The deserialized JSON payload. |
Parses response of an exchange token request.
Most providers return JSON but some (e.g. Facebook) return a
url-encoded string.
Args:
content: The body of a response
Returns:
Content as a dictionary object. Note that the dict could be empty,
i.e. {}. That basically indicates a failure.
|
Exchanges an authorization code for an OAuth2Credentials object.
Args:
client_id: string, client identifier.
client_secret: string, client secret.
scope: string or iterable of strings, scope(s) to request.
code: string, An authroization code, most likely passed down from
the client
redirect_uri: string, this is generally set to 'postmessage' to match the
redirect_uri that the client specified
http: httplib2.Http, optional http instance to use to do the fetch
token_uri: string, URI for token endpoint. For convenience
defaults to Google's endpoints but any OAuth 2.0 provider can be used.
auth_uri: string, URI for authorization endpoint. For convenience
defaults to Google's endpoints but any OAuth 2.0 provider can be used.
revoke_uri: string, URI for revoke endpoint. For convenience
defaults to Google's endpoints but any OAuth 2.0 provider can be used.
Returns:
An OAuth2Credentials object.
Raises:
FlowExchangeError if the authorization code cannot be exchanged for an
access token
|
Returns OAuth2Credentials from a clientsecrets file and an auth code.
Will create the right kind of Flow based on the contents of the clientsecrets
file or will raise InvalidClientSecretsError for unknown types of Flows.
Args:
filename: string, File name of clientsecrets.
scope: string or iterable of strings, scope(s) to request.
code: string, An authorization code, most likely passed down from
the client
message: string, A friendly string to display to the user if the
clientsecrets file is missing or invalid. If message is provided then
sys.exit will be called in the case of an error. If message in not
provided then clientsecrets.InvalidClientSecretsError will be raised.
redirect_uri: string, this is generally set to 'postmessage' to match the
redirect_uri that the client specified
http: httplib2.Http, optional http instance to use to do the fetch
cache: An optional cache service client that implements get() and set()
methods. See clientsecrets.loadfile() for details.
Returns:
An OAuth2Credentials object.
Raises:
FlowExchangeError if the authorization code cannot be exchanged for an
access token
UnknownClientSecretsFlowError if the file describes an unknown kind of Flow.
clientsecrets.InvalidClientSecretsError if the clientsecrets file is
invalid.
|
Create a Flow from a clientsecrets file.
Will create the right kind of Flow based on the contents of the clientsecrets
file or will raise InvalidClientSecretsError for unknown types of Flows.
Args:
filename: string, File name of client secrets.
scope: string or iterable of strings, scope(s) to request.
redirect_uri: string, Either the string 'urn:ietf:wg:oauth:2.0:oob' for
a non-web-based application, or a URI that handles the callback from
the authorization server.
message: string, A friendly string to display to the user if the
clientsecrets file is missing or invalid. If message is provided then
sys.exit will be called in the case of an error. If message in not
provided then clientsecrets.InvalidClientSecretsError will be raised.
cache: An optional cache service client that implements get() and set()
methods. See clientsecrets.loadfile() for details.
Returns:
A Flow object.
Raises:
UnknownClientSecretsFlowError if the file describes an unknown kind of Flow.
clientsecrets.InvalidClientSecretsError if the clientsecrets file is
invalid.
|
|
|||
ID_TOKEN_VERIFICATON_CERTS
|
| Trees | Indices | Help |
|---|
| Generated by Epydoc 3.0.1 on Tue Aug 6 12:16:42 2013 | http://epydoc.sourceforge.net |