Firefox Accounts client library for Python
Project description
This is python library for interacting with the Firefox Accounts ecosystem. It’s highly experimental and subject to change. Eventually, it is planned to provide easy support for the following features:
being a direct firefox accounts authentication client
being an FxA OAuth Service Provider
accessing attached services
But none of that is ready yet; caveat emptor.
Firefox Accounts
Currently, basic auth-server operations should work like so:
from fxa.core import Client
client = Client("https://api.accounts.firefox.com")
client.create_account("test@example.com", "MySecretPassword")
session = client.login("test@example.com", "MySecretPassword")
cert = session.sign_certificate(myPublicKey)
session.change_password("MySecretPassword", "ThisIsEvenMoreSecret")
FxA OAuth Relier
Trade the authentication code against a longer lived OAuth token:
from fxa.oauth import Client
client = Client()
token = client.trade_code("client-id", "client-secret", "code-1234")
Verify an OAuth token:
from fxa.oauth import Client
from fxa.errors import ClientError
client = Client()
try:
profile = client.verify_token("123456...")
except ClientError:
print "Invalid token"
print("User id", profile["user"])
Testing email addresses
There’s also very basic integration with restmail.net, to allow for testing with live email addresses. It works like this:
from fxa.core import Client
from fxa.tests.utils import TestEmailAccount
# Create a testing account using an @restmail.net address.
acct = TestEmailAccount()
client = Client("https://api.accounts.firefox.com")
session = client.create_account(acct.email, "MySecretPassword")
# Verify the account using the code from email.
acct.fetch()
for m in acct.messages:
if "x-verify-code" in m["headers"]:
session.verify_email_code(m["headers"]["x-verify-code"])
...
# Destroy the account once you're done with it.
acct.clear()
client.destroy_account(acct.email, "MySecretPassword")
v0.0.4
Add a basic API for retrieving profile information with an OAuth token.
v0.0.3
Refacotor oauth.Client to take id/secret as constructor args.
Add basic caching on oauth token verification.
Accept option “/v1” suffix on server URLs.
Add get_identity_assertion() method to core.Session.
Add methods to oauth.Client for authorizing codes and tokens.
Add a new error hierarchy for trust-related errors.
Additional sanity-checking in oauth scope checks.
v0.0.2
Initial release; includes basic auth and oauth functionality.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.