Skip to main content

OAuth Client For aiohttp

Project description

aio-alf |build-status|
===========

aiohttp OAuth 2 Client
---------------------

`aio-alf` is a OAuth 2 Client base on the aiohttp's AsyncHTTPClient

Features
--------

* Automatic token retrieving and renewing
* Token expiration control
* Automatic retry on status 401 (UNAUTHORIZED)

Usage
-----

Initialize the client and use it as a AsyncHTTPClient object.

.. code-block:: python

from aioalf.client import Client
from aioalf.httpclient import HTTPRequest

client = Client(
token_endpoint='http://example.com/token',
client_id='client-id',
client_secret='secret')

resource_uri = 'http://example.com/resource'

response = await client.request(
'POST',
resource_uri,
data='{"name": "alf"}',
headers={'Content-Type': 'application/json'}
)


Alternatively one can pass directly a string to the fetch client

.. code-block:: python

# ...
response = await client.request(
'POST',
'http://example.com/resource',
data='{"name": "alf"}',
headers={'Content-Type': 'application/json'}
)

Implicit Flow
-------------

Support for OAuth2 implict flow to enable it, call `use_implicit_flow` with a `TokenStorage`
object and a port range, it defaults to the range (32000, 32009).

Example:

.. code-block:: python
await use_implicit_flow(TokenStorage(), (30000, 30009))

async with Client(token_endpoint='https://token.endpoint',
client_id='glBQ3nYU/8/kaVi/bIgXGA==',
client_secret='') as client:
response = await client.request('GET', 'http://example.com/resource')
text = await response.text()
print(response.status)

The library has a really simple in memory token storage, you should subclass and overwrite
its methods if you need to persist the token for a longer period.


How it works?
-------------

Before any request the client tries to retrieve a token on the endpoint,
expecting a JSON response with the ``access_token`` and ``expires_in`` keys.

The client keeps the token until it is expired, according to the ``expires_in``
value.

After getting the token, the request is issued with a `Bearer authorization
header <http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-7.1>`_:

.. code-block::

GET /resource/1 HTTP/1.1
Host: example.com
Authorization: Bearer token

If the request fails with a 401 (UNAUTHORIZED) status, a new token is retrieved
from the endpoint and the request is retried. This happens only once, if it
fails again the error response is returned.


Troubleshooting
---------------

In case of an error retrieving a token, the error response will be returned,
the real request won't happen.


Related projects
----------------

This project tries to be an adaptation to aiohttp of
`alf <https://github.com/globocom/alf>`_


.. |build-status| image:: https://secure.travis-ci.org/globocom/aio-alf.png?branch=master
:target: https://travis-ci.org/globocom/aio-alf

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aio-alf-0.2.2.tar.gz (5.6 kB view details)

Uploaded Source

File details

Details for the file aio-alf-0.2.2.tar.gz.

File metadata

  • Download URL: aio-alf-0.2.2.tar.gz
  • Upload date:
  • Size: 5.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for aio-alf-0.2.2.tar.gz
Algorithm Hash digest
SHA256 d2dbf9031173fcb3b0672803de37e31a98e4a7b5b0b35e816b52094c86c4dc59
MD5 478b4b78b02700c79216201d2c11fd02
BLAKE2b-256 81337ac3d4a6fae8b9bd3e2f467a2715764fea5ee3e973c1e6d09d82e297d5a9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page