Skip to main content

OAuth Client For aiohttp

Project description

aio-alf |build-status|
===========

aiohttp OAuth 2 Client
---------------------

`aio-alf` is a OAuth 2 Client base on the aiohttp's AsyncHTTPClient

Features
--------

* Automatic token retrieving and renewing
* Token expiration control
* Automatic retry on status 401 (UNAUTHORIZED)

Usage
-----

Initialize the client and use it as a AsyncHTTPClient object.

.. code-block:: python

from aioalf.client import Client
from aioalf.httpclient import HTTPRequest

client = Client(
token_endpoint='http://example.com/token',
client_id='client-id',
client_secret='secret')

resource_uri = 'http://example.com/resource'

response = await client.request(
'POST',
resource_uri,
data='{"name": "alf"}',
headers={'Content-Type': 'application/json'}
)


Alternatively one can pass directly a string to the fetch client

.. code-block:: python

# ...
response = await client.request(
'POST',
'http://example.com/resource',
data='{"name": "alf"}',
headers={'Content-Type': 'application/json'}
)

Implicit Flow
-------------

Support for OAuth2 implict flow to enable it, call `use_implicit_flow` with a `TokenStorage`
object and a port range, it defaults to the range (32000, 32009).

Example:

.. code-block:: python

await use_implicit_flow(TokenStorage(), (30000, 30009))

async with Client(token_endpoint='https://token.endpoint',
client_id='glBQ3nYU/8/kaVi/bIgXGA==',
client_secret='') as client:
response = await client.request('GET', 'http://example.com/resource')
text = await response.text()
print(response.status)

The library has a really simple in memory token storage, you should subclass and overwrite
its methods if you need to persist the token for a longer period.


How it works?
-------------

Before any request the client tries to retrieve a token on the endpoint,
expecting a JSON response with the ``access_token`` and ``expires_in`` keys.

The client keeps the token until it is expired, according to the ``expires_in``
value.

After getting the token, the request is issued with a `Bearer authorization
header <http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-7.1>`_:

.. code-block::

GET /resource/1 HTTP/1.1
Host: example.com
Authorization: Bearer token

If the request fails with a 401 (UNAUTHORIZED) status, a new token is retrieved
from the endpoint and the request is retried. This happens only once, if it
fails again the error response is returned.


Troubleshooting
---------------

In case of an error retrieving a token, the error response will be returned,
the real request won't happen.


Related projects
----------------

This project tries to be an adaptation to aiohttp of
`alf <https://github.com/globocom/alf>`_


.. |build-status| image:: https://secure.travis-ci.org/globocom/aio-alf.png?branch=master
:target: https://travis-ci.org/globocom/aio-alf

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aio-alf-0.3.2.tar.gz (5.9 kB view details)

Uploaded Source

File details

Details for the file aio-alf-0.3.2.tar.gz.

File metadata

  • Download URL: aio-alf-0.3.2.tar.gz
  • Upload date:
  • Size: 5.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: Python-urllib/3.6

File hashes

Hashes for aio-alf-0.3.2.tar.gz
Algorithm Hash digest
SHA256 3a7b353eaf98a7e61a4127a9354862ffd622ca4ce5f163340b95d2c02aa44659
MD5 931b76e720c26be7c105aaeb41734597
BLAKE2b-256 5137b2d565da633ea89d78095847031690d1dd1bd321bfca317486b1352ed50e

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page