Firefox Accounts support in Cliquet
Project description
Firefox Accounts support in Cliquet
Cliquet-fxa enables authentication in Cliquet using Firefox Accounts OAuth2 bearer tokens.
It provides:
An authentication policy class;
Integration with Cliquet cache backend for token verifications;
Some endpoints to perform the OAuth dance (optional).
Installation
As stated in the official documentation, Firefox Accounts OAuth integration is currently limited to Mozilla relying services.
Install the Python package:
pip install cliquet-fxa
Enable in configuration using pyramid_multiauth formalism:
multiauth.policies = fxa
By default, it will rely on the cache configured in Cliquet.
Configuration
Fill those settings with the values obtained during the application registration:
fxa-oauth.client_id = 89513028159972bc fxa-oauth.client_secret = 9aced230585cc0aaea0a3467dd800 fxa-oauth.oauth_uri = https://oauth-stable.dev.lcip.org fxa-oauth.scope = profile fxa-oauth.webapp.authorized_domains = *.firefox.com # fxa-oauth.cache_ttl_seconds = 300 # fxa-oauth.state.ttl_seconds = 3600
In case the application shall not behave as a relier (a.k.a. OAuth dance endpoints disabled):
fxa-oauth.relier.enabled = false
Login flow
OAuth Bearer token
Use the OAuth token with this header:
Authorization: Bearer <oauth_token>
- notes:
If the token is not valid, this will result in a 401 error response.
Obtain token using Web UI
Navigate the client to GET /v1/fxa-oauth/login?redirect=http://app-endpoint/#. There, a session cookie will be set, and the client will be redirected to a login form on the FxA content server;
After submitting the credentials on the login page, the client will be redirected to http://app-endpoint/#{token} (the web-app).
Obtain token custom flow
The GET /v1/fxa-oauth/params endpoint can be use to get the configuration in order to trade the Firefox Accounts BrowserID with a Bearer Token. See Firefox Account documentation about this behavior
$ http GET http://localhost:8000/v0/fxa-oauth/params -v
GET /v0/fxa-oauth/params HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Host: localhost:8000
User-Agent: HTTPie/0.8.0
HTTP/1.1 200 OK
Content-Length: 103
Content-Type: application/json; charset=UTF-8
Date: Thu, 19 Feb 2015 09:28:37 GMT
Server: waitress
{
"client_id": "89513028159972bc",
"oauth_uri": "https://oauth-stable.dev.lcip.org",
"scope": "profile"
}Changelog
This document describes changes between each past release.
1.0.0 (2015-06-09)
Imported code from Cliquet
Contributors
Alexis Metaireau <alexis@mozilla.com>
Mathieu Leplatre <mathieu@mozilla.com>
Nicolas Perriault <nperriault@mozilla.com>
Rémy Hubscher <rhubscher@mozilla.com>
Tarek Ziade <tarek@mozilla.com>
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
