Skip to main content

OAuthlib authentication support for Requests.

Project description

This project provides first-class OAuth library support for Requests.

The OAuth 1 workflow

OAuth 1 can seem overly complicated and it sure has its quirks. Luckily, requests_oauthlib hides most of these and let you focus at the task at hand.

Accessing protected resources using requests_oauthlib is as simple as:

>>> from requests_oauthlib import OAuth1Session
>>> twitter = OAuth1Session('client_key',
                            client_secret='client_secret',
                            resource_owner_key='resource_owner_key',
                            resource_owner_secret='resource_owner_secret')
>>> url = 'https://api.twitter.com/1/account/settings.json'
>>> r = twitter.get(url)

Before accessing resources you will need to obtain a few credentials from your provider (i.e. Twitter) and authorization from the user for whom you wish to retrieve resources for. You can read all about this in the full OAuth 1 workflow guide on RTD.

The OAuth 2 workflow

OAuth 2 is generally simpler than OAuth 1 but comes in more flavours. The most common being the Authorization Code Grant, also known as the WebApplication flow.

Fetching a protected resource after obtaining an access token can be extremely simple. However, before accessing resources you will need to obtain a few credentials from your provider (i.e. Google) and authorization from the user for whom you wish to retrieve resources for. You can read all about this in the full OAuth 2 workflow guide on RTD.

Installation

To install requests and requests_oauthlib you can use pip:

$ pip install requests requests_oauthlib

History

v0.8.0 (14 February 2017)

  • Added Fitbit compliance fix.

  • Fixed an issue where newlines in the response body for the access token request would cause errors when trying to extract the token.

  • Fixed an issue introduced in v0.7.0 where users passing auth to several methods would encounter conflicts with the client_id and client_secret-derived auth. The user-supplied auth argument is now used in preference to those options.

v0.7.0 (22 September 2016)

  • Allowed OAuth2Session.request to take the client_id and client_secret parameters for the purposes of automatic token refresh, which may need them.

v0.6.2 (12 July 2016)

  • Use client_id and client_secret for the Authorization header if provided.

  • Allow explicit bypass of the Authorization header by setting auth=False.

  • Pass through the proxies kwarg when refreshing tokens.

  • Miscellaneous cleanups.

v0.6.1 (19 February 2016)

  • Fixed a bug when sending authorization in headers with no username and password present.

  • Make sure we clear the session token before obtaining a new one.

  • Some improvements to the Slack compliance fix.

  • Avoid timing problems around token refresh.

  • Allow passing arbitrary arguments to requests when calling fetch_request_token and fetch_access_token.

v0.6.0 (14 December 2015)

  • Add compliance fix for Slack.

  • Add compliance fix for Mailchimp.

  • TokenRequestDenied exceptions now carry the entire response, not just the status code.

  • Pass through keyword arguments when refreshing tokens automatically.

  • Send authorization in headers, not just body, to maximize compatibility.

  • More getters/setters available for OAuth2 session client values.

  • Allow sending custom headers when refreshing tokens, and set some defaults.

v0.5.0 (4 May 2015)

  • Fix TypeError being raised instead of TokenMissing error.

  • Raise requests exceptions on 4XX and 5XX responses in the OAuth2 flow.

  • Avoid AttributeError when initializing the OAuth2Session class without complete client information.

v0.4.2 (16 October 2014)

  • New authorized property on OAuth1Session and OAuth2Session, which allows you to easily determine if the session is already authorized with OAuth tokens or not.

  • New TokenMissing and VerifierMissing exception classes for OAuth1Session: this will make it easier to catch and identify these exceptions.

v0.4.1 (6 June 2014)

  • New install target [rsa] for people using OAuth1 RSA-SHA1 signature method.

  • Fixed bug in OAuth2 where supplied state param was not used in auth url.

  • OAuth2 HTTPS checking can be disabled by setting environment variable OAUTHLIB_INSECURE_TRANSPORT.

  • OAuth1 now re-authorize upon redirects.

  • OAuth1 token fetching now raise a detailed error message when the response body is incorrectly encoded or the request was denied.

  • Added support for custom OAuth1 clients.

  • OAuth2 compliance fix for Sina Weibo.

  • Multiple fixes to facebook compliance fix.

  • Compliance fixes now re-encode body properly as bytes in Python 3.

  • Logging now properly done under requests_oauthlib namespace instead of piggybacking on oauthlib namespace.

  • Logging introduced for OAuth1 auth and session.

v0.4.0 (29 September 2013)

  • OAuth1Session methods only return unicode strings. #55.

  • Renamed requests_oauthlib.core to requests_oauthlib.oauth1_auth for consistency. #79.

  • Added Facebook compliance fix and access_token_response hook to OAuth2Session. #63.

  • Added LinkedIn compliance fix.

  • Added refresh_token_response compliance hook, invoked before parsing the refresh token.

  • Correctly limit compliance hooks to running only once!

  • Content type guessing should only be done when no content type is given

  • OAuth1 now updates r.headers instead of replacing it with non case insensitive dict

  • Remove last use of Response.content (in OAuth1Session). #44.

  • State param can now be supplied in OAuth2Session.authorize_url

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-oauthlib-0.8.0.tar.gz (84.1 kB view details)

Uploaded Source

Built Distribution

requests_oauthlib-0.8.0-py2.py3-none-any.whl (23.4 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file requests-oauthlib-0.8.0.tar.gz.

File metadata

File hashes

Hashes for requests-oauthlib-0.8.0.tar.gz
Algorithm Hash digest
SHA256 883ac416757eada6d3d07054ec7092ac21c7f35cb1d2cf82faf205637081f468
MD5 4358a879a4377393bcfd37d0f9ae6d4d
BLAKE2b-256 8014ad120c720f86c547ba8988010d5186102030591f71f7099f23921ca47fe5

See more details on using hashes here.

File details

Details for the file requests_oauthlib-0.8.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for requests_oauthlib-0.8.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 50a8ae2ce8273e384895972b56193c7409601a66d4975774c60c2aed869639ca
MD5 3dd6a56cde1e4b86cbdec252b95efd8c
BLAKE2b-256 7734d0957563f20b259a31c12f14e858d79f2e66eb539d3c1b9ab7077ef030ca

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page