sanction [sangk-shuhn]: authoritative permission or approval, as for an action.
For the quickstart, authorization code grant flow is assumed, as is the Bearer token type. If you’re unfamiliar with these terms, chances are that they’re what you’re looking for as it’s the default in most public OAuth2 provider implementations (Google, Facebook, Foursquare, etc.).
Introducing this library should be rather trivial (in the usual basic case). There are three steps required in the most common use case (Google is assumed to be the provider throughout sample code):
You can also take a look at the example code in .
To access protected resources via the OAuth2 protocol, you must instantiate a and pass it relevant endpoints for your current operation:from sanction.client import Client # instantiating a client to get the auth URI c = Client(auth_endpoint="https://accounts.google.com/o/oauth2/auth", client_id=config["google.client_id"], redirect_uri="http://localhost:8080/login/google") # instantiating a client to process OAuth2 response c = Client(token_endpoint="https://accounts.google.com/o/oauth2/token", resource_endpoint="https://www.googleapis.com/oauth2/v1", redirect_uri="http://localhost:8080/login/google", client_id=config["google.client_id"], client_secret=config["google.client_secret"])
Of course, you may create the config in your preferred method, the above is simply for demonstration using the required config settings (the example project uses against an file for settings.
The next step is to redirect the user agent to the provider’s authentication/ authorization uri (continuation from previous code block):scope_req = ("scope1","scope2",) my_redirect(c.auth_uri(scope_req))
You can also elect to use the optional parameter to pass a CSRF token that will be included if the provider’s response:my_redirect(client.flow.authorization_uri(state=my_state))
|note:||It is strongly encouraged that you use the parameter to offer CSRF protection. It is also up to you to process the parameter and handle redirection accordingly before calling .|
Access Token Request
When the user has granted or denied resource access to your application, they will be redirected to the as specified by the value of the param. In order to request an access token from the provider, you must request an access token from the provider:c.request_token(response_dict)
If the user has granted access and your config settings are correct, you should then be able to access protected resources through the adapter’s API:c.request("/userinfo")
If the provider has deviated from the OAuth2 spec and the response isn’t JSON (i.e. Stack Exchange), you can pass a custom parser to :c.request("/userinfo", parser=lambda c: dosomething(c))
There are no implementations for individual OAuth2-exposed resources. This is not the intention of the library and will not be added.
- Does China have a public debt
- What about Ripple s decreasing price
- What is propulsion torque
- How does Thanatos ransomware infect a network
- Why do I have no gratitude
- How is challenger strawberry park school
- How do you effectively study accounting textbooks
- What is a good graduating college GPA
- What do contemporary philosophers think of love
- Is CRM good or bad
- What do gold diggers get in life
- How do you trim a bamboo plant
- How does this answer violate BNBR rule
- Is pancytopenia genetic
- Which medical specialties work the least hours
- How do different stock exchange work
- Whats the difference between biostatistics and bioinformatics
- Can Guinea pigs see color
- Why is reverse discrimination not just discrimination
- Can I buy the Sun