PyOAuth

A Python library that implements the OAuth protocol for clients and servers.

Getting the library

$ pip install pyoauth

or

$ git clone git://github.com/gorakhargosh/pyoauth.git

or

$ git clone http://code.google.com/p/pyoauth/

$ cd pyoauth
$ python setup.py install

About the implementation

PyOAuth implements versions 1.0 and 2.0 of the OAuth protocol as per the RFC specifications (See RFC5849), which supersede any previous versions of the protocol.

Client classes do not send HTTP requests but implement enough of the OAuth protocol to help you build request proxies that can be used to send actual HTTP requests. In essence, it implements OAuth and nothing else. This is a very conscious decision by the library authors. It allows framework authors and API users to use the library without pulling in unnecessary dependencies which may not work on their platform of choice. For example, you can use any of httplib2, tornado, webapp2, or django to send HTTP requests built with this library.

Wherever possible the implementation tries to warn you about problems you may encounter when processing or building OAuth requests by using a fail-fast approach—we try to tell you as much about the problem as possible. For example, OAuth relies on the availability of SSL to communicate securely, and therefore, the library checks whether the OAuth endpoint URLs you specify use SSL and prohibits you from using them if they do not begin with https://. You can change this behavior to suit your needs, but the library will warn you.

Custom HTTP methods are currently not supported.

Signature methods

All the signature methods recommended by the OAuth specification have been implemented by this library, namely:

  1. PLAINTEXT
  2. HMAC-SHA1
  3. RSA-SHA1

Custom signature methods are currently not supported.

RSA-SHA1 requirements

The RSA-SHA1 signature method relies on the availability of third-party libraries like pyasn1, and PyCrypto or M2Crypto.

The library accepts PEM-encoded X.509 certificates, RSA public keys, and RSA private keys. The validity of the X.509 certificates will not be verified by the signing functions. You must ensure the validity of certificates when you accept them by using other utility methods provided by this library or any other suitable means. It is also a good idea to periodically remind your clients about their certificate expiration dates—human beings forget after all.

For a quick rundown about these certificates and keys, please read Using RSA-SHA1 signatures.

Contribute

Found a bug in or want a feature added to pyoauth? You can fork the official code repository or file an issue ticket at the issue tracker. You may also want to refer to Contributing for information about contributing code or documentation to pyoauth.

Indices and tables

Fork me on GitHub