Login/Register
Writing a Two-legged OAuth provider in Django
Asked Answered
Solved djangooauthdjango-piston
O

3

2

I'm looking for a tutorial/example/explanation about writing a two-legged provider for OAuth in Django.

It's hard to find documentation about a OAuth provider, and even harder about a two-legged system...

Outface answered 2/8, 2011 at 11:29 Comment(0)
M
1

'2 legged' is just normal OAuth request without an access token or access token secret. That's it. You still use the client credentials (identifier and secret) but use empty strings for the access token parameters. Depending on the server library you use, you can omit the oauth_token parameter when making the request.

Malvia answered 2/8, 2011 at 16:2 Comment(0)
G
7

I spent about 3 days trying to figure this out and wanted to provide anyone who can use it with this working example I finally got from the service I was trying to query. It wound up being extremely easy. P.S. Just because someone is using oauth 1.0 doesn't mean that you can't use the oauth2 library.

To get auth2, type pip install oauth2.

In your script, you need:

import oauth2
import time
import urllib2


def build_request(url, method='GET'):
    params = {                                            
        'oauth_version': "1.0",
        'oauth_nonce': oauth2.generate_nonce(),
        'oauth_timestamp': int(time.time())
    }
    consumer = oauth2.Consumer(key='python_test',secret='your_secret')
    params['oauth_consumer_key'] = consumer.key

    req = oauth2.Request(method=method, url=url, parameters=params)
    signature_method = oauth2.SignatureMethod_HMAC_SHA1()
    req.sign_request(signature_method, consumer, None)
    return req

Calling the function and viewing the output looks like this:

request = build_request('http://demo.echo360.com/ess/scheduleapi/v1/terms')
u = urllib2.urlopen(request.to_url())
print u.readlines()
Goolsby answered 3/10, 2012 at 14:15 Comment(1)
Funny, it's exact the same source code as one of my other questions: #6925069 . And the oauth2 library is only for OAuth 1.0a. Very confusing name of their library...Outface
M
1

'2 legged' is just normal OAuth request without an access token or access token secret. That's it. You still use the client credentials (identifier and secret) but use empty strings for the access token parameters. Depending on the server library you use, you can omit the oauth_token parameter when making the request.

Malvia answered 2/8, 2011 at 16:2 Comment(0)
C
1

This is a good starting article: http://philipsoutham.com/post/2172924723/two-legged-oauth-in-python

Two-legged OAuth for Piston: https://github.com/gregbayer/django-piston-two-legged-oauth

Calibrate answered 29/1, 2012 at 19:54 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.