A provider agnostic oauth2 client library for aiohttp, implemented as a self-composed nested application.
No opinions about auth mechanisms are enforced on the application, an on_login and on_error coroutine can, and should, be provided to implement your own login mechanisms (token, session, etc).
$ pip install -U aiohttp_oauth2
from aiohttp import web
from aiohttp_oauth2 import oauth2_app
async def app_factory():
app = web.Application()
app.add_subapp(
"/github/", # any arbitrary prefix
oauth2_app(
client_id=123,
client_secret=456,
authorize_url="https://github.com/login/oauth/authorize",
token_url="https://github.com/login/oauth/access_token",
# add scopes if you want to customize them
scopes=["foo", "bar", "baz"],
# optionally add an on_login coroutine to handle the post-login logic
# it should expect the request and the oauth2 access code response
on_login=set_session_and_redirect,
on_error=show_error_page,
),
)
return app
The necessary oauth2 routes are added as /auth and /callback. Now logging in a user is as simple as redirecting them to: /github/auth.
Since the oauth2_app function is simply a factory that generates sub-apps, you can use this to add any number of oauth2 providers to log in against:
from aiohttp import web
from aiohttp_oauth2 import oauth2_app
async def app_factory() -> web.Application:
app = web.Application()
app.add_subapp(
"/github/",
oauth2_app(
...,
authorize_url="https://github.com/login/oauth/authorize",
token_url="https://github.com/login/oauth/access_token",
)
)
app.add_subapp(
"/google/",
oauth2_app(
...,
authorize_url="https://accounts.google.com/o/oauth2/v2/auth",
token_url="https://www.googleapis.com/oauth2/v4/token",
)
)
app.add_subapp(
"/twitter/",
oauth2_app(
...,
authorize_url="https://api.twitter.com/oauth/authorize",
token_url="https://api.twitter.com/oauth2/token",
)
)
...
return app
You can now redirect users to /twitter/auth, /google/auth, and /github/auth.
As a nice shortcut to the boilerplate of the authorize/token URLs, see the aiohttp_oauth2/client/contrib.py helpers to avoid needing to set the urls explicity.
import os
from aiohttp import web
from aiohttp_oauth2.client.contrib import github
async def app_factory() -> web.Application:
app = web.Application()
app.add_subapp(
"/login/github",
github(
os.getenv("CLIENT_ID"),
os.getenv("CLIENT_SECRET"),
),
)
# and/or `google`, `slack`, `twitter` instead of `github`
return app
Check the "examples" directory for working examples:
$ cd examples
$ pip install -r requirements.txt
# this just makes the library available for import, don't typically do it :D
$ PYTHONPATH=".." python github.py
https)For aiohttp's URL resolution feature to work with SSL, be sure to use aiohttp-remotes. This will ensure that if you are serving your aiohttp application behind any termination point for TLS that aiohttp is still aware via the various forwarding headers that traefik/nginx/etc should set.
FAQs
Provider agnostic OAuth2 client for aiohttp
We found that aiohttp-oauth2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports Scala and Kotlin, bringing AI-powered threat detection to JVM projects with easy manifest generation and fast, accurate scans.
Application Security
/Security News
Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.