Readme
A provider agnostic oauth2 client library for aiohttp, implemented as a self-composed nested application.
No opinions about auth mechanisms are enforced on the application, an on_login and on_error coroutine can, and should, be provided to implement your own login mechanisms (token, session, etc).
$ pip install -U aiohttp_oauth2
from aiohttp import web
from aiohttp_oauth2 import oauth2_app
async def app_factory():
app = web.Application()
app.add_subapp(
"/github/", # any arbitrary prefix
oauth2_app(
client_id=123,
client_secret=456,
authorize_url="https://github.com/login/oauth/authorize",
token_url="https://github.com/login/oauth/access_token",
# add scopes if you want to customize them
scopes=["foo", "bar", "baz"],
# optionally add an on_login coroutine to handle the post-login logic
# it should expect the request and the oauth2 access code response
on_login=set_session_and_redirect,
on_error=show_error_page,
),
)
return app
The necessary oauth2 routes are added as /auth and /callback. Now logging in a user is as simple as redirecting them to: /github/auth.
Since the oauth2_app function is simply a factory that generates sub-apps, you can use this to add any number of oauth2 providers to log in against:
from aiohttp import web
from aiohttp_oauth2 import oauth2_app
async def app_factory() -> web.Application:
app = web.Application()
app.add_subapp(
"/github/",
oauth2_app(
...,
authorize_url="https://github.com/login/oauth/authorize",
token_url="https://github.com/login/oauth/access_token",
)
)
app.add_subapp(
"/google/",
oauth2_app(
...,
authorize_url="https://accounts.google.com/o/oauth2/v2/auth",
token_url="https://www.googleapis.com/oauth2/v4/token",
)
)
app.add_subapp(
"/twitter/",
oauth2_app(
...,
authorize_url="https://api.twitter.com/oauth/authorize",
token_url="https://api.twitter.com/oauth2/token",
)
)
...
return app
You can now redirect users to /twitter/auth, /google/auth, and /github/auth.
As a nice shortcut to the boilerplate of the authorize/token URLs, see the aiohttp_oauth2/client/contrib.py helpers to avoid needing to set the urls explicity.
import os
from aiohttp import web
from aiohttp_oauth2.client.contrib import github
async def app_factory() -> web.Application:
app = web.Application()
app.add_subapp(
"/login/github",
github(
os.getenv("CLIENT_ID"),
os.getenv("CLIENT_SECRET"),
),
)
# and/or `google`, `slack`, `twitter` instead of `github`
return app
Check the "examples" directory for working examples:
$ cd examples
$ pip install -r requirements.txt
# this just makes the library available for import, don't typically do it :D
$ PYTHONPATH=".." python github.py
https)For aiohttp's URL resolution feature to work with SSL, be sure to use aiohttp-remotes. This will ensure that if you are serving your aiohttp application behind any termination point for TLS that aiohttp is still aware via the various forwarding headers that traefik/nginx/etc should set.
FAQs
Provider agnostic OAuth2 client for aiohttp
We found that aiohttp-oauth2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.