common.py

from rauth import OAuth1Service

# Get an API Key in your SmugMug Account Settings.
API_KEY = None
API_KEY_SECRET = None

OAUTH_ORIGIN = 'https://secure.smugmug.com'
REQUEST_TOKEN_URL = OAUTH_ORIGIN + '/services/oauth/1.0a/getRequestToken'
ACCESS_TOKEN_URL = OAUTH_ORIGIN + '/services/oauth/1.0a/getAccessToken'
AUTHORIZE_URL = OAUTH_ORIGIN + '/services/oauth/1.0a/authorize'

API_ORIGIN = 'http://api.smugmug.com'
BASE_URL = API_ORIGIN + '/api/v2'

SERVICE = OAuth1Service(
        name='smugmug-oauth-web-demo',
        consumer_key=API_KEY,
        consumer_secret=API_KEY_SECRET,
        request_token_url=REQUEST_TOKEN_URL,
        access_token_url=ACCESS_TOKEN_URL,
        authorize_url=AUTHORIZE_URL,
        base_url=BASE_URL)

console.py

#!/usr/bin/env python3

from rauth import OAuth1Session
import sys

from common import *

def main():
    rt, rts = SERVICE.get_request_token(params={'oauth_callback': 'oob'})
    auth_url = SERVICE.get_authorize_url(rt)
    print('Go to %s in a web browser.' % auth_url)
    sys.stdout.write('Enter the six-digit code: ')
    sys.stdout.flush()
    verifier = sys.stdin.readline().strip()
    at, ats = SERVICE.get_access_token(rt, rts, params={'oauth_verifier': verifier})
    session = OAuth1Session(API_KEY, API_KEY_SECRET, access_token=at, access_token_secret=ats)
    print(session.get(API_ORIGIN + '/api/v2!authuser', headers={'Accept': 'application/json'}).text)

if __name__ == '__main__':
    main()

requirements.txt

rauth==0.6.2
bottle==0.12.3

web.py

#!/usr/bin/env python3

from rauth import OAuth1Session
from bottle import redirect, request, response, route, run

from common import *

COOKIE_NAME = 'c'

# This secret is used for signing cookies.
# Generate a value with uuidgen.
SECRET = None

HOST = 'localhost'
PORT = 8090

# In your SmugMug Account Settings, configure your API Key
# to use this callback URI.
CALLBACK_URI = 'http://' + HOST + ':' + str(PORT) + '/callback'

@route('/')
def index():
    return '''
        <html><body><ul>
            <li><a href='/authorize'>Authorize</a></li>
            <li>
                <form action='/test' method='GET'>
                    <label for='path'>API URI Path:</label>
                    <input type='text' name='path' id='path'
                        value='/api/v2!authuser'>
                    <input type='submit' value='GET'>
                </form>
            </li>
        </ul></body></html>
    ''';

def set_cookie(obj):
    response.set_cookie(
            COOKIE_NAME, obj, secret=SECRET, httponly=True, path='/')

@route('/authorize')
def authorize():
    rt, rts = SERVICE.get_request_token(params={'oauth_callback': 'http://localhost:8090/callback'})
    set_cookie({'rt': rt, 'rts': rts})
    auth_url = SERVICE.get_authorize_url(rt)
    redirect(auth_url)

@route('/callback')
def callback():
    cookie = request.get_cookie(COOKIE_NAME, secret=SECRET)
    at, ats = SERVICE.get_access_token(cookie['rt'], cookie['rts'], params={'oauth_verifier': request.query['oauth_verifier']})
    set_cookie({'at': at, 'ats': ats})
    redirect('/')

@route('/test')
def test():
    cookie = request.get_cookie(COOKIE_NAME, secret=SECRET)
    session = OAuth1Session(
            API_KEY, API_KEY_SECRET,
            access_token=cookie['at'], access_token_secret=cookie['ats'])
    response.set_header('Content-Type', 'application/json')
    return session.get(
            API_ORIGIN + request.query['path'],
            headers={'Accept': 'application/json'}).text

if __name__ == '__main__':
    run(host=HOST, port=PORT)