""" | |
Example of OAuth 2.0 process with web server. | |
API of facebook is used: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow | |
""" | |
import webbrowser | |
import urllib2 | |
import json | |
from urllib import urlencode | |
from urlparse import parse_qsl, urlparse | |
import random | |
PROVIDER = 'facebook' | |
if PROVIDER == 'facebook': | |
CLIENT_KEY = 'your_app_key' | |
CLIENT_SECRET = 'your_app_secret' | |
# host must be set explicitly in facebook app configuration, otherwise forbidden | |
CALLBACK_URL = "http://rrhosterer.com:8000/" | |
AUTHORIZE_URL = 'https://www.facebook.com/dialog/oauth' | |
ACCESS_TOKEN_URL = 'https://graph.facebook.com/v2.3/oauth/access_token' | |
API_RESOURCE_URL = 'https://graph.facebook.com/v2.3/me' | |
elif PROVIDER == 'vk': | |
# VK | |
CLIENT_KEY = 'your_app_key' | |
CLIENT_SECRET = 'your_app_secret' | |
CALLBACK_URL = "http://rrhosterer.com:8000/" | |
AUTHORIZE_URL = 'https://oauth.vk.com/authorize' | |
ACCESS_TOKEN_URL = 'https://oauth.vk.com/access_token' | |
API_RESOURCE_URL = 'https://api.vk.com/method/users.get' | |
elif PROVIDER == 'google': | |
CLIENT_KEY = 'your_app_key' | |
CLIENT_SECRET = 'your_app_secret' | |
CALLBACK_URL = "http://rrhosterer.com:8000/complete/google-oauth2/" | |
AUTHORIZE_URL = 'https://accounts.google.com/o/oauth2/auth' | |
ACCESS_TOKEN_URL = 'https://www.googleapis.com/oauth2/v3/token' | |
API_RESOURCE_URL = 'https://www.googleapis.com/oauth2/v1/userinfo' | |
########################## | |
# STEP 1: user cofirmation | |
########################## | |
auth_params = { | |
"client_id": CLIENT_KEY, | |
"state": str(random.getrandbits(64)), # to protect from CSRF | |
"redirect_uri": CALLBACK_URL, | |
"scope": "email", # we want to get access to email | |
"response_type": "code", | |
} | |
url = "?".join([AUTHORIZE_URL, urlencode(auth_params)]) | |
print url | |
webbrowser.open_new_tab(url) | |
redirected_url = raw_input("Paste here url you were redirected:\n") | |
redirect_params = dict(parse_qsl(urlparse(redirected_url).query)) | |
assert redirect_params['state'] == auth_params['state'] # protect CSRF | |
auth_code = redirect_params['code'] | |
print "auth_code", auth_code | |
###################### | |
# STEP 2: access token | |
###################### | |
access_token_params = { | |
"client_id": CLIENT_KEY, | |
"redirect_uri": CALLBACK_URL, | |
"client_secret": CLIENT_SECRET, | |
"code": auth_code, | |
} | |
if 'google' in ACCESS_TOKEN_URL: | |
# google requires 'grant_type' param | |
access_token_params['grant_type'] = 'authorization_code' | |
# send POST request. Facebook and VK also ok with GET, but google only POST | |
resp = urllib2.urlopen(ACCESS_TOKEN_URL, data=urlencode(access_token_params)) | |
assert resp.code == 200 | |
resp_content = json.loads(resp.read()) | |
access_token = resp_content['access_token'] | |
print "access_token", access_token | |
#################################### | |
# STEP 3: request to server resource | |
#################################### | |
api_params = { | |
'access_token': access_token, | |
} | |
url = "?".join([API_RESOURCE_URL, urlencode(api_params)]) | |
resp = urllib2.urlopen(url) | |
assert resp.code == 200 | |
resp_content = json.loads(resp.read()) | |
email = resp_content.get('email') | |
print "Email:", email | |
print "All params:", resp_content |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment