OAuth 2.0 for Pyramid

[Kevin Van Wilder]

Hi there,

We are currently developing an open source OAuth 2.0 provider extension for pyramid and are aiming for full integration of draft 18 down the line. 

Currently we are focusing on the "client_credentials" grant type, the most simple type of communication between a consumer and its provider, requiring no intervention of the resource owner, i.e. the user. After this, we will fine-tune all the aspects before moving on to implement the other grant types. 

The docs and tests are currently lacking, but they will soon find its way on the repository. 

If you are interested in helping us, don't hesitate to contact me! As always, feedback is much appreciated.

Kind regards,

Kevin Van Wilder

http://www.tick.ee

[Kevin Van Wilder]

Woops, forgot the most important bit: You can find it at
http://code.google.com/p/pyramid-oauth2/

[Chris Withers]

Have you taken a look at Velruse:

http://packages.python.org/velruse/

cheers,

Chris

--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk

[Kevin Van Wilder]

Hi Chris,

As far as I have looked into Velruse, it seems to be about easily integrating third party authentication providers in your web application. This is of course fantastic and we will be using Velruse in our own software once we introduce twitter-login, etc.. 

However consuming oauth(2?) very well, Velruse does not act as a provider for OAuth 2 and this is what the pyramid_oauth2 extension is about.

Kind regards,

Kevin

[Andrija Frinčić]

Hi Kevin

Is there any sample available or at least basic documentation? We would like to include oauth2 provider to a pyramid based backend application we are developing. 

Best regards

[Lorenzo Gil Sanchez]

We have developed a simple oauth2 backend at:

https://github.com/Yaco-Sistemas/yith-library-server/tree/master/yithlibraryserver/oauth2

It's still work in progress but we are using it in our beta instance at:

https://yithlibrary-webclient.herokuapp.com/

so you can play with it and see how it works

2012/9/12 Andrija Frinčić <bob.r...@gmail.com>:

> --
> You received this message because you are subscribed to the Google Groups
> "pylons-devel" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-devel/-/GqQyIem_eTwJ.
>
> To post to this group, send email to pylons...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-devel...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/pylons-devel?hl=en.

[Victor Fernandez de Alba]

For the record...

A few months ago I've developed an Oauth2 provider based in Pyramid too. It works with the resource owner password credentials flow. This flow is not the most popular oAuth flow, but it's useful in case that we want to oAuth enable an app or a set of apps in an scenario with an already existing user backend. Using this flow you can use Osiris as a gateway between your existing user store and oAuth enable it. Osiris will authenticate the user credentials against your user store and if suceeds it will issue a oAuth token. Then, an app can use it to impersonate the user's token to access an oAuth enabled REST API, for example.

You can find more information here: https://github.com/sneridagh/osiris

I haven't give it any love in the last months, but it works.

Hey Yaco guys! Great job! It's possible to make the oauth2 provider work standalone? Which flows implement?

Cheers,

--
Víctor Fernández de Alba
http://about.me/victorfernandezdealba
Twitter/IRC: sneridagh
g+/Facebook: victorfda

[Lorenzo Gil Sanchez]

2012/9/13 Victor Fernandez de Alba <sner...@gmail.com>:

> For the record...
>
> A few months ago I've developed an Oauth2 provider based in Pyramid too. It
> works with the resource owner password credentials flow. This flow is not
> the most popular oAuth flow, but it's useful in case that we want to oAuth
> enable an app or a set of apps in an scenario with an already existing user
> backend. Using this flow you can use Osiris as a gateway between your
> existing user store and oAuth enable it. Osiris will authenticate the user
> credentials against your user store and if suceeds it will issue a oAuth
> token. Then, an app can use it to impersonate the user's token to access an
> oAuth enabled REST API, for example.
>
> You can find more information here: https://github.com/sneridagh/osiris
>
> I haven't give it any love in the last months, but it works.
>
> Hey Yaco guys! Great job! It's possible to make the oauth2 provider work
> standalone? Which flows implement?
>

Only the response_type = code flow is implemented right now as you can see at:

https://github.com/Yaco-Sistemas/yith-library-server/blob/master/yithlibraryserver/oauth2/views.py#L175

I plan to add the flow used in javascript applications very soon.

As if it is possible to use standalone, it shouldn't be too difficult
but right now it is not distributed as a separate package, you have to
extract it from Yith Library.

[Jonathan Vanasco]

This is purely my very opinionated 2¢ ...

I've had to integrate against oAuth a few times, and have constantly found it a hassle.

The existing 'core' Python libraries for it are rather scattered in terms of active development, maturity and "street cred" ( by which I mean that  you'll often find a big name website saying "You should use this library for oAuth against our API!", yet that library is badly documented, barely functional, often really out of date with current specs , and ships with a bunch of its own tests which it won't even pass ).

I've seen a handful of oAuth plugins and "micro-frameworks" for django or uwsgi servers too.  They try to be a complete plug&play solution, but then you have to worry about integrating the endpoints, skinning the views, and persisting the data.  After a few minutes of playing with the modules -- if your app doesn't meet the exact specs/design requirements of these plugins, you're looking at a huge mess and really unattractive option.

So for general feedback, I would suggest this:

1- make a core oAuth library that just works , is up to date , and is designed to easily integrate against

2- create a reference Pyramid/etc implementation of the client and server functions ( ie, like your sample views )

3- create a bunch of helper functions that aid in setting up the above , which people can just call if they're lazy.  

Using SqlAlchemy as a datastore is a neat feature , but there are 2 red flags to me:

- it doesn't look like i'll ( easily or at all ) be able to override your tablesnames or database structure 

- i'm now limited to sqlalchemy supported databases.  if i'm on mysql/postgresql/oracle, that's fine - but if i'm using a mongodb or similar datastore -- forget it.

I would, personally, prefer to have some sort of "config" object that I can pass in - which defines/provides some callbacks for searching and storing data.  

Having a drop-in capability and default settings of sqlalchemy are both fine –- but relying on it?  that seems too much like rails/django and all that standardization/configuration restrictions which are a huge part of the reason why people choose Pyramid , Flask, or other frameworks instead of Django.

[Michael Merickel]

On Tue, Sep 25, 2012 at 1:13 PM, Jonathan Vanasco <jona...@findmeon.com> wrote:
> This is purely my very opinionated 2¢ ...
>
> I've had to integrate against oAuth a few times, and have constantly found
> it a hassle.
>
> The existing 'core' Python libraries for it are rather scattered in terms of
> active development, maturity and "street cred" ( by which I mean that
> you'll often find a big name website saying "You should use this library for
> oAuth against our API!", yet that library is badly documented, barely
> functional, often really out of date with current specs , and ships with a
> bunch of its own tests which it won't even pass ).

I believe this is the purpose of oauthlib. I'd love to see a reference
implementation in pyramid.

https://github.com/idan/oauthlib

[Jonathan Vanasco]

holy crap that sounds awesome.

[Elliot Peele]

By any chance, has anyone implemented an oauth provider example using oauthlib in pyramid?

Are there any other choices? It doesn't look like oauthlib implements an oath2 server from what I can tell, but it seems to be the only oauth solution that I have run across that is currently maintained.

[Jens Rantil]

Hi,

I just stumbled across this old thread and just wanted to inform that OAuthLib now seem to support OAuth 2 Provider support: https://oauthlib.readthedocs.org/en/latest/oauth2/server.html

That said, I still haven't seen a Pyramid implementation of OAuthLib.

Cheers,

Jens

[Elliot Peele]

I ended up writing my own provider. 

https://github.com/elliotpeele/pyramid_oauth2_provider

--
You received this message because you are subscribed to the Google Groups "pylons-devel" group.

To unsubscribe from this group and stop receiving emails from it, send an email to pylons-devel...@googlegroups.com.

To post to this group, send email to pylons...@googlegroups.com.

Visit this group at http://groups.google.com/group/pylons-devel.
For more options, visit https://groups.google.com/groups/opt_out.