Metadata-Version: 2.1
Name: pyramid-oauthlib
Version: 1.0.0
Summary: Pyramid OAuthLib integration
Home-page: https://github.com/tilgovi/pyramid_oauthlib
Author: Randall Leeds
Author-email: tilgovi@hypothes.is
Keywords: web pyramid pylons oauth authentication
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Framework :: Pyramid
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware
Requires-Python: >=3.7
Description-Content-Type: text/x-rst
License-File: LICENSE.txt

Pyramid OAuthLib
================

.. image:: https://travis-ci.org/tilgovi/pyramid-oauthlib.svg?branch=master
    :target: https://travis-ci.org/tilgovi/pyramid-oauthlib
.. image:: http://img.shields.io/coveralls/tilgovi/pyramid-oauthlib.svg
    :target: https://coveralls.io/r/tilgovi/pyramid-oauthlib

Pyramid OAuthLib is a library to integrate the excellent `OAuthLib`_ library
easily into `Pyramid`_ applications. It is designed to ease development of
OAuth applications, provide smooth migration possibilites to legacy codebases
using other authentication or authorization schemes, and configuration patterns
for creating pluggable OAuth components for Pyramid.

**NOTICE**: Pyramid OAuthLib is not feature complete! It is missing the hooks
for token revocation. While this shouldn't be hard to add, it wasn't a priority
to get the initial version released.

Usage Overview
--------------

Configuration::

    def includeme(config):
        """Integration with OAuthLib is as smooth as possible."""
        from oauthlib.oauth2 import BearerToken, AuthorizationCodeGrant

        # Validator callback functions are passed Pyramid request objects so
        # you can access your request properties, database sessions, etc.
        # The request object is populated with accessors for the properties
        # referred to in the OAuthLib docs and used by its built in types.
        validator = MyRequestValidator()

        # Register response types to create grants.
        config.add_response_type('oauthlib.oauth2.AuthorizationCodeGrant',
                                 name='code',
                                 request_validator=validator)

        # Register grant types to validate token requests.
        config.add_grant_type('oauthlib.oauth2.AuthorizationCodeGrant',
                              name='authorization_code',
                              request_validator=validator)

        # Register the token types to use at token endpoints.
        # The second parameter to all registrations may be left out to set it
        # as default to use when no corresponding request parameter specifies
        # the grant, response or token type. Be aware that the built in types
        # will fail if a matching request parameter is missing, though.
        config.add_token_type('oauthlib.oauth2.BearerToken',
                              request_validator=validator)


Token response::

    def access_token(request):
        """Core functionality is available directly from the request.

        Responses from OAuthLib are wrapped in a response object of type
        :class:`pyramid.response.Response` so they can be returned directly
        from views.
        """
        userid = request.authenticated_userid
        if userid is not None:
            credentials = dict(userId=userid)
        else:
            credentials = None

        return request.create_token_response(credentials=credentials)

Custom grant type::

    from oauthlib.oauth2 import ClientCredentialsGrant, InvalidClientError
    from pyramid.authentication import BadCSRFToken
    from pyramid.session import check_csrf_token

    class SessionGrant(ClientCredentialsGrant):

        """A combined authentication and authorization session assertion grant.

        When the Authorization Server and the Token Service are the same server
        this grant type uses a single assertion, the CSRF token, for client
        authentication and an authorization grant.[1] This works particularly
        well with :class:`pyramid.authentication.SessionAuthenticationPolicy`.

        [1] http://tools.ietf.org/html/draft-ietf-oauth-assertions-01#section-3
        """

        def validate_token_request(self, request):
            try:
                check_csrf_token(request, token='assertion')
            except BadCSRFToken:
                raise InvalidClientError(request=request)

            # An object with the confidential client_id and client_secret.
            request.client = LOCAL_CLIENT

            if request.client is None:
                raise InvalidClientError(request=request)

            request.client_id = request.client_id or request.client.client_id


    def includeme(config):
        config.add_grant_type(SessionGrant, 'assertion')

License
-------

Pyramid OAuthLib is released under the `2-Clause BSD License`_, sometimes
referred to as the "Simplified BSD License" or the "FreeBSD License". More
license information can be found in the included ``LICENSE.txt`` file.

.. _OAuthLib: https://github.com/idan/oauthlib
.. _Pyramid: http://www.pylonsproject.org/
.. _2-Clause BSD License: http://www.opensource.org/licenses/BSD-2-Clause


1.0.0 (2022-09-16)
==================

Breaking changes
----------------

- Pyramid OAuthLib now requires Python 3.7+.
- Pyramid OAuthLib now requires OAuthLib 3+.

0.4.2 (2020-09-07)
==================

Bug Fixes
---------

- Add missing parameters from OAuthLib.

0.4.1 (2019-06-28)
==================

Bug Fixes
---------

- Fix `duplicate_params` request property.
- Fix version specifier to indicate that OAuthLib 3 is not yet supported.

0.4.0 (2018-11-16)
==================

Breaking Changes
----------------

- Drop support for Pyramid 1.3 and below.

Features
--------

- Pyramid 1.10 support.

0.3.0 (2018-03-10)
==================

Features
--------

- Python 3 support.
- Support for password credential flow parameters.


0.2.0 (2014-11-21)
==================

Features
--------

- Expose `add_oauth_param` as a directive on `Configurator` instances.
  OAuthLib code typically assumes these attributes exist on the request
  instance. Exposing this directive allows custom extensions to be more
  portable to non-Pyramid code by avoiding the use of `request.params`
  in favor of the transparent attribute access pattern of OAuthLib
  request instances.

0.1.1 (2014-08-04)
==================

Features
--------

- Request methods for easy integration of OAuth flows.
- Request parameters to integrate with OAuthLib modules.
- Registration of new grant, response, and token types, (optionally)
  using dotted name resolution.
- Introspectable configuration.
- Full unit test coverage

Missing in this release
-----------------------

- Support for revocation.
