Skip to content

Refinitiv/bottle-oauthlib

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

126 Commits

.github/workflows

.github/workflows

 
 

bottle_oauthlib

bottle_oauthlib

 
 

docs

docs

 
 

tests

tests

 
 

.coveragerc

.coveragerc

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

requirements.in

requirements.in

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

tox.ini

tox.ini

 
 

Repository files navigation

bottle-oauthlib

Build Coverage Status pip install bottle-oauthlib

Context

Interested to implement your own OAuth2.0 or OpenID Connect Provider in python ? You're at the right place.

Combine the excellent https://github.com/oauthlib/oauthlib framework and the micro-framework https://github.com/bottlepy/bottle to provide OAuth2.0 authorization in only a couple of minutes.

OAuth2.0 basic knowledge is more than welcomed ! However, for novices users, as a rule of thumb, you must understand the OAuth2.0 is a delegation protocol. Basically, it delegates authorization (through scopes) to an application (client).

Note that you can implement only the delegation part or the authorization server or an application, or all combined. That's your choice.

For more information about OAuth2.0 fundamentals, check https://oauth.net/2/

Quick start

Define rules into a oauthlib.RequestValidator class. See oauthlib#implement-a-validator:

class MyOAuth2_Validator(oauth2.RequestValidator):
    def authenticate_client_id(self, client_id, ..):
        """validate client_id"""

    def validate_user(self, username, password, client, ..):
        """validate username & password"""

    def validate_scopes(self, client_id, scopes, ..):
        """validate scope against the client"""

    (..)

Link it to a preconfigured oauthlib Server, then to a bottle app:

import bottle
from bottle_oauthlib.oauth2 import BottleOAuth2
from oauthlib import oauth2

validator = MyOAuth2_Validator()
server = oauth2.Server(validator)

app = bottle.Bottle()
app.auth = BottleOAuth2(app)
app.auth.initialize(server)

Finally, declare bottle endpoints to request token:

@app.post('/token')
@app.auth.create_token_response()
def token():
    """an empty controller is enough for most cases"""

In addition, you can declare a resource endpoint which verify a token and its optional scopes:

@app.get('/calendar')
@app.auth.verify_request(scopes=['calendar'])
def access_calendar():
    return "Welcome {}, you have permissioned {} to use your calendar".format(
        bottle.request.oauth["user"],
        bottle.request.oauth["client"].client_id
    )

See the full example in our code source at quickstart.py. Don't hesitate to copy it for your own project and its unit tests at test_quickstart.py to be confident when you upgrade.

If you are not interested in doing a full Provider but only a Resource Server, just use the quickstart example for OAuth2.0 Resource Server. You can either use an Introspection Endpoint or decode JWT and validate yourself the Bearer tokens. Start with the quickstart_resourceserver.py and its unit tests at test_quickstart_resourceserver.py.

Help & support

Feel free to ask question or support by opening a Github issue https://github.com/Refinitiv/bottle-oauthlib/issues.

Contribution

Don't hesitate to propose PR, they are more than welcomed. Please, be sure you're compliant with our Contribution guide.

Copyright

This document is licensed under BSD-3-Clause license. See LICENSE for details.

The code was opened by (c) Refinitiv (previously Thomson Reuters).

About

Bottle adapter for OAuthlib framework (OAuth2.0)

Resources

Readme

License

BSD-3-Clause license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

44 stars

Watchers

93 watching

Forks

15 forks
Report repository

Releases 4

OpenID Connect - UserInfo Endpoint Latest
May 13, 2019
+ 3 releases

Packages

No packages published

Contributors 5

Languages