This part of the documentation covers the interface of Authlib Client.
authlib.integrations.requests_client.
OAuth1Session
(client_id, client_secret=None, token=None, token_secret=None, redirect_uri=None, rsa_key=None, verifier=None, signature_method='HMAC-SHA1', signature_type='HEADER', force_include_body=False, **kwargs)¶Create an authorization URL by appending request_token and optional kwargs to url.
This is the second step in the OAuth 1 workflow. The user should be redirected to this authorization URL, grant access to you, and then be redirected back to you. The redirection back can either be specified during client registration or by supplying a callback URI per request.
Parameters: |
|
---|---|
Returns: | The authorization URL with new parameters embedded. |
fetch_access_token
(url, verifier=None, **kwargs)¶Method for fetching an access token from the token endpoint.
This is the final step in the OAuth 1 workflow. An access token is obtained using all previously obtained credentials, including the verifier from the authorization step.
Parameters: |
|
---|---|
Returns: | A token dict. |
fetch_request_token
(url, realm=None, **kwargs)¶Method for fetching an access token from the token endpoint.
This is the first step in the OAuth 1 workflow. A request token is obtained by making a signed post request to url. The token is then parsed from the application/x-www-form-urlencoded response and ready to be used to construct an authorization url.
Parameters: |
|
---|---|
Returns: | A Request Token dict. |
Note, realm
can also be configured when session created:
session = OAuth1Session(client_id, client_secret, ..., realm='')
Extract parameters from the post authorization redirect response URL.
Parameters: | url – The full URL that resulted from the user being redirected back from the OAuth provider to you, the client. |
---|---|
Returns: | A dict of parameters extracted from the URL. |
authlib.integrations.requests_client.
OAuth1Auth
(client_id, client_secret=None, token=None, token_secret=None, redirect_uri=None, rsa_key=None, verifier=None, signature_method='HMAC-SHA1', signature_type='HEADER', realm=None, force_include_body=False)¶Signs the request using OAuth 1 (RFC5849)
authlib.integrations.requests_client.
OAuth2Session
(client_id=None, client_secret=None, token_endpoint_auth_method=None, revocation_endpoint_auth_method=None, scope=None, redirect_uri=None, token=None, token_placement='header', update_token=None, **kwargs)¶Construct a new OAuth 2 client requests session.
Parameters: |
|
---|
Generate an authorization URL and state.
Parameters: |
|
---|---|
Returns: | authorization_url, state |
fetch_token
(url=None, body='', method='POST', headers=None, auth=None, grant_type=None, **kwargs)¶Generic method for fetching an access token from the token endpoint.
Parameters: |
|
---|---|
Returns: | A |
refresh_token
(url, refresh_token=None, body='', auth=None, headers=None, **kwargs)¶Fetch a new access token using a refresh token.
Parameters: |
|
---|---|
Returns: | A |
register_client_auth_method
(auth)¶Extend client authenticate for token endpoint.
Parameters: | auth – an instance to sign the request |
---|
register_compliance_hook
(hook_type, hook)¶Register a hook for request/response tweaking.
Available hooks are:
revoke_token
(url, token=None, token_type_hint=None, body=None, auth=None, headers=None, **kwargs)¶Revoke token method defined via RFC7009.
Parameters: |
|
---|---|
Returns: | A |
authlib.integrations.requests_client.
OAuth2Auth
(token, token_placement='header', client=None)¶Sign requests for OAuth 2.0, currently only bearer token is supported.
authlib.integrations.httpx_client.
OAuth1Auth
(client_id, client_secret=None, token=None, token_secret=None, redirect_uri=None, rsa_key=None, verifier=None, signature_method='HMAC-SHA1', signature_type='HEADER', realm=None, force_include_body=False)¶Signs the httpx request using OAuth 1 (RFC5849)
auth_flow
(request: httpx.models.Request) → Generator[httpx.models.Request, httpx.models.Response, None]¶Execute the authentication flow.
To dispatch a request, yield it:
`
yield request
`
The client will .send() the response back into the flow generator. You can access it like so:
`
response = yield request
`
A return (or reaching the end of the generator) will result in the client returning the last response obtained from the server.
You can dispatch as many requests as is necessary.
authlib.integrations.httpx_client.
AsyncOAuth1Client
(client_id, client_secret=None, token=None, token_secret=None, redirect_uri=None, rsa_key=None, verifier=None, signature_method='HMAC-SHA1', signature_type='HEADER', force_include_body=False, **kwargs)¶Create an authorization URL by appending request_token and optional kwargs to url.
This is the second step in the OAuth 1 workflow. The user should be redirected to this authorization URL, grant access to you, and then be redirected back to you. The redirection back can either be specified during client registration or by supplying a callback URI per request.
Parameters: |
|
---|---|
Returns: | The authorization URL with new parameters embedded. |
fetch_access_token
(url, verifier=None, **kwargs)¶Method for fetching an access token from the token endpoint.
This is the final step in the OAuth 1 workflow. An access token is obtained using all previously obtained credentials, including the verifier from the authorization step.
Parameters: |
|
---|---|
Returns: | A token dict. |
fetch_request_token
(url, realm=None, **kwargs)¶Method for fetching an access token from the token endpoint.
This is the first step in the OAuth 1 workflow. A request token is obtained by making a signed post request to url. The token is then parsed from the application/x-www-form-urlencoded response and ready to be used to construct an authorization url.
Parameters: |
|
---|---|
Returns: | A Request Token dict. |
Note, realm
can also be configured when session created:
session = OAuth1Session(client_id, client_secret, ..., realm='')
Extract parameters from the post authorization redirect response URL.
Parameters: | url – The full URL that resulted from the user being redirected back from the OAuth provider to you, the client. |
---|---|
Returns: | A dict of parameters extracted from the URL. |
authlib.integrations.httpx_client.
OAuth2Auth
(token, token_placement='header', client=None)¶Sign requests for OAuth 2.0, currently only bearer token is supported.
authlib.integrations.httpx_client.
AsyncOAuth2Client
(client_id=None, client_secret=None, token_endpoint_auth_method=None, revocation_endpoint_auth_method=None, scope=None, redirect_uri=None, token=None, token_placement='header', update_token=None, **kwargs)¶Generate an authorization URL and state.
Parameters: |
|
---|---|
Returns: | authorization_url, state |
fetch_token
(url=None, body='', method='POST', headers=None, auth=None, grant_type=None, **kwargs)¶Generic method for fetching an access token from the token endpoint.
Parameters: |
|
---|---|
Returns: | A |
refresh_token
(url, refresh_token=None, body='', auth=None, headers=None, **kwargs)¶Fetch a new access token using a refresh token.
Parameters: |
|
---|---|
Returns: | A |
register_client_auth_method
(auth)¶Extend client authenticate for token endpoint.
Parameters: | auth – an instance to sign the request |
---|
register_compliance_hook
(hook_type, hook)¶Register a hook for request/response tweaking.
Available hooks are:
revoke_token
(url, token=None, token_type_hint=None, body=None, auth=None, headers=None, **kwargs)¶Revoke token method defined via RFC7009.
Parameters: |
|
---|---|
Returns: | A |
authlib.integrations.httpx_client.
AsyncAssertionClient
(token_endpoint, issuer, subject, audience=None, grant_type=None, claims=None, token_placement='header', scope=None, **kwargs)¶authlib.integrations.flask_client.
OAuth
(app=None, cache=None, fetch_token=None, update_token=None)¶A Flask OAuth registry for oauth clients.
Create an instance with Flask:
oauth = OAuth(app, cache=cache)
You can also pass the instance of Flask later:
oauth = OAuth()
oauth.init_app(app, cache=cache)
Parameters: |
|
---|
create_client
(name)¶Create or get the given named OAuth client. For instance, the
OAuth registry has .register
a twitter client, developers may
access the client with:
client = oauth.create_client('twitter')
Param: | name: Name of the remote application |
---|---|
Returns: | OAuth remote app |
init_app
(app, cache=None, fetch_token=None, update_token=None)¶Initialize lazy for Flask app. This is usually used for Flask application factory pattern.
register
(name, overwrite=False, **kwargs)¶Registers a new remote application.
Parameters: |
|
---|
Find parameters for the given remote app class. When a remote app is registered, it can be accessed with named attribute:
oauth.register('twitter', client_id='', ...)
oauth.twitter.get('timeline')
authlib.integrations.flask_client.
FlaskRemoteApp
(framework, name=None, fetch_token=None, **kwargs)¶Flask integrated RemoteApp of OAuthClient
.
It has built-in hooks for OAuthClient. The only required configuration
is token model.
Authorize access token.
Create a HTTP Redirect for Authorization Endpoint.
Parameters: |
|
---|---|
Returns: | A HTTP redirect response. |
delete
(url, **kwargs)¶Invoke DELETE http request.
If api_base_url
configured, shortcut is available:
client.delete('posts/123')
get
(url, **kwargs)¶Invoke GET http request.
If api_base_url
configured, shortcut is available:
client.get('users/lepture')
patch
(url, **kwargs)¶Invoke PATCH http request.
If api_base_url
configured, shortcut is available:
client.patch('profile', json={'name': 'Hsiaoming Yang'})
post
(url, **kwargs)¶Invoke POST http request.
If api_base_url
configured, shortcut is available:
client.post('timeline', json={'text': 'Hi'})
put
(url, **kwargs)¶Invoke PUT http request.
If api_base_url
configured, shortcut is available:
client.put('profile', json={'name': 'Hsiaoming Yang'})
Save temporary data into session for the authorization step. These data can be retrieved later when fetching access token.
authlib.integrations.django_client.
OAuth
(fetch_token=None, update_token=None)¶create_client
(name)¶Create or get the given named OAuth client. For instance, the
OAuth registry has .register
a twitter client, developers may
access the client with:
client = oauth.create_client('twitter')
Param: | name: Name of the remote application |
---|---|
Returns: | OAuth remote app |
register
(name, overwrite=False, **kwargs)¶Registers a new remote application.
Parameters: |
|
---|
Find parameters for the given remote app class. When a remote app is registered, it can be accessed with named attribute:
oauth.register('twitter', client_id='', ...)
oauth.twitter.get('timeline')
authlib.integrations.django_client.
DjangoRemoteApp
(framework, name=None, fetch_token=None, update_token=None, client_id=None, client_secret=None, request_token_url=None, request_token_params=None, access_token_url=None, access_token_params=None, authorize_url=None, authorize_params=None, api_base_url=None, client_kwargs=None, server_metadata_url=None, compliance_fix=None, client_auth_methods=None, **kwargs)¶Fetch access token in one step.
Parameters: | request – HTTP request instance from Django view. |
---|---|
Returns: | A token dict. |
Create a HTTP Redirect for Authorization Endpoint.
Parameters: |
|
---|---|
Returns: | A HTTP redirect response. |
delete
(url, **kwargs)¶Invoke DELETE http request.
If api_base_url
configured, shortcut is available:
client.delete('posts/123')
get
(url, **kwargs)¶Invoke GET http request.
If api_base_url
configured, shortcut is available:
client.get('users/lepture')
patch
(url, **kwargs)¶Invoke PATCH http request.
If api_base_url
configured, shortcut is available:
client.patch('profile', json={'name': 'Hsiaoming Yang'})
post
(url, **kwargs)¶Invoke POST http request.
If api_base_url
configured, shortcut is available:
client.post('timeline', json={'text': 'Hi'})
put
(url, **kwargs)¶Invoke PUT http request.
If api_base_url
configured, shortcut is available:
client.put('profile', json={'name': 'Hsiaoming Yang'})
Save temporary data into session for the authorization step. These data can be retrieved later when fetching access token.
authlib.integrations.starlette_client.
OAuth
(config=None, cache=None, fetch_token=None, update_token=None)¶create_client
(name)¶Create or get the given named OAuth client. For instance, the
OAuth registry has .register
a twitter client, developers may
access the client with:
client = oauth.create_client('twitter')
Param: | name: Name of the remote application |
---|---|
Returns: | OAuth remote app |
register
(name, overwrite=False, **kwargs)¶Registers a new remote application.
Parameters: |
|
---|
Find parameters for the given remote app class. When a remote app is registered, it can be accessed with named attribute:
oauth.register('twitter', client_id='', ...)
oauth.twitter.get('timeline')
authlib.integrations.starlette_client.
StarletteRemoteApp
(framework, name=None, fetch_token=None, update_token=None, client_id=None, client_secret=None, request_token_url=None, request_token_params=None, access_token_url=None, access_token_params=None, authorize_url=None, authorize_params=None, api_base_url=None, client_kwargs=None, server_metadata_url=None, compliance_fix=None, client_auth_methods=None, **kwargs)¶Fetch an access token.
Parameters: | request – Starlette Request instance. |
---|---|
Returns: | A token dict. |
Create a HTTP Redirect for Authorization Endpoint.
Parameters: |
|
---|---|
Returns: | Starlette |
delete
(url, **kwargs)¶Invoke DELETE http request.
If api_base_url
configured, shortcut is available:
client.delete('posts/123')
get
(url, **kwargs)¶Invoke GET http request.
If api_base_url
configured, shortcut is available:
client.get('users/lepture')
patch
(url, **kwargs)¶Invoke PATCH http request.
If api_base_url
configured, shortcut is available:
client.patch('profile', json={'name': 'Hsiaoming Yang'})
post
(url, **kwargs)¶Invoke POST http request.
If api_base_url
configured, shortcut is available:
client.post('timeline', json={'text': 'Hi'})
put
(url, **kwargs)¶Invoke PUT http request.
If api_base_url
configured, shortcut is available:
client.put('profile', json={'name': 'Hsiaoming Yang'})
Save temporary data into session for the authorization step. These data can be retrieved later when fetching access token.