Python:OAuth 库
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1666415/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Python: OAuth Library
提问by Paul Tarjan
Is there a full flegged python library for oauth? I haven't found any that handle reissuing of oauth tokens once they expire (Step 5 on the Yahoo OAuth flow).
是否有用于 oauth 的完整 python 库?我还没有发现任何可以在 oauth 令牌过期后重新发布的令牌(Yahoo OAuth 流程中的第 5 步)。
So what is the most complete? I tried the one from oauth.net, and it doesn't handle oauth_session_handlewhich the oauth spec says is required if the endpoint returns it (like yahoo does).
那么什么是最完整的呢?我尝试了oauth.net 中的一个,它不处理oauth_session_handleoauth 规范所说的如果端点返回它是必需的(就像雅虎一样)。
So, what library should I be using? Are they all incomplete and I have to do it on my own?
那么,我应该使用什么库?它们是否都不完整而我必须自己完成?
采纳答案by lemonad
I think Leah Culver's python-oauth(that you've already found) is the best starting point even though it's not complete.
我认为 Leah Culver 的python-oauth(你已经找到了)是最好的起点,即使它不完整。
Leah has a mirror up on github which would make it easy to collaborate: http://github.com/leah/python-oauth/tree/master/oauth/
Leah 在 github 上有一个镜像,可以很容易地进行协作:http: //github.com/leah/python-oauth/tree/master/oauth/
Update: As it stands today, it looks like SimpleGeo's python-oauth2is the best starting point.
更新:就目前而言,SimpleGeo 的python-oauth2似乎是最好的起点。
回答by Yarin
回答by marcelocra
OAuthofficial website recommends both rauthand oauthlib. Quoting them regarding rauth:
OAuth官网同时推荐了rauth和oauthlib。引用他们关于rauth:
Max Countryman maintains the rauth and it is considered the most up-to-date and unit-tested implementation of OAuth for Python.
Max Countryman 维护 rauth,它被认为是 Python 的 OAuth 的最新和单元测试实现。
Regarding oauthlib:
关于oauthlib:
Another great library is OAuthlib which implements the latest RFC, including client and server.
另一个很棒的库是 OAuthlib,它实现了最新的 RFC,包括客户端和服务器。
UPDATE: Feb 9th, 2019
更新:2019 年 2 月 9 日
Both libraries are still mentioned in the OAuth recommended libs for Python, but looking at their Github page, oauthlibhas been more frequently maintained.
OAuth 推荐的 Python库中仍然提到了这两个库,但是查看它们的 Github 页面,oauthlib得到了更频繁的维护。
回答by stannie
回答by user161642
Use Kenneth Reitz's awesome requestslibrary along with the requests-oauthplugin linked off of http://docs.python-requests.org/en/latest/community/out-there/
使用 Kenneth Reitz 的很棒的请求库以及从http://docs.python-requests.org/en/latest/community/out-there/链接的requests-oauth插件
回答by Takahiko Kawasaki
Yet another answer to the 9-year-old question. The following are libraries for OAuth 2.0 and OpenID Connectand sample implementations written in Python. Note that they use Authleteas a backend service.
9年前的问题的另一个答案。以下是 OAuth 2.0 和OpenID Connect 的库以及用 Python 编写的示例实现。请注意,他们使用Authlete作为后端服务。
- authlete-python : library for Python (GitHub, PyPI)
- authlete-python-django : library for Django(GitHub, PyPI)
- django-oauth-server: sample implementation of an authorization server
- django-resource-server: sample implementation of a resource server
- authlete-python:Python 库(GitHub,PyPI)
- authlete-python-django:Django库(GitHub,PyPI)
- django-oauth-server:授权服务器的示例实现
- django-resource-server:资源服务器的示例实现
The question was posted in 2009. Since then, many important specifications have been developed. The following are some examples.
这个问题是在 2009 年发布的。从那时起,已经制定了许多重要的规范。以下是一些示例。
- 2012, Oct - RFC 6749, The OAuth 2.0 Authorization Framework
- 2012, Oct - RFC 6750, The OAuth 2.0 Authorization Framework: Bearer Token Usage
- 2014, Nov - OpenID Connect Core 1.0
- 2014, Nov - OpenID Connect Discovery 1.0
- 2014, Nov - OpenID Connect Dynamic Client Registration 1.0
- 2015, Sep - RFC 7636, Proof Key for Code Exchange by OAuth Public Clients
- 2018, Oct - Financial-grade API (FAPI) Implementer's Draft 2 (Part 1, Part 2)
- 2019, Feb - OpenID Connect Client Initiated Backchannel Authentication Flow - Core 1.0
- 2019, Aug - RFC 8628, OAuth 2.0 Device Authorization Grant
- (Draft) - OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens
- 2012 年 10 月 - RFC 6749,OAuth 2.0 授权框架
- 2012 年 10 月 - RFC 6750,OAuth 2.0 授权框架:不记名令牌使用
- 2014 年 11 月 - OpenID Connect Core 1.0
- 2014 年 11 月 - OpenID Connect Discovery 1.0
- 2014 年 11 月 - OpenID Connect动态客户端注册 1.0
- 2015 年 9 月 - RFC 7636,OAuth 公共客户端代码交换的证明密钥
- 2018 年 10 月 - 金融级 API (FAPI) 实施者草案 2(第 1部分、第 2 部分)
- 2019 年 2 月 - OpenID Connect 客户端发起的反向信道身份验证流程 -核心 1.0
- 2019 年 8 月 - RFC 8628,OAuth 2.0 设备授权授权
- (草案)- OAuth 2.0 相互 TLS 客户端身份验证和证书绑定访问令牌
Now the volume of specifications related to OAuth 2.0 and OpenID Connect is huge, full-fledged implementations are rare. For example, at the time of this writing (Aug 20, 2019), the number of certified OpenID Provider implementations that support Financial-grade API (FAPI)is just 4. Also, the number of certified OpenID Provider implementationsthat support Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP and Form Post OP is 5. (Authlete is the only implementation that is included in both)
现在与 OAuth 2.0 和 OpenID Connect 相关的规范数量巨大,成熟的实现很少。例如,在撰写本文时(2019 年 8 月 20 日),支持金融级 API (FAPI)的认证 OpenID Provider 实现数量仅为 4。此外,支持 Basic OP的认证 OpenID Provider 实现数量, Implicit OP、Hybrid OP、Config OP、Dynamic OP 和 Form Post OP 是 5。(Authlete 是唯一包含在两者中的实现)
The following are some consideration points for OAuth 2.0 implementations:
以下是 OAuth 2.0 实现的一些注意事项:
- RFC 7636 support (important for security)
- OpenID Connect support (or just OAuth 2.0?)
- Financial-grade API (FAPI) support, if you need higher security. See "Financial-grade API (FAPI), explained by an implementer"for technical details.
- RFC 7636 支持(对安全很重要)
- OpenID Connect 支持(或只是 OAuth 2.0?)
- 金融级 API (FAPI) 支持,如果您需要更高的安全性。有关技术详细信息,请参阅“金融级 API (FAPI),由实施者解释”。
