oauthsub package

Module contents

This lightweight web service performs authentication. All requests that reach this service should be proxied through nginx.

See: https://developers.google.com/api-client-library/python/auth/web-app

class oauthsub.auth_service.Application(app_config)[source]

Bases: flask.app.Flask

Main application context. Exists as a class to keep things local… even though flask is all about the global state.

render_message(message, *args, **kwargs)[source]
route(rule, **options)[source]

A decorator that is used to register a view function for a given URL rule. This does the same thing as add_url_rule() but is intended for decorator usage:

def index():
    return 'Hello World'

For more information refer to url-route-registrations.

  • rule – the URL rule as string
  • endpoint – the endpoint for the registered URL rule. Flask itself assumes the name of the view function as endpoint
  • options – the options to be forwarded to the underlying Rule object. A change to Werkzeug is handling of method options. methods is a list of methods this rule should be limited to (GET, POST etc.). By default a rule just listens for GET (and implicitly HEAD). Starting with Flask 0.6, OPTIONS is implicitly added and handled by the standard request handling.
session_get(key, default=None)[source]

Return the value of the session variable key, using the prefix-qualifed name for key

session_set(key, value)[source]

Set the value of the session variable key, using the prefix-qualifed name for key


Handle oauth bounce-back.


The page served when a user isn’t authorized. We’ll just set the return path if it’s available and then kick them through oauth2.


Return the user’s session as a json object. Can be used to retrieve user identity within other frontend services, or for debugging.


The login page. Start of the oauth dance. Construct a flow, get redirect, bounce the user.


Delete the user’s session, effectively logging them out.


This is the main endpoint used by nginx to check authorization. If this is an nginx request the X-Original-URI will be passed as an http header.


Return a copy of the settings dictionary including only the kwargs expected by OAuth2Session

class oauthsub.configuration.Configuration(rooturl=None, flask_debug=False, flask_privkey=None, response_header=None, allowed_domains=None, host=None, port=None, logdir=None, flaskopt=None, route_prefix=None, session_key_prefix=None, bypass_key=None, user_lookup=None, client_secrets=None, custom_template=None, enable_forbidden=True, server=None, **kwargs)[source]

Bases: object

Simple configuration object. Holds named members for different configuration options. Can be serialized to a dictionary which would be a valid kwargs for the constructor.

classmethod get_fields()[source]

Return a list of field names in constructor order.


Return a dictionary describing the configuration.

oauthsub.configuration.default_user_lookup(_, parsed_content)[source]

Default username resolution just returns the email address reported by the provider.

oauthsub.configuration.get_default(obj, default)[source]

If obj is not None then return it. Otherwise return default.

class oauthsub.util.ZipfileLoader(zipfile_path, directory)[source]

Bases: jinja2.loaders.BaseLoader

Jinja template loader capable of loading templates from a zipfile

get_source(environment, template)[source]

Get the template source, filename and reload helper for a template. It’s passed the environment and template name and has to return a tuple in the form (source, filename, uptodate) or raise a TemplateNotFound error if it can’t locate the template.

The source part of the returned tuple must be the source of the template as unicode string or a ASCII bytestring. The filename should be the name of the file on the filesystem if it was loaded from there, otherwise None. The filename is used by python for the tracebacks if no loader extension is used.

The last item in the tuple is the uptodate function. If auto reloading is enabled it’s always called to check if the template changed. No arguments are passed so the function must store the old state somewhere (for example in a closure). If it returns False the template will be reloaded.


If our module is loaded from a zipfile (e.g. a wheel or egg) then return the pair (zipfile_path, module_relpath) where zipfile_path is the path to the zipfile and module_relpath is the relative path within that zipfile.