oauthsub package¶
Module contents¶
This lightweight web service performs authentication. All requests that reach this service should be proxied through nginx.
See: https://developers.google.com/api-client-library/python/auth/web-app
-
class
oauthsub.auth_service.
Application
(app_config)[source]¶ Bases:
flask.app.Flask
Main application context. Exists as a class to keep things local… even though flask is all about the global state.
-
route
(rule, **options)[source]¶ A decorator that is used to register a view function for a given URL rule. This does the same thing as
add_url_rule()
but is intended for decorator usage:@app.route('/') def index(): return 'Hello World'
For more information refer to url-route-registrations.
Parameters: - rule – the URL rule as string
- endpoint – the endpoint for the registered URL rule. Flask itself assumes the name of the view function as endpoint
- options – the options to be forwarded to the underlying
Rule
object. A change to Werkzeug is handling of method options. methods is a list of methods this rule should be limited to (GET
,POST
etc.). By default a rule just listens forGET
(and implicitlyHEAD
). Starting with Flask 0.6,OPTIONS
is implicitly added and handled by the standard request handling.
-
-
oauthsub.auth_service.
forbidden
()[source]¶ The page served when a user isn’t authorized. We’ll just set the return path if it’s available and then kick them through oauth2.
-
oauthsub.auth_service.
get_session
()[source]¶ Return the user’s session as a json object. Can be used to retrieve user identity within other frontend services, or for debugging.
-
oauthsub.auth_service.
login
()[source]¶ The login page. Start of the oauth dance. Construct a flow, get redirect, bounce the user.
-
oauthsub.auth_service.
query_auth
()[source]¶ This is the main endpoint used by nginx to check authorization. If this is an nginx request the X-Original-URI will be passed as an http header.
-
oauthsub.auth_service.
strip_settings
(settings_dict)[source]¶ Return a copy of the settings dictionary including only the kwargs expected by OAuth2Session
-
class
oauthsub.configuration.
Configuration
(rooturl=None, flask_debug=False, flask_privkey=None, response_header=None, allowed_domains=None, host=None, port=None, logdir=None, flaskopt=None, route_prefix=None, session_key_prefix=None, bypass_key=None, user_lookup=None, client_secrets=None, custom_template=None, enable_forbidden=True, server=None, **kwargs)[source]¶ Bases:
object
Simple configuration object. Holds named members for different configuration options. Can be serialized to a dictionary which would be a valid kwargs for the constructor.
-
oauthsub.configuration.
default_user_lookup
(_, parsed_content)[source]¶ Default username resolution just returns the email address reported by the provider.
-
oauthsub.configuration.
get_default
(obj, default)[source]¶ If obj is not None then return it. Otherwise return default.
-
class
oauthsub.util.
ZipfileLoader
(zipfile_path, directory)[source]¶ Bases:
jinja2.loaders.BaseLoader
Jinja template loader capable of loading templates from a zipfile
-
get_source
(environment, template)[source]¶ Get the template source, filename and reload helper for a template. It’s passed the environment and template name and has to return a tuple in the form
(source, filename, uptodate)
or raise a TemplateNotFound error if it can’t locate the template.The source part of the returned tuple must be the source of the template as unicode string or a ASCII bytestring. The filename should be the name of the file on the filesystem if it was loaded from there, otherwise None. The filename is used by python for the tracebacks if no loader extension is used.
The last item in the tuple is the uptodate function. If auto reloading is enabled it’s always called to check if the template changed. No arguments are passed so the function must store the old state somewhere (for example in a closure). If it returns False the template will be reloaded.
-