google-oauth on python
Try implementing OpenID Connect with python. Transliterate Google documentation to understand how to implement it.
OAuth 2.0 explained
An overview of OAuth 2.0. abridgement.
Acquiring client IDs and secrets
Please note that there are three types of client IDs.
The oauth2client library
The ** oauth2client ** library is included in the Google APIs Client Library (Python). This library controls the OAuth 2.0 protocol for calling APIs all in steps.
Flows
The Flow class gives your app permission to access user data. Flow object functions help with multiple redirects required for data acquisition. The Flow object has credentials but is disposable. The credentials can be extracted and saved. There are many ways to use the Flow object.
flow_from_clientsecrets()
** oauth2client.client.flow_from_clientsecrets () ** creates a Flow object from the ** client_secrets.json ** file. This JSON format file stores the client ID, client secret and OAuth 2.0 parameters.
from oauth2client.client import flow_from_clientsecrets
...
flow = flow_from_clientsecrets('path_to_directory/client_secrets.json',
scope='https://www.googleapis.com/auth/calendar',
redirect_uri='http://example.com/auth_return')
OAuth2WebServerFlow
The ** oauth2client.client.OAuth2WebServerFlow ** class can be used in both installed and web apps. The constructor arguments are client ID, client secret, scope, and redirect URI. The URI must be controlled by your app.
from oauth2client.client import OAuth2WebServerFlow
...
flow = OAuth2WebServerFlow(client_id='your_client_id',
client_secret='your_client_secret',
scope='https://www.googleapis.com/auth/calendar',
redirect_uri='http://example.com/auth_return')
step1_get_authorize_url()
Generate the URI of the authentication server. Redirect when authentication is completed at the end of the URI.
auth_uri = flow.step1_get_authorize_url()
# Redirect the user to auth_uri on your platform.
If you are an authorized user, the server will redirect immediately. If unauthenticated, the authentication server asks the user for data permissions. If the user gives you data access, the server will return ** redirect_uri ** with a ** code ** query.
http://example.com/auth_return/?code=kACAH-1Ng1MImB...AA7acjdY9pTD9M
If the user does not grant access, ** redirect_uri ** will return a ** error ** query.
http://example.com/auth_return/?error=access_denied
step2_exchange()
The ** step2_exchange () ** function changes the Flow class to a ** Credentials ** object. Pass the ** code ** received by the authentication server as an argument.
credentials = flow.step2_exchange(code)
Credentials
The Credentials object holds a ** refresh token ** and a ** access token ** that access a single user's data. This object adapts the * httplib2.Http * object for access authorization. It only needs to be adapted once and can be saved after authentication. Here are some ways to create a Credentials object.
OAuth2Credentials
The ** oauth2client.client.OAuth2Credentials ** class holds OAuth 2.0 credentials to access user data. Normally, this object is not created from the constructor. It can be created from a Flow object.
ServiceAccountCredentials
Use the ** oauth2client.service_account.ServiceAccountCredentials ** class only for OAuth 2.0 Service Accounts. It doesn't matter because the end user doesn't call the API used to communicate between the servers. Therefore, this object is created directly without going through Flow.
AccessTokenCredentials
Use the ** oauth2client.client.AccessTokenCredentials ** class if you have already acquired an access token for some reason. You can create this object without going through the Flow object.
authorize()
The ** authorize () ** function of the ** Credentials ** class is used to apply authentication headers from the httplib2.Http instance to all requests.
import httplib2
...
http = httplib2.Http()
http = credentials.authorize(http)
If the httplib2.Http object is already authenticated, you typically pass it using the ** build ** function.
from apiclient.discovery import build
...
service = build('calendar', 'v3', http=http)
Storage
The ** oauth2client.client.Storage ** object stores and retrieves ** Credentials **. Explains how to create an object and how to use it.
file.Storage
The ** oauth2client.file.Storage ** class can store and retrieve one ** Credentials ** class. Supports parallel processing for a single storage. Below are how to open the file, how to save the credentials, and how to retrieve them.
from oauth2client.file import Storage
...
storage = Storage('a_credentials_file')
storage.put(credentials)
...
credentials = storage.get()
Recommended Posts