A guide on OAuth2 concepts and using it from Python.
What is OAuth2? Internet users commonly log into various web services using their Google, Twitter or Facebook accounts. This removes the hassle of dealing with account registration process and keeping track of yet another password or, in the worst case, giving yet another service the same password used everywhere. Those web services often offer additional features like linking their friends together, but only if users give them permissions. This flexibility is enabled by OAuth protocol.
Working with OAuth protocol is a part of web developers life, and the realities of life sometimes force us to use the shortest path to solution. With OAuth protocol we usually resort to search for a library that will solve our problems, plug it in, set a few settings, read a bit of documentation from a web service that we’ll use and we can continue our life perfectly ignorant of some of the underlying mechanisms.
We’ve written a guide intended to dispel some of the fog related to OAuth. Guide is intended for Python developers wishing to learn what really happens in OAuth. We’ll use Requests library to make various calls easily understandable, and Django web framework to make simple HTTP endpoints, but the guide should be useful no matter which (if any) web framework you use. We’ll talk to GitHub and Facebook services.
So, if you’re interested in going through simple examples of handling OAuth protocol flow manually, grab a copy of the OAuth2 for Python programmers guide (PDF) and dive in.
We’d love to hear your comments about the guide (and if you spot an error somewhere in it, please do tell!), and of course, if you find it useful, please share.