The library supports OAuth 2.0 authentication flows including Client Credentials, Device Authorization Grant, and Authorization Code flows. This package is designed to make interaction with OAuth 2.0 flows as simple as possible.
- Client Credentials Flow: For machine-to-machine communication.
- Device Code Flow: For devices with limited input capabilities.
- Authorization Code Flow: For standard user authentication.
- Secure Token Storage: Integration with system keyring via
keyringandkeyrings.cryptfile. - OIDC Discovery: Automatic configuration using OpenID Connect discovery URLs.
pip install trino.oauth2Check out example.py in the repository for complete, runnable examples of all supported flows.
from trino.oauth2 import OAuth2Client, ClientCredentialsConfig, OidcConfig
# Configure the client
oauth_client = OAuth2Client(
config=ClientCredentialsConfig(
client_id="your-client-id",
client_secret="your-client-secret",
url_config=OidcConfig(oidc_discovery_url="https://auth.example.com/.well-known/openid-configuration")
)
)
# Fetch a token
token = oauth_client.token()
print(f"Access Token: {token}")The OAuth2Client can be configured with different flow configurations:
ClientCredentialsConfigDeviceCodeConfigAuthorizationCodeConfig
It also supports manual URL configuration via ManualUrlsConfig if OIDC discovery is not available.
The library supports secure token storage using keyrings.cryptfile.
To use an encrypted file backend for credentials:
export PYTHON_KEYRING_BACKEND=keyrings.cryptfile.cryptfile.CryptFileKeyring
export KEYRING_CRYPTFILE_PASSWORD=your_secure_passwordOr you can pass the password directly (less secure):
oauth_client = OAuth2Client(
config=...,
token_storage_password="your_secure_password"
)# Create virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements-dev.txtWe use pytest for testing. The end-to-end tests run against a Dockerized Hydra instance.
# Start Hydra
make start-hydra
# Run tests
pytest tests