Allow 'oob' as a callback_uri per OAuth spec section 2.1 #573

Merged
merged 1 commit into from Jul 31, 2012

Projects

None yet

2 participants

@ewdurbin
Contributor

reopening based on: #570

changes to allow 'Out of Band' OAuth.

example usage as modified from existing documentation:

server-side

class TwitterHandler(tornado.web.RequestHandler,
                     tornado.auth.TwitterMixin):
    @tornado.web.asynchronous
    def get(self):
        if self.get_argument("oauth_token", None):
            self.get_authenticated_user(self.async_callback(self._on_auth))
            return
        if self.get_argument("oob", None):
            self.authorize_redirect(callback_uri="oob")
        else:
            self.authorize_redirect(callback_uri=self.request.full_url())

    def _on_auth(self, user):
        if not user:
            raise tornado.web.HTTPError(500, "Twitter auth failed")
        # Save the user using, e.g., set_secure_cookie()

client

import urllib
import urllib2
import urlparse
import cookielib

class HTTPConnector:

    def __init__(self):
        self.cj = cookielib.CookieJar()
        self.opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(self.cj))

    def make_request(self, url, data=None):
        if data:
            encoded_data = urllib.urlencode(data)
            return self.opener.open(url, encoded_data)
        return self.opener.open(url)

conn = HTTPConnector()
resp = conn.make_request("%s/signin?oob=true" % "http://localhost:8887")
oob_url = resp.read()
query_string = urlparse.urlparse(oob_url)[4]
oauth_token = urlparse.parse_qs(query_string)['oauth_token'][0]
print "Navigate to this URL and return with the pin:\n%s" % oob_url
pin = raw_input("pin?: ")
resp = conn.make_request("%s/signin?oauth_token=%s&oauth_verifier=%s" % ("http://localhost:8887", oauth_token, pin))
print resp.read()
@bdarnell bdarnell merged commit 303e963 into tornadoweb:master Jul 31, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment