OAuth2

OAuth2

https://oauth.net/2/

OAuth 2.0

OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.

 

WHY?

https://www.tutorialspoint.com/oauth2.0/oauth2.0_overview.htm

 

Why Use OAuth 2.0?

• You can use OAuth 2.0 to read data of a user from another application.

• It supplies the authorization workflow for web, desktop applications, and mobile devices.

• It is a server side web app that uses authorization code and does not interact with user credentials.

 

workflow

https://www.tutorialspoint.com/oauth2.0/oauth2.0_architecture.htm

In this chapter, we will discuss the architectural style of OAuth 2.0.

Step 1 − First, the user accesses resources using the client application such as Google, Facebook, Twitter, etc.

Step 2 − Next, the client application will be provided with the client id and client password during registering the redirect URI (Uniform Resource Identifier).

Step 3 − The user logs in using the authenticating application. The client ID and client password is unique to the client application on the authorization server.

Step 4 − The authenticating server redirects the user to a redirect Uniform Resource Identifier (URI) using authorization code.

Step 5 − The user accesses the page located at redirect URI in the client application.

Step 6 − The client application will be provided with the authentication code, client id and client password, and send them to the authorization server.

Step 7 − The authenticating application returns an access token to the client application.

Step 8 − Once the client application gets an access token, the user starts accessing the resources of the resource owner using the client application.

 

成熟库支持

https://docs.authlib.org/en/latest/index.html

The ultimate Python library in building OAuth and OpenID Connect servers. It is designed from low level specifications implementations to high level frameworks integrations, to meet the needs of everyone.

Authlib is compatible with Python3.6+.

 

OAuth server例子

https://github.com/authlib/example-oauth2-server

样例实现参考。

How to create an OAuth 2.0 Provider

This is an example of OAuth 2.0 server in Authlib. If you are looking for old Flask-OAuthlib implementation, check the flask-oauthlib branch.

• Documentation: https://docs.authlib.org/en/latest/flask/2/
• Authlib Repo: https://github.com/lepture/authlib

、

OAuth client

https://github.com/authlib/demo-oauth-client

 

另外一个库

https://github.com/joestump/python-oauth2

虽然也有2千星，但是缺少文档支持，且最近几年都没有维护，不推荐。