{"id":15297411,"url":"https://github.com/abestanis/txoauth2","last_synced_at":"2025-04-13T23:16:13.049Z","repository":{"id":78940331,"uuid":"84733129","full_name":"Abestanis/TxOauth2","owner":"Abestanis","description":"OAuth2 server implementation for twisted","archived":false,"fork":false,"pushed_at":"2021-06-06T20:19:44.000Z","size":482,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-13T23:16:05.744Z","etag":null,"topics":["oauth2","oauth2-provider","oauth2-server","protected-resources","python","python2","python3","twisted"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Abestanis.png","metadata":{"files":{"readme":"README.md","changelog":"changelogs/1.2.1.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-12T14:46:33.000Z","updated_at":"2023-10-20T16:56:45.000Z","dependencies_parsed_at":"2023-07-10T08:15:58.545Z","dependency_job_id":null,"html_url":"https://github.com/Abestanis/TxOauth2","commit_stats":{"total_commits":187,"total_committers":2,"mean_commits":93.5,"dds":0.005347593582887722,"last_synced_commit":"fc1d9401009610084189afe48bd8df4db933c825"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Abestanis%2FTxOauth2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Abestanis%2FTxOauth2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Abestanis%2FTxOauth2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Abestanis%2FTxOauth2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Abestanis","download_url":"https://codeload.github.com/Abestanis/TxOauth2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248794569,"owners_count":21162615,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oauth2","oauth2-provider","oauth2-server","protected-resources","python","python2","python3","twisted"],"created_at":"2024-09-30T19:17:19.384Z","updated_at":"2025-04-13T23:16:13.023Z","avatar_url":"https://github.com/Abestanis.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TxOAuth2 [![Build Status](https://github.com/Abestanis/TxOauth2/workflows/Tests/badge.svg)](https://github.com/Abestanis/TxOauth2/actions) [![codecov](https://codecov.io/gh/Abestanis/TxOauth2/branch/master/graph/badge.svg)](https://codecov.io/gh/Abestanis/TxOauth2)\nThis Python module helps to implement an OAuth2 Endpoint in Twisted and provides mechanism to protect resources with OAuth2 authentication.\n\n## Usage\n\nA sample usage can be found in the [example folder](https://github.com/Abestanis/TxOauth2/blob/master/example/main.py).\n\n\nYou will need to create a [TokenResource](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/token.py#L194) \nand an OAuth2 endpoint by subclassing the [OAuth2 class](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/resource.py#L38)\nand insert them somewhere into your server hierarchy. Add both at the same place by using the\nfollowing code (see [the example](https://github.com/Abestanis/TxOauth2/blob/master/example/main.py#L129)):\n```python\nroot.putChild(b\"oauth2\", OAuth2Subclass.initFromTokenResource(tokenResource, subPath=b\"token\"))\n```\n\nDepending on which OAuth2 grant flows you want to support, you may not need both resources.\nThe [Implicit Grant](https://tools.ietf.org/html/rfc6749#section-1.3.2) only needs the OAuth2 endpoint, \nthe [Authorization Code Grant](https://tools.ietf.org/html/rfc6749#section-1.3.1) needs both, and the others only need the TokenResource.\nSee the [specification](https://tools.ietf.org/html/rfc6749#section-1.3) for an indepth explanation of the grant flows.\nYou can enable the flows by adding the [GrantType](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/granttypes.py) \nto the list passed as the ```grantType``` Parameter to the OAuth2 and TokenResource endpoints.\nIt is best to only enable as few grant types as possible.\n\nThe [Authorization Code Grant](https://tools.ietf.org/html/rfc6749#section-1.3.1) flow is the most commonly used, but it is also the most complicated to implement:\nThe OAuth2 subclass will need to overwrite the [onAuthenticate](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/resource.py#L241) method.\nThis method will be called, when a [User](#terminology) is redirected to your server by a [Client](#terminology) to authorize access to some [scope](#terminology) by the client.\nWithin the method, you should serve or redirect to a page that allows the user to authorize the client.\nSee [here](https://www.oauth.com/oauth2-servers/scope/user-interface/) to get an idea of how such a page could look like.\nIf the user approves the authorization, you need to call [grantAccess](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/resource.py#L300)\nor [denyAccess](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/resource.py#L276) if the user denies.\n\nTo protect your resources you need to either use the [oauth](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/authorization.py#L88)\ndecorator on the ```render_*``` methods of your resources or check the result of [isAuthorized](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/authorization.py#L47)\nas demonstrated [here](https://github.com/Abestanis/TxOauth2/blob/master/example/main.py#L40).\n\nFinally, you need to register the [Clients](#terminology) by storing them in your implementation of \nthe [ClientStorage](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/clients.py#L18).\n\nThis module does not deal with token storage, creation and validation, client storage, persistent storage or user password-management.\nDepending on the enabled grant types you will need to implement a \n[TokenFactory](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/token.py#L23),\n[TokenStorage](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/token.py#L43),\n[PersistentStorage](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/token.py#L142),\n[ClientStorage](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/clients.py#L18) and \n[UserPasswordManager](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/token.py#L175).\nA few implementations of these interfaces can be found in the [imp package](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/imp.py).\nYou may also use the tests in the ````tests```` directory to verify the expected behaviour of your implementation.\n\n## Installation\n\nRun ```pip install txoauth2``` or download the wheel from [PyPI](https://pypi.org/project/txoauth2/) or [Github](https://github.com/Abestanis/TxOauth2/releases).\n\n## Terminology\n\n* __User__: A user, also called the resource owner, is the actual owner of a resource. He can grant access to the resource to a client. It is up to you to identify and authenticate a user. You can pass additionalData to ```grantAccess``` that identifies an user. This additional data will be passed to the token generator and storage, which allows for the user information to be encoded into the token.\n* __Client__: A client is another application that wants to access a protected resource that is owned by the user. The client has no rights if they have not been explicitly granted by the user. Clients are represented by subclasses of the [Client class](https://github.com/Abestanis/TxOauth2/blob/master/txoauth2/clients.py#L52).\n* __Token__: There are two types of tokens: Access Tokens and Refresh Tokens. Access Tokens allow access to a protected resource. If they expire, the client can use the Refresh Token to generate a new Access Token. [A token can only contain alphanumeric and the following characters](https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/#token): ```-._~+/```\n* __Scope__: A scope identifies a range collection of resources that a client can request access to. The meaning of individual scope names are not fixed, it is up to the server maintainer to define the scopes known to the server and their meaning.\n\n## Security\n\nThe OAuth2 specification requires that the protected resource and the OAuth2 endpoint are served via a secure connection (e.g., `https`).\nTo allow insecure connections for local testing, pass ```allowInsecureRequestDebug=True``` where it is accepted.\n__Do not do this__ in your real server because everybody will be able to read the tokens and use them to access the protected resources!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabestanis%2Ftxoauth2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabestanis%2Ftxoauth2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabestanis%2Ftxoauth2/lists"}