oauth2.client_authenticator — Client authentication

Every client that sends a request to obtain an access token needs to authenticate with the provider.

The authentication of confidential clients can be handled in several ways, some of which come bundled with this module.

class oauth2.client_authenticator.ClientAuthenticator(client_store, source)[source]

Handles authentication of a client both by its identifier as well as by its identifier and secret.

Parameters:
  • client_store (oauth2.store.ClientStore) – The Client Store to retrieve a client from.
  • source (callable) – A callable that returns a tuple (<client_id>, <client_secret>)
by_identifier(request)[source]

Authenticates a client by its identifier.

Parameters:

request (oauth2.web.Request) – The incoming request

Returns:

The identified client

Return type:

oauth2.datatype.Client

Raises:
class OAuthInvalidNoRedirectError:
 
by_identifier_secret(request)[source]

Authenticates a client by its identifier and secret (aka password).

Parameters:request (oauth2.web.Request) – The incoming request
Returns:The identified client
Return type:oauth2.datatype.Client
Raises:OAuthInvalidError – If the client could not be found, is not allowed to to use the current grant or supplied invalid credentials
oauth2.client_authenticator.http_basic_auth(request)[source]

Extracts the credentials of a client using HTTP Basic Auth.

Expects the client_id to be the username and the client_secret to be the password part of the Authorization header.

Parameters:request (oauth2.web.Request) – The incoming request
Returns:A tuple in the format of (<CLIENT ID>, <CLIENT SECRET>)`
Return type:tuple
oauth2.client_authenticator.request_body(request)[source]

Extracts the credentials of a client from the application/x-www-form-urlencoded body of a request.

Expects the client_id to be the value of the client_id parameter and the client_secret to be the value of the client_secret parameter.

Parameters:request (oauth2.web.Request) – The incoming request
Returns:A tuple in the format of (<CLIENT ID>, <CLIENT SECRET>)
Return type:tuple