OAuthlib authentication support for Requests.
This project provides first-class OAuth library support for Requests <http://python-requests.org>
_.
OAuth 1 can seem overly complicated and it sure has its quirks. Luckily, requests_oauthlib hides most of these and let you focus at the task at hand.
Accessing protected resources using requests_oauthlib is as simple as:
.. code-block:: pycon
>>> from requests_oauthlib import OAuth1Session
>>> twitter = OAuth1Session('client_key',
client_secret='client_secret',
resource_owner_key='resource_owner_key',
resource_owner_secret='resource_owner_secret')
>>> url = 'https://api.twitter.com/1/account/settings.json'
>>> r = twitter.get(url)
Before accessing resources you will need to obtain a few credentials from your
provider (e.g. Twitter) and authorization from the user for whom you wish to
retrieve resources for. You can read all about this in the full
OAuth 1 workflow guide on RTD <https://requests-oauthlib.readthedocs.io/en/latest/oauth1_workflow.html>
_.
OAuth 2 is generally simpler than OAuth 1 but comes in more flavours. The most common being the Authorization Code Grant, also known as the WebApplication flow.
Fetching a protected resource after obtaining an access token can be extremely
simple. However, before accessing resources you will need to obtain a few
credentials from your provider (e.g. Google) and authorization from the user
for whom you wish to retrieve resources for. You can read all about this in the
full OAuth 2 workflow guide on RTD <https://requests-oauthlib.readthedocs.io/en/latest/oauth2_workflow.html>
_.
To install requests and requests_oauthlib you can use pip:
.. code-block:: bash
$ pip install requests requests_oauthlib
.. |build-status| image:: https://github.com/requests/requests-oauthlib/actions/workflows/run-tests.yml/badge.svg :target: https://github.com/requests/requests-oauthlib/actions .. |coverage-status| image:: https://img.shields.io/coveralls/requests/requests-oauthlib.svg :target: https://coveralls.io/r/requests/requests-oauthlib .. |docs| image:: https://readthedocs.org/projects/requests-oauthlib/badge/ :alt: Documentation Status :scale: 100% :target: https://requests-oauthlib.readthedocs.io/
v1.3.1 (21 January 2022) ++++++++++++++++++++++++
v1.3.0 (6 November 2019) ++++++++++++++++++++++++
force_querystring
argument to fetch_token() method on OAuth2Sessionv1.2.0 (14 January 2019) ++++++++++++++++++++++++
auth
because OAuth2Session objects and methods acceept an auth
paramether which is
typically an instance of requests.auth.HTTPBasicAuth
OAuth2Session.fetch_token
previously tried to guess how and where to provide
"client" and "user" credentials incorrectly. This was incompatible with some
OAuth servers and incompatible with breaking changes in oauthlib that seek to
correctly provide the client_id
. The older implementation also did not raise
the correct exceptions when username and password are not present on Legacy
clients.v1.1.0 (9 January 2019) +++++++++++++++++++++++
oauthlib
dependency: this project is
not yet compatible with oauthlib
3.0.0.nose
.v1.0.0 (4 June 2018) ++++++++++++++++++++
token
property to OAuth1Session, to match the corresponding
token
property on OAuth2Session.v0.8.0 (14 February 2017) +++++++++++++++++++++++++
auth
to several
methods would encounter conflicts with the client_id
and
client_secret
-derived auth. The user-supplied auth
argument is now
used in preference to those options.v0.7.0 (22 September 2016) ++++++++++++++++++++++++++
OAuth2Session.request
to take the client_id
and
client_secret
parameters for the purposes of automatic token refresh,
which may need them.v0.6.2 (12 July 2016) +++++++++++++++++++++
client_id
and client_secret
for the Authorization header if
provided.auth=False
.proxies
kwarg when refreshing tokens.v0.6.1 (19 February 2016) +++++++++++++++++++++++++
fetch_request_token
and fetch_access_token
.v0.6.0 (14 December 2015) +++++++++++++++++++++++++
TokenRequestDenied
exceptions now carry the entire response, not just the
status code.v0.5.0 (4 May 2015) +++++++++++++++++++
TypeError
being raised instead of TokenMissing
error.AttributeError
when initializing the OAuth2Session
class
without complete client information.v0.4.2 (16 October 2014) ++++++++++++++++++++++++
authorized
property on OAuth1Session and OAuth2Session, which allows
you to easily determine if the session is already authorized with OAuth tokens
or not.TokenMissing
and VerifierMissing
exception classes for OAuth1Session:
this will make it easier to catch and identify these exceptions.v0.4.1 (6 June 2014) ++++++++++++++++++++
[rsa]
for people using OAuth1 RSA-SHA1 signature
method.OAUTHLIB_INSECURE_TRANSPORT
.requests_oauthlib
namespace instead
of piggybacking on oauthlib namespace.v0.4.0 (29 September 2013) ++++++++++++++++++++++++++