oauth2client.contrib.appengine module¶
Utilities for Google App Engine
Utilities for making it easier to use OAuth 2.0 on Google App Engine.
-
class
oauth2client.contrib.appengine.
AppAssertionCredentials
(**kwargs)[source]¶ Bases:
oauth2client.client.AssertionCredentials
Credentials object for App Engine Assertion Grants
This object will allow an App Engine application to identify itself to Google and other OAuth 2.0 servers that can verify assertions. It can be used for the purpose of accessing data stored under an account assigned to the App Engine application itself.
This credential does not require a flow to instantiate because it represents a two legged flow, and therefore has all of the required information to generate and refresh its own access tokens.
-
create_scoped
(scopes)[source]¶ Create a Credentials object for the given scopes.
The Credentials type is preserved.
-
create_scoped_required
()[source]¶ Whether this Credentials object is scopeless.
create_scoped(scopes) method needs to be called in order to create a Credentials object for API calls.
-
classmethod
from_json
(json_data)[source]¶ Instantiate a Credentials object from a JSON description of it.
The JSON should have been produced by calling .to_json() on the object.
Parameters: json_data – string or bytes, JSON to deserialize. Returns: An instance of a Credentials subclass.
-
serialization_data
¶
-
service_account_email
¶ Get the email for the current service account.
Returns: string, The email associated with the Google App Engine service account.
-
sign_blob
(blob)[source]¶ Cryptographically sign a blob (of bytes).
Implements abstract method
oauth2client.client.AssertionCredentials.sign_blob()
.Parameters: blob – bytes, Message to be signed. Returns: tuple, A pair of the private key ID used to sign the blob and the signed contents.
-
-
class
oauth2client.contrib.appengine.
OAuth2Decorator
(**kwargs)[source]¶ Bases:
object
Utility for making OAuth 2.0 easier.
Instantiate and then use with oauth_required or oauth_aware as decorators on webapp.RequestHandler methods.
decorator = OAuth2Decorator( client_id='837...ent.com', client_secret='Qh...wwI', scope='https://www.googleapis.com/auth/plus') class MainHandler(webapp.RequestHandler): @decorator.oauth_required def get(self): http = decorator.http() # http is authorized with the user's Credentials and can be # used in API calls
Returns the URL to start the OAuth dance.
Must only be called from with a webapp.RequestHandler subclassed method that had been decorated with either @oauth_required or @oauth_aware.
-
callback_application
()[source]¶ WSGI application for handling the OAuth 2.0 redirect callback.
If you need finer grained control use callback_handler which returns just the webapp.RequestHandler.
Returns: A webapp.WSGIApplication that handles the redirect back from the server during the OAuth 2.0 dance.
-
callback_handler
()[source]¶ RequestHandler for the OAuth 2.0 redirect callback.
Usage:
app = webapp.WSGIApplication([ ('/index', MyIndexHandler), ..., (decorator.callback_path, decorator.callback_handler()) ])
Returns: A webapp.RequestHandler that handles the redirect back from the server during the OAuth 2.0 dance.
-
callback_path
¶ The absolute path where the callback will occur.
Note this is the absolute path, not the absolute URI, that will be calculated by the decorator at runtime. See callback_handler() for how this should be used.
Returns: The callback path as a string.
-
credentials
¶ A thread local Credentials object.
Returns: A client.Credentials object, or None if credentials hasn’t been set in this thread yet, which may happen when calling has_credentials inside oauth_aware.
-
flow
¶ A thread local Flow object.
Returns: A credentials.Flow object, or None if the flow hasn’t been set in this thread yet, which happens in _create_flow() since Flows are created lazily.
-
get_credentials
()[source]¶ A thread local Credentials object.
Returns: A client.Credentials object, or None if credentials hasn’t been set in this thread yet, which may happen when calling has_credentials inside oauth_aware.
-
get_flow
()[source]¶ A thread local Flow object.
Returns: A credentials.Flow object, or None if the flow hasn’t been set in this thread yet, which happens in _create_flow() since Flows are created lazily.
-
has_credentials
()[source]¶ True if for the logged in user there are valid access Credentials.
Must only be called from with a webapp.RequestHandler subclassed method that had been decorated with either @oauth_required or @oauth_aware.
-
http
(*args, **kwargs)[source]¶ Returns an authorized http instance.
Must only be called from within an @oauth_required decorated method, or from within an @oauth_aware decorated method where has_credentials() returns True.
Parameters: - *args – Positional arguments passed to httplib2.Http constructor.
- **kwargs – Positional arguments passed to httplib2.Http constructor.
-
oauth_aware
(method)[source]¶ Decorator that sets up for OAuth 2.0 dance, but doesn’t do it.
Does all the setup for the OAuth dance, but doesn’t initiate it. This decorator is useful if you want to create a page that knows whether or not the user has granted access to this application. From within a method decorated with @oauth_aware the has_credentials() and authorize_url() methods can be called.
Parameters: method – callable, to be decorated method of a webapp.RequestHandler instance.
-
class
oauth2client.contrib.appengine.
OAuth2DecoratorFromClientSecrets
(**kwargs)[source]¶ Bases:
oauth2client.contrib.appengine.OAuth2Decorator
An OAuth2Decorator that builds from a clientsecrets file.
Uses a clientsecrets file as the source for all the information when constructing an OAuth2Decorator.
decorator = OAuth2DecoratorFromClientSecrets( os.path.join(os.path.dirname(__file__), 'client_secrets.json') scope='https://www.googleapis.com/auth/plus') class MainHandler(webapp.RequestHandler): @decorator.oauth_required def get(self): http = decorator.http() # http is authorized with the user's Credentials and can be # used in API calls
-
class
oauth2client.contrib.appengine.
StorageByKeyName
(**kwargs)[source]¶ Bases:
oauth2client.client.Storage
Store and retrieve a credential to and from the App Engine datastore.
This Storage helper presumes the Credentials have been stored as a CredentialsProperty or CredentialsNDBProperty on a datastore model class, and that entities are stored by key_name.
-
locked_delete
¶
-
locked_get
¶
-
locked_put
¶
-
-
oauth2client.contrib.appengine.
oauth2decorator_from_clientsecrets
(*args, **kwargs)[source]¶ Creates an OAuth2Decorator populated from a clientsecrets file.
Parameters: - filename – string, File name of client secrets.
- scope – string or list of strings, scope(s) of the credentials being requested.
- message – string, A friendly string to display to the user if the clientsecrets file is missing or invalid. The message may contain HTML and will be presented on the web interface for any method that uses the decorator.
- cache – An optional cache service client that implements get() and set() methods. See clientsecrets.loadfile() for details.
Returns: An OAuth2Decorator