oauth2client.appengine module

Utilities for Google App Engine

Utilities for making it easier to use OAuth 2.0 on Google App Engine.

class oauth2client.appengine.AppAssertionCredentials(*args, **kwargs)[source]

Bases: oauth2client.client.AssertionCredentials

Credentials object for App Engine Assertion Grants

This object will allow an App Engine application to identify itself to Google and other OAuth 2.0 servers that can verify assertions. It can be used for the purpose of accessing data stored under an account assigned to the App Engine application itself.

This credential does not require a flow to instantiate because it represents a two legged flow, and therefore has all of the required information to generate and refresh its own access tokens.

create_scoped(scopes)[source]
create_scoped_required()[source]
classmethod from_json(json_data)[source]
serialization_data
class oauth2client.appengine.CredentialsModel(parent=None, key_name=None, _app=None, _from_entity=False, **kwds)[source]

Bases: google.appengine.ext.db.Model

Storage for OAuth 2.0 Credentials

Storage of the model is keyed by the user.user_id().

credentials

App Engine datastore Property for Credentials.

Utility property that allows easy storage and retrieval of oath2client.Credentials

class oauth2client.appengine.CredentialsNDBModel(*args, **kwds)[source]

Bases: google.appengine.ext.ndb.model.Model

NDB Model for storage of OAuth 2.0 Credentials

Since this model uses the same kind as CredentialsModel and has a property which can serialize and deserialize Credentials correctly, it can be used interchangeably with a CredentialsModel to access, insert and delete the same entities. This simply provides an NDB model for interacting with the same data the DB model interacts with.

Storage of the model is keyed by the user.user_id().

credentials

App Engine NDB datastore Property for Credentials.

Serves the same purpose as the DB CredentialsProperty, but for NDB models. Since CredentialsProperty stores data as a blob and this inherits from BlobProperty, the data in the datastore will be the same as in the DB case.

Utility property that allows easy storage and retrieval of Credentials and subclasses.

class oauth2client.appengine.CredentialsNDBProperty(*args, **kwds)[source]

Bases: google.appengine.ext.ndb.model.BlobProperty

App Engine NDB datastore Property for Credentials.

Serves the same purpose as the DB CredentialsProperty, but for NDB models. Since CredentialsProperty stores data as a blob and this inherits from BlobProperty, the data in the datastore will be the same as in the DB case.

Utility property that allows easy storage and retrieval of Credentials and subclasses.

class oauth2client.appengine.CredentialsProperty(verbose_name=None, name=None, default=None, required=False, validator=None, choices=None, indexed=True)[source]

Bases: google.appengine.ext.db.Property

App Engine datastore Property for Credentials.

Utility property that allows easy storage and retrieval of oath2client.Credentials

data_type

alias of Credentials

get_value_for_datastore(model_instance)[source]
make_value_from_datastore(value)[source]
validate(value)[source]
class oauth2client.appengine.FlowNDBProperty(*args, **kwds)[source]

Bases: google.appengine.ext.ndb.model.PickleProperty

App Engine NDB datastore Property for Flow.

Serves the same purpose as the DB FlowProperty, but for NDB models. Since PickleProperty inherits from BlobProperty, the underlying representation of the data in the datastore will be the same as in the DB case.

Utility property that allows easy storage and retrieval of an oauth2client.Flow

class oauth2client.appengine.FlowProperty(verbose_name=None, name=None, default=None, required=False, validator=None, choices=None, indexed=True)[source]

Bases: google.appengine.ext.db.Property

App Engine datastore Property for Flow.

Utility property that allows easy storage and retrieval of an oauth2client.Flow

data_type

alias of Flow

empty(value)[source]
get_value_for_datastore(model_instance)[source]
make_value_from_datastore(value)[source]
validate(value)[source]
exception oauth2client.appengine.InvalidClientSecretsError[source]

Bases: exceptions.Exception

The client_secrets.json file is malformed or missing required fields.

exception oauth2client.appengine.InvalidXsrfTokenError[source]

Bases: exceptions.Exception

The XSRF token is invalid or expired.

class oauth2client.appengine.OAuth2Decorator(*args, **kwargs)[source]

Bases: object

Utility for making OAuth 2.0 easier.

Instantiate and then use with oauth_required or oauth_aware as decorators on webapp.RequestHandler methods.

decorator = OAuth2Decorator(
    client_id='837...ent.com',
    client_secret='Qh...wwI',
    scope='https://www.googleapis.com/auth/plus')

class MainHandler(webapp.RequestHandler):
    @decorator.oauth_required
    def get(self):
        http = decorator.http()
        # http is authorized with the user's Credentials and can be
        # used in API calls
authorize_url()[source]

Returns the URL to start the OAuth dance.

Must only be called from with a webapp.RequestHandler subclassed method that had been decorated with either @oauth_required or @oauth_aware.

callback_application()[source]

WSGI application for handling the OAuth 2.0 redirect callback.

If you need finer grained control use callback_handler which returns just the webapp.RequestHandler.

Returns:A webapp.WSGIApplication that handles the redirect back from the server during the OAuth 2.0 dance.
callback_handler()[source]

RequestHandler for the OAuth 2.0 redirect callback.

Usage:

app = webapp.WSGIApplication([
    ('/index', MyIndexHandler),
    ...,
    (decorator.callback_path, decorator.callback_handler())
])
Returns:A webapp.RequestHandler that handles the redirect back from the server during the OAuth 2.0 dance.
callback_path

The absolute path where the callback will occur.

Note this is the absolute path, not the absolute URI, that will be calculated by the decorator at runtime. See callback_handler() for how this should be used.

Returns:The callback path as a string.
credentials

A thread local Credentials object.

Returns:A client.Credentials object, or None if credentials hasn’t been set in this thread yet, which may happen when calling has_credentials inside oauth_aware.
flow

A thread local Flow object.

Returns:A credentials.Flow object, or None if the flow hasn’t been set in this thread yet, which happens in _create_flow() since Flows are created lazily.
get_credentials()[source]

A thread local Credentials object.

Returns:A client.Credentials object, or None if credentials hasn’t been set in this thread yet, which may happen when calling has_credentials inside oauth_aware.
get_flow()[source]

A thread local Flow object.

Returns:A credentials.Flow object, or None if the flow hasn’t been set in this thread yet, which happens in _create_flow() since Flows are created lazily.
has_credentials()[source]

True if for the logged in user there are valid access Credentials.

Must only be called from with a webapp.RequestHandler subclassed method that had been decorated with either @oauth_required or @oauth_aware.

http(*args, **kwargs)[source]

Returns an authorized http instance.

Must only be called from within an @oauth_required decorated method, or from within an @oauth_aware decorated method where has_credentials() returns True.

Parameters:
  • *args – Positional arguments passed to httplib2.Http constructor.
  • **kwargs – Positional arguments passed to httplib2.Http constructor.
oauth_aware(method)[source]

Decorator that sets up for OAuth 2.0 dance, but doesn’t do it.

Does all the setup for the OAuth dance, but doesn’t initiate it. This decorator is useful if you want to create a page that knows whether or not the user has granted access to this application. From within a method decorated with @oauth_aware the has_credentials() and authorize_url() methods can be called.

Parameters:method – callable, to be decorated method of a webapp.RequestHandler instance.
oauth_required(method)[source]

Decorator that starts the OAuth 2.0 dance.

Starts the OAuth dance for the logged in user if they haven’t already granted access for this application.

Parameters:method – callable, to be decorated method of a webapp.RequestHandler instance.
set_credentials(credentials)[source]
set_flow(flow)[source]
class oauth2client.appengine.OAuth2DecoratorFromClientSecrets(*args, **kwargs)[source]

Bases: oauth2client.appengine.OAuth2Decorator

An OAuth2Decorator that builds from a clientsecrets file.

Uses a clientsecrets file as the source for all the information when constructing an OAuth2Decorator.

decorator = OAuth2DecoratorFromClientSecrets(
    os.path.join(os.path.dirname(__file__), 'client_secrets.json')
    scope='https://www.googleapis.com/auth/plus')

class MainHandler(webapp.RequestHandler):
    @decorator.oauth_required
    def get(self):
        http = decorator.http()
        # http is authorized with the user's Credentials and can be
        # used in API calls
class oauth2client.appengine.SiteXsrfSecretKey(parent=None, key_name=None, _app=None, _from_entity=False, **kwds)[source]

Bases: google.appengine.ext.db.Model

Storage for the sites XSRF secret key.

There will only be one instance stored of this model, the one used for the site.

secret

A textual property, which can be multi- or single-line.

class oauth2client.appengine.SiteXsrfSecretKeyNDB(*args, **kwds)[source]

Bases: google.appengine.ext.ndb.model.Model

NDB Model for storage for the sites XSRF secret key.

Since this model uses the same kind as SiteXsrfSecretKey, it can be used interchangeably. This simply provides an NDB model for interacting with the same data the DB model interacts with.

There should only be one instance stored of this model, the one used for the site.

secret

An indexed Property whose value is a text string of limited length.

class oauth2client.appengine.StorageByKeyName(*args, **kwargs)[source]

Bases: oauth2client.client.Storage

Store and retrieve a credential to and from the App Engine datastore.

This Storage helper presumes the Credentials have been stored as a CredentialsProperty or CredentialsNDBProperty on a datastore model class, and that entities are stored by key_name.

locked_delete(*args, **kwds)
locked_get(*args, **kwds)
locked_put(*args, **kwds)
oauth2client.appengine.oauth2decorator_from_clientsecrets(*args, **kwargs)[source]

Creates an OAuth2Decorator populated from a clientsecrets file.

Parameters:
  • filename – string, File name of client secrets.
  • scope – string or list of strings, scope(s) of the credentials being requested.
  • message – string, A friendly string to display to the user if the clientsecrets file is missing or invalid. The message may contain HTML and will be presented on the web interface for any method that uses the decorator.
  • cache – An optional cache service client that implements get() and set() methods. See clientsecrets.loadfile() for details.

Returns: An OAuth2Decorator

oauth2client.appengine.xsrf_secret_key()[source]

Return the secret key for use for XSRF protection.

If the Site entity does not have a secret key, this method will also create one and persist it.

Returns:The secret key.