Re: google api and oauth2

Discussion in 'Python' started by Kushal Kumaran, Sep 26, 2012.

  1. On Wed, Sep 26, 2012 at 11:45 AM, Demian Brecht <> wrote:
    >>
    >> If you are writing a desktop application, read this:
    >> https://developers.google.com/accounts/docs/OAuth2#clientside

    >
    >
    > You mean https://developers.google.com/accounts/docs/OAuth2#installed? Your
    > link discusses client side browser implementations.
    >


    Ah yes, I made a mistake in linking displayed url and scrolled position.

    > I'd be curious to know the shortcomings of sanction in the context of
    > installed apps. My original intent was to provide a server flow
    > implementation. If the installed flow isn't too much of a change (doesn't
    > seem like it would be, according to the docs, it's how the "code" is
    > retrieved by the application), I'd happily add it in or take a patch to
    > cover it.


    I tried out sanction from a python shell. In an installed
    application, the user can either start a little web server to handle
    redirect_uri, or pass in the special value "urn:ietf:wg:eek:auth:2.0:eek:ob"
    to have the authorization code be shown in a text field in the browser
    (all of this is for google, I have no idea how other implementations
    or the oauth spec differ).

    At the moment, the auth_uri function gives out a URI and leaves it up
    to the client to deal with it however it likes. The library could
    provide a function (let's call it drive_auth) to drive the entire
    process: start a little web server on any available port, give a url
    to that server as redirect_uri, then start the user's web browser to
    connect to the authentication endpoint.

    The embedded web server will need to handle redirect_uri to grab the
    authorization code, generate an HTML response that will close the
    browser window (or instruct the user to do so), and then stop itself.

    For GUI applications which can embed a web browser widget, there is no
    need to start a separate web browser application. To support such
    applications, the drive_auth function can take a callback argument to
    navigate to a particular URL. Then the client applications can hook
    in their particular GUI toolkit, or just pass in webbrowser.open if
    they like.

    All this may be beyond the intended scope of your library.

    --
    regards,
    kushal
     
    Kushal Kumaran, Sep 26, 2012
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aljosa Mohorovic

    oauth2 server implementation

    Aljosa Mohorovic, Sep 27, 2011, in forum: Python
    Replies:
    3
    Views:
    185
    Roy Smith
    Sep 28, 2011
  2. Ethan Herdrick
    Replies:
    1
    Views:
    110
    Ethan Herdrick
    May 11, 2006
  3. Replies:
    0
    Views:
    498
  4. Littlefield, Tyler

    google api and oauth2

    Littlefield, Tyler, Sep 25, 2012, in forum: Python
    Replies:
    0
    Views:
    200
    Littlefield, Tyler
    Sep 25, 2012
  5. Kushal Kumaran

    Re: google api and oauth2

    Kushal Kumaran, Sep 26, 2012, in forum: Python
    Replies:
    0
    Views:
    294
    Kushal Kumaran
    Sep 26, 2012
Loading...

Share This Page