Mercurial > universal-identity-relyer

view oauth_experiment.py @ 0:7b42ce648fe5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
origination
author Atul Varma <avarma@mozilla.com>
date Sat, 12 Jun 2010 17:06:05 -0700
parents
children 379d5d9a5f34
line wrap: on
line source

import os
import json
import urlparse
import urllib
import oauth2 as oauth

request_token_url = 'https://api.twitter.com/oauth/request_token'
access_token_url = 'https://api.twitter.com/oauth/access_token'
authorize_url = 'https://api.twitter.com/oauth/authorize'

config = json.loads(open("config.json").read())

consumer = oauth.Consumer(config['consumer_key'],
                          config['consumer_secret'])

def app(environ, start_response):
    path = environ['PATH_INFO']
    qs = environ['QUERY_STRING']

    if path == '/request':
        # Step 1: Get a request token. This is a temporary token that is used for 
        # having the user authorize an access token and to sign the request to obtain 
        # said access token.

        url = '%s?%s' % (
            request_token_url,
            urllib.urlencode({'oauth_callback': 'http://localhost:8000/callback'})
            )
        print "url is %s" % url
        client = oauth.Client(consumer)
        resp, content = client.request(url, "GET")
        if resp['status'] != '200':
            raise Exception("Invalid response %s." % resp['status'])

        request_token = dict(urlparse.parse_qsl(content))

        open('request-token.json', 'w').write(json.dumps(request_token))

        print "Request Token:"
        print "    - oauth_token        = %s" % request_token['oauth_token']
        print "    - oauth_token_secret = %s" % request_token['oauth_token_secret']
        print 

        # Step 2: Redirect to the provider. Since this is a CLI script we do not 
        # redirect. In a web application you would redirect the user to the URL
        # below.

        redirect_url = "%s?oauth_token=%s" % (authorize_url,
                                              request_token['oauth_token'])
        start_response('302 Found',
                       [('Location', redirect_url)])
        return []
    elif path == '/callback':
        qsdict = dict(urlparse.parse_qsl(qs))

        # TODO: Ensure request_token['oauth_token'] 
        # is the same as the one in qsdict['oauth_token'].

        request_token = json.loads(open('request-token.json').read())
        token = oauth.Token(request_token['oauth_token'],
                            request_token['oauth_token_secret'])
        token.set_verifier(qsdict['oauth_verifier'])
        client = oauth.Client(consumer, token)
        resp, content = client.request(access_token_url, "POST")
        access_token = dict(urlparse.parse_qsl(content))
        print "Access Token:"
        print "    - oauth_token        = %s" % access_token['oauth_token']
        print "    - oauth_token_secret = %s" % access_token['oauth_token_secret']
        print "    - user_id            = %s" % access_token['user_id']
        print "    - screen_name        = %s" % access_token['screen_name']
        print
        print "You may now access protected resources using the access tokens above." 
        print
        start_response('200 OK',
                       [('Content-Type', 'text/plain')])
        return [json.dumps(access_token, indent=2)]

    start_response('404 Not Found',
                   [('Content-Type', 'text/plain')])
    return ['path not found: %s' % path]