Mercurial > universal-identity-relyer

changeset 0:7b42ce648fe5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
origination
author Atul Varma <avarma@mozilla.com>
date Sat, 12 Jun 2010 17:06:05 -0700
parents
children 379d5d9a5f34
files oauth_experiment.py
diffstat 1 files changed, 80 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/oauth_experiment.py	Sat Jun 12 17:06:05 2010 -0700
@@ -0,0 +1,80 @@
+import os
+import json
+import urlparse
+import urllib
+import oauth2 as oauth
+
+request_token_url = 'https://api.twitter.com/oauth/request_token'
+access_token_url = 'https://api.twitter.com/oauth/access_token'
+authorize_url = 'https://api.twitter.com/oauth/authorize'
+
+config = json.loads(open("config.json").read())
+
+consumer = oauth.Consumer(config['consumer_key'],
+                          config['consumer_secret'])
+
+def app(environ, start_response):
+    path = environ['PATH_INFO']
+    qs = environ['QUERY_STRING']
+
+    if path == '/request':
+        # Step 1: Get a request token. This is a temporary token that is used for 
+        # having the user authorize an access token and to sign the request to obtain 
+        # said access token.
+
+        url = '%s?%s' % (
+            request_token_url,
+            urllib.urlencode({'oauth_callback': 'http://localhost:8000/callback'})
+            )
+        print "url is %s" % url
+        client = oauth.Client(consumer)
+        resp, content = client.request(url, "GET")
+        if resp['status'] != '200':
+            raise Exception("Invalid response %s." % resp['status'])
+
+        request_token = dict(urlparse.parse_qsl(content))
+
+        open('request-token.json', 'w').write(json.dumps(request_token))
+
+        print "Request Token:"
+        print "    - oauth_token        = %s" % request_token['oauth_token']
+        print "    - oauth_token_secret = %s" % request_token['oauth_token_secret']
+        print 
+
+        # Step 2: Redirect to the provider. Since this is a CLI script we do not 
+        # redirect. In a web application you would redirect the user to the URL
+        # below.
+
+        redirect_url = "%s?oauth_token=%s" % (authorize_url,
+                                              request_token['oauth_token'])
+        start_response('302 Found',
+                       [('Location', redirect_url)])
+        return []
+    elif path == '/callback':
+        qsdict = dict(urlparse.parse_qsl(qs))
+
+        # TODO: Ensure request_token['oauth_token'] 
+        # is the same as the one in qsdict['oauth_token'].
+
+        request_token = json.loads(open('request-token.json').read())
+        token = oauth.Token(request_token['oauth_token'],
+                            request_token['oauth_token_secret'])
+        token.set_verifier(qsdict['oauth_verifier'])
+        client = oauth.Client(consumer, token)
+        resp, content = client.request(access_token_url, "POST")
+        access_token = dict(urlparse.parse_qsl(content))
+        print "Access Token:"
+        print "    - oauth_token        = %s" % access_token['oauth_token']
+        print "    - oauth_token_secret = %s" % access_token['oauth_token_secret']
+        print "    - user_id            = %s" % access_token['user_id']
+        print "    - screen_name        = %s" % access_token['screen_name']
+        print
+        print "You may now access protected resources using the access tokens above." 
+        print
+        start_response('200 OK',
+                       [('Content-Type', 'text/plain')])
+        return [json.dumps(access_token, indent=2)]
+
+    start_response('404 Not Found',
+                   [('Content-Type', 'text/plain')])
+    return ['path not found: %s' % path]