oauth2 - OAuth 1.0a Client

1.9.0.post1 · deprecated · verified Sun Apr 12

The `oauth2` library provides a Python implementation for the OAuth 1.0a protocol. While it remains functional for applications requiring this older standard, OAuth 1.0a has largely been superseded by OAuth 2.0 for modern API integrations. The library's last significant development occurred around 2015, with minor updates up to 2022, and the current PyPI version is 1.9.0.post1.

Warnings

breaking The OAuth 1.0a standard implemented by this library is largely deprecated for new application development. Most modern APIs have transitioned to OAuth 2.0 or other authentication methods.
Fix: For new projects, strongly consider using APIs that support OAuth 2.0 and corresponding Python libraries (e.g., `requests-oauthlib`, `authlib`). Only use `oauth2` if you explicitly need to interact with a legacy OAuth 1.0a API.
gotcha The `oauth2` library has seen very limited maintenance since 2015, with minor updates up to 2022. This means it lacks new features, security updates for modern vulnerabilities, or active compatibility testing with newer Python versions and their dependencies.
Fix: Exercise extreme caution when deploying in production, especially for applications with strict security requirements. Consider auditing the library's code or migrating away from OAuth 1.0a if possible.
gotcha The library relies on `httplib2`, an older HTTP client library. While functional, `httplib2` may lack modern features, performance optimizations, or security best practices found in contemporary HTTP clients like `requests`.
Fix: Be aware of `httplib2`'s limitations. Swapping out the underlying HTTP client would require modifying the `oauth2` library's source code, which is generally not recommended.
gotcha The name `oauth2` is misleading as it implements OAuth 1.0a, not OAuth 2.0. This can cause confusion with other libraries that *do* implement OAuth 2.0 (e.g., `requests-oauthlib` which supports both, or `authlib` which primarily focuses on OAuth 2.0).
Fix: Always verify which OAuth version your target API supports. If it's OAuth 2.0, this `oauth2` library is the wrong choice.

Install

pip install oauth2 Install latest version

Imports

Consumer
```
import oauth2; oauth2.Consumer
```
This library `oauth2` implements OAUTH1.0a; `oauthlib` is a separate, more modern library.
Token
```
import oauth2; oauth2.Token
```
Client
```
import oauth2; oauth2.Client
```
Request
```
import oauth2; oauth2.Request
```

Quickstart

Demonstrates how to initialize an OAuth 1.0a client with consumer and token credentials (assuming they are pre-obtained), then use it to make a signed GET request to a protected resource. This is typical for 2-legged OAuth or after the 3-legged flow has completed and access tokens are available. The example uses environment variables for sensitive credentials.

import oauth2
import os
from urllib.parse import parse_qsl

# Replace with your actual consumer and token keys/secrets (from environment or config)
CONSUMER_KEY = os.environ.get('OAUTH2_CONSUMER_KEY', 'your_consumer_key')
CONSUMER_SECRET = os.environ.get('OAUTH2_CONSUMER_SECRET', 'your_consumer_secret')
TOKEN_KEY = os.environ.get('OAUTH2_TOKEN_KEY', 'your_token_key')
TOKEN_SECRET = os.environ.get('OAUTH2_TOKEN_SECRET', 'your_token_secret')

# The URL to make a signed request to
REQUEST_URL = "http://example.com/api/resource"

# --- Step 1: Initialize Consumer and Token ---
# Create a Consumer object (application credentials)
consumer = oauth2.Consumer(key=CONSUMER_KEY, secret=CONSUMER_SECRET)

# Create a Token object (user credentials obtained previously via 3-legged flow)
token = oauth2.Token(key=TOKEN_KEY, secret=TOKEN_SECRET)

# --- Step 2: Create an OAuth2 Client ---
# The client combines consumer and token to sign requests
client = oauth2.Client(consumer, token)

# --- Step 3: Make a signed request ---
print(f"Making a signed GET request to: {REQUEST_URL}")
try:
    resp, content = client.request(REQUEST_URL, "GET")

    print(f"\nHTTP Status: {resp.status}")
    print(f"Response Content (first 200 chars): {content.decode('utf-8')[:200]}...")

    if resp.status != 200:
        print(f"Error: {content.decode('utf-8')}")

except Exception as e:
    print(f"An error occurred during the request: {e}")

# --- Example: Initiating a 3-legged OAuth flow (getting a request token) ---
# This part assumes a request token URL exists for demonstration.
# request_token_url = "http://example.com/oauth/request_token"
# print(f"\nAttempting to get a request token from: {request_token_url}")
# try:
#     # For requesting a request token, usually only the consumer is needed initially
#     req_client = oauth2.Client(consumer)
#     resp_req, content_req = req_client.request(request_token_url, "GET")
#     if resp_req.status == 200:
#         request_token_data = dict(parse_qsl(content_req.decode('utf-8')))
#         print(f"Successfully got Request Token: {request_token_data}")
#     else:
#         print(f"Failed to get Request Token: Status {resp_req.status}, Content: {content_req.decode('utf-8')}")
# except Exception as e:
#     print(f"An error occurred getting request token: {e}")

view raw JSON →