How do you use rauth with Django?

Question

The python lib mentioned in OAuth website rauth seems to be simple and best one to use. So, I want to use it in Django and unable to actually implement it.

Here is my issue.

# I do something like this initially
from rauth.service import OAuth2Service
from django.shortcuts import render_to_response
def page(request):
    service = OAuth2Service(
                           consumer_key = "..",
                           consumer_secret = "...",
                           .. )
    url = service.get_authorize_url(redirect_uri="http://mysite.com/redired-url")
    # this url is where the user accepts or not.
    # which redirects with authorization code.
    return HttpResponseRedirect(url)

Now, when user opens page, it directly redirects and asks user to allow or reject.. If user allows, we get authorization code at redirect-url

To get access token from authorization token,

rauth lib mentions to do so which I have to put under a different view corresponding to redirect-url

data = dict(code='foobar',
            grant_type='authorization_code',
            redirect_uri='http://example.com/')
token = service.get_access_token('POST', data=data)

The problem is with service object. I created service instance in one view, i need to use it in another view to get access token..

Where I am going wrong..? How to get it done.

Answer 1

Update - Upon further review, I saw a need for clarification. You won't get the access_token until AFTER the user clicks "Yes" on the reddit authentication page. It will then redirect, with a code and state information in the query, to the URI you provided at the beginning of your process.

To receive the OAuth2 tokens posted back in the redirect_uri's view, you will need to get the URL parameters from within the view class/method:

code = request.GET.get('code', '')

This will give you a variable containing the code generated from the first request (it's in the URI as a parameter).

Make sure you check your "state" variable as well, retrieving it the same way, otherwise your security goes out the window.

What you do from there depends on if you're using rauth or praw, but you can use the information gleaned above to generate the appropriate request to get said access token.

Basically, your callback view (redirect_uri) handles all reddit verification and processing. Your initial view, for the most part, either a generated link or a redirect to reddit.com.

Answer 2

Okay there's various ways to handle this in the context of a web app. I would highly recommend taking a look at the Facebook Flask example in the examples dir.

The basic idea is provide an authorization view and a redirect view. You want to have the provider redirect to the redirect view and therein you should do all the stuff you'd expect to be able to do assuming you've been authorized by the user. Otherwise, you should bail out and possibly inform the user as to why.

Now what I typically do is keep the service wrappers in a separate module, not in a view, and then import them into the context I need them. You can do things to initialize them dynamically and such. But reference the link I posted for a simple implementation. I think this should do what you want. I realize it's not Django, but the idioms are pretty close with the simple case of views like this.