Support BackendApplicationClient

[avizelo]

Does requests-oauthlib supports using service account (BackendApplicationClient)? Specifically, I would like to implement the following example were the authentication to google drive API is done via a service account (as the google apiclient lib is not supported for python3)

The below example uses apiclient and taken from https://developers.google.com/drive/web/service-accounts

import httplib2 import pprint import sys

from apiclient.discovery import build from oauth2client.client import SignedJwtAssertionCredentials

"""Email of the Service Account. SERVICE_ACCOUNT_EMAIL = '@developer.gserviceaccount.com'

""" Path to the Service Account's Private Key file. SERVICE_ACCOUNT_PKCS12_FILE_PATH = '/path/to/<public_key_fingerprint>-privatekey.p12'

def createDriveService(): """Builds and returns a Drive service object authorized with the given service account.

Returns: Drive service object. """ f = file(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'rb') key = f.read() f.close()

credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key, scope='https://www.googleapis.com/auth/drive') http = httplib2.Http() http = credentials.authorize(http)

return build('drive', 'v2', http=http)

Thanks, Avi

[ib-lundgren]

Currently, no. However, since it does not require that much on the client side I've begun working on that and could do with your help trying it out on a real app. Please install oauthlib from master and then follow this example

# If you are running into issues enable logging below
#import logging
#import sys

#log = logging.getLogger('oauthlib')
#log.addHandler(logging.StreamHandler(sys.stdout))
#log.setLevel(logging.DEBUG)

#log = logging.getLogger('requests-oauthlib')
#log.addHandler(logging.StreamHandler(sys.stdout))
#log.setLevel(logging.DEBUG)

# Credentials you get from registering a new service account
client_id = 'your-client-id.apps.googleusercontent.com'
issuer = '[email protected]'
aud = 'https://accounts.google.com/o/oauth2/token'
sub = '[email protected]'

# Download the key in json format
from json import load
key = load(open("key.json"))['private_key']

# Remember to enable domain wide access to your account
# https://developers.google.com/accounts/docs/OAuth2ServiceAccount#delegatingauthority

# OAuth endpoints given in the Google API documentation
token_url = "https://accounts.google.com/o/oauth2/token"
scope = [
    "https://www.googleapis.com/auth/userinfo.email",
    "https://www.googleapis.com/auth/userinfo.profile"
]

# For now you need to install from Github master
from oauthlib.oauth2 import ServiceApplicationClient

client = ServiceApplicationClient(client_id,
        issuer=issuer,
        audience=aud,
        subject=sub,
        private_key=key)

from requests_oauthlib import OAuth2Session
google = OAuth2Session(client_id, client=client)

# Fetch the access token
google.fetch_token(token_url)

# Fetch a protected resource, i.e. user profile
r = google.get('https://www.googleapis.com/oauth2/v1/userinfo')
print r.content

[avizelo]

Thanks for the help.

Ive tried to install the oauthlib.oauth2 module using the below command - pip3 install --upgrade git+https://github.com/idan/oauthlib.git

Then, while running my script (google_drive_p3.py) I got the following error - root@ubuntu:/mnt/hgfs/VM-ShareFolder/tests# python3 google_drive_p3.py Traceback (most recent call last): File "google_drive_p3.py", line 48, in google.fetch_token(token_url) File "/usr/local/lib/python3.4/dist-packages/requests_oauthlib/oauth2_session.py", line 167, in fetch_token password=password, **kwargs) File "/usr/local/lib/python3.4/dist-packages/oauthlib/oauth2/rfc6749/clients/service_application.py", line 142, in prepare_request_body import jwt ImportError: No module named 'jwt'

On Thu, Oct 16, 2014 at 5:19 AM, Ib Lundgren [email protected] wrote:

Currently, no. However, since it does not require that much on the client side I've begun working on that and could do with your help trying it out on a real app. Please install oauthlib https://github.com/idan/oauthlib from master and then follow this example

If you are running into issues enable logging below

#import logging #import sys

#log = logging.getLogger('oauthlib') #log.addHandler(logging.StreamHandler(sys.stdout)) #log.setLevel(logging.DEBUG)

#log = logging.getLogger('requests-oauthlib') #log.addHandler(logging.StreamHandler(sys.stdout)) #log.setLevel(logging.DEBUG)

Credentials you get from registering a new service account

client_id = 'your-client-id.apps.googleusercontent.com' issuer = '[email protected]' aud = 'https://accounts.google.com/o/oauth2/token' sub = '[email protected]'

Download the key in json format

from json import load key = load(open("key.json"))['private_key']

Remember to enable domain wide access to your account

https://developers.google.com/accounts/docs/OAuth2ServiceAccount#delegatingauthority

OAuth endpoints given in the Google API documentation

token_url = "https://accounts.google.com/o/oauth2/token" scope = [ "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile" ]

For now you need to install from Github master

from oauthlib.oauth2 import ServiceApplicationClient

client = ServiceApplicationClient(client_id, issuer=issuer, audience=aud, subject=sub, private_key=key)

from requests_oauthlib import OAuth2Session google = OAuth2Session(client_id, client=client)

Fetch the access token

google.fetch_token(token_url)

Fetch a protected resource, i.e. user profile

r = google.get('https://www.googleapis.com/oauth2/v1/userinfo') print r.content

— Reply to this email directly or view it on GitHub https://github.com/requests/requests-oauthlib/issues/152#issuecomment-59335094 .

[ib-lundgren]

Forgot to mention it requires extra libraries not included in oauthlib by default due to their limited use.

Please also install pycrypto and pyjwt