将OAuth2与用户名和密码一起使用

Question

I have gained REST API acess to a certain service as part of a beta. I was told the authorization is throught OAuth2.

I got the following:

1. ID
2. SECRET
3. SITE

I also got a code sample in Ruby:

client = OAuth2::Client.new(key, secret, :site => site) 
token = client.password.get_token('your_email@mail.com', 'your_password') 
access_token = OAuth2::AccessToken.new(client, token) 
JSON.parse access_token.get("/v1/users/me").body rescue {} 

I'm trying to implement this same snippet in python with the oauth2 package, without success:

consumer = oauth2.Consumer(key=self._client_id,
                           secret=self._client_secret)
request_token_url = "api.theservice.com/"
token = oauth2.Token(key=self._email, secret=self._password)
client = oauth2.Client(consumer, token)
resp, content = client.request(request_token_url, "GET")
pprint.pprint(resp)
pprint.pprint(content)
resp, content = client.request(request_token_url + 'v1/users/me', "GET")
pprint.pprint(resp)
pprint.pprint(content)

The second response contains the following:

'www-authenticate': 'Bearer realm="Doorkeeper", error="invalid_token", '
                    'error_description="The access token is invalid"',

I also tried creating a oauth2.Client object without a token, and checked the first response for an access_token , but nothing of the sort came through.

What is the proper way to authenticate here?

Answer 1

As far as I see neither oauth2 nor requests-oauth2 support username/password strategy. So you need to obtain access token by yourself.

Check your API docs for details, but in general it should be something like that:

r = requests.post('http://api.theservice.com/auth',
                  data = {'email':email, 'password': password}).json()

token = oauth2.Token(key=r['key'], secret=r['secret'])
consumer = oauth2.Consumer(key=self._client_id,
                           secret=self._client_secret)

client = oauth2.Client(consumer, token)