Working with OAuth python

Question

I'm am using OAuth to allow my user to OAuth with Hunch, on my webpage I have a button to allow the user to go to Hunch and enter their details

    <form action="/hunch" method="post" align = "right">
        <div>
            <input type="submit" value="Login using Hunch">
        </div>
    </form>

How can I call a method here rather than a handler? as it is currently calling this:

class hunch(webapp.RequestHandler):
    def post(self):
        url = 'http://hunch.com/authorize/v1/?app_id=123&next=/get-recs'
        self.redirect(url)  
        logging.info("url2 = " + url2)

        auth_token_key = self.request.get('auth_token_key')
        logging.info("auth_token_key = " + auth_token_key)

but when I print the url2 it just prints /hunch? I hope this makes sense.

Also should this auth_token_key = self.request.get('auth_token_key') get information from the url that the user is directed to after they have entered their credentials?

Answer 1

When GAE (using OpenId) logs in a user, it relies on the /_ah/login_required page.

To get a user to enter their own credentials, you should create a page containing links to log in with the different providers you wish to use. You must then override the /_ah/login_required mapping in your url mapping file to use your own custom login page rather than the default.

This is a very good tutorial I used for this.

Google now offers their own official tutorial.

Answer 2

Please read the documentation for Hunch OAuth .

Rather than intercepting the form on the backend, send the user directly to

http://hunch.com/authorize/v1/?app_id=12345 (providing your own app_id and an optional next parameter).

If the user authorizes your application, they will be redirected to the redirect_url registered for your application along with an auth_token_key . For example, an app with a redirect_url of http://your-domain.com/authorized/ will be redirected to

http://your-domain.com/authorized/?auth_token_key=7a1b2c3&auth_sig=941bc415af782a8d93a83c874922ae1b30e92a70

At this point you can exchange the auth_token_key for an auth_token .

The Hunch sample app on Github has an example of how this should be done. The authorize function generates a page asking the user to Hunch connect, and the authorized function exchanges the auth_token_key for an auth_token .