Description

PyOAuth implements versions 1.0 and 2.0 of the OAuth protocol as per the RFC specifications (See RFC5849_), which supersede any previous versions of the protocol. Client classes do not send HTTP requests but implement enough of the OAuth protocol to help you build request proxies that can be used to send actual HTTP requests. In essence, it implements OAuth and nothing else. This is a very conscious decision by the library authors. It allows framework authors and API users to use the library without pulling in unnecessary dependencies which may not work on their platform of choice. For example, you can use any of httplib2_, tornado_, webapp2_, or django_ to send HTTP requests built with this library. Wherever possible the implementation tries to warn you about problems you may encounter when processing or building OAuth requests by using a fail-fast approach—we try to tell you as much about the problem as possible. For example, OAuth relies on the availability of SSL to communicate securely, and therefore, the library checks whether the OAuth endpoint URLs you specify use SSL and prohibits you from using them if they do not begin with ``https://``. You can change this behavior to suit your needs, but the library will warn you. `Custom HTTP methods`_ are currently not supported. Signature methods ----------------- All the signature methods recommended by the OAuth specification have been implemented by this library, namely: 1. PLAINTEXT 2. HMAC-SHA1 3. RSA-SHA1 Custom signature methods are currently not supported. RSA-SHA1 requirements ~~~~~~~~~~~~~~~~~~~~~ The RSA-SHA1 signature method relies on the availability of third-party libraries like pyasn1_, and PyCrypto_ or M2Crypto_. The library accepts PEM-encoded X.509 certificates, RSA public keys, and RSA private keys. The validity of the X.509 certificates will not be verified by the signing functions. You must ensure the validity of certificates when you accept them by using other utility methods provided by this library or any other suitable means. It is also a good idea to periodically remind your clients about their certificate expiration dates—human beings forget after all. .. _RFC5849: http://tools.ietf.org/html/rfc5849 .. _httplib2: http://code.google.com/p/httplib2/ .. _tornado: http://www.tornadoweb.org/ .. _webapp2: http://code.google.com/p/webapp-improved/ .. _django: http://djangoproject.com/ .. _PyCrypto: http://pycrypto.org/ .. _M2Crypto: http://chandlerproject.org/Projects/MeTooCrypto .. _pyasn1: http://pypi.python.org/pypi/pyasn1 .. _Custom HTTP methods: http://tools.ietf.org/html/rfc5849#section-3.4.1.1