Google Hybrid (OpenID+OAuth) - velruse.providers.google_hybrid

Google provides both basic OpenID using Attribute Exchange 2.0, as well as a OpenID+OAuth hybrid that authenticates a user and completes OAuth authentication to provide API access to Google services.

To use Google authentication, registering an application is not necessary unless you wish to request OAuth tokens to access Google services.

Google Developer Links:

• Google Application Management
• Google OpenID Documentation
• Google OAuth scope parameters

Settings

realm

Required. The realm must be a containing namespace for the callback URL.

consumer_key

OAuth 1.0 key.

consumer_secret

OAuth 1.0 secret.

scope

OAuth 1.0 scope.

Warning

When using the OAuth hybrid, the consumer key domain must match the OpenID Realm domain, otherwise Google will not consider the OAuth to be valid. If this domain is not a valid DNS name, Google will also consider it invalid.

POST Parameters

The Google provider accepts an oauth_scope argument, which is used in the authenticating request to access additional Google API’s. Each API has an authentication scope, defined on the Google Auth Scopes page. These should be a space separated string, for example to request access to Google Contacts:

Using the oauth_scope parameter requires a registered Google application.

<input type="hidden" name="oauth_scope" value="http://www.google.com/m8/feeds/" />

Google Provider also accepts a popup_mode argument which can be either popup or x-has-session as defined in the Google OpenID docs.

The OpenID POST param openid_identifier is not required.

Complete Example:

<form action="/velruse/google/login" method="post">
    <input type="hidden" name="popup_mode" value="popup" />
    <input type="hidden" name="oauth_scope" value="http://www.google.com/m8/feeds/" />
    <input type="submit" value="Login with Google" />
</form>

Pyramid API

class GoogleAuthenticationComplete(profile=None, credentials=None, provider_name=None, provider_type=None)

Bases: velruse.providers.openid.OpenIDAuthenticationComplete

Google auth complete

includeme(config)

Activate the google_hybrid Pyramid plugin via config.include('velruse.providers.google_hybrid'). After included, a new method will be available to configure new providers.

config.add_google_hybrid_login()

See add_google_login() for the supported options.

add_google_login(config, attrs=None, realm=None, storage=None, consumer_key=None, consumer_secret=None, scope=None, login_path='/login/google', callback_path='/login/google/callback', name='google')

Add a Google login provider to the application using the OpenID+OAuth hybrid protocol. This protocol can be configured for purely authentication by specifying only OpenID parameters. If you also wish to authorize your application to access the user’s information you may specify OAuth credentials.

• OpenID parameters + attrs + realm + storage
• OAuth parameters + consumer_key + consumer_secret + scope