https://github.com/requests/requests-oauthlib
> On May 17, 2019, at 14:26, Mike Orr <[email protected]> wrote: > > I'm trying to get my Pyramid application to use a Keycloak > authentication server. Keycloak supports OAuth2 with OpenID Connect. I > don't need authorization: just authenticating the user and retrieving > their roles and metadata and maybe the refresh feature. I've looked > through several Oauth2, OpenID, and OpenID Connect libraries and there > seem to be a range of issues with all of them. So which one is most > supported and people here are using, which class should I use, and how > do I plug in my client ID, auth server URL, and secret? Some of them > use strange terminology and I'm not sure if I have what they need > under a different name. > > pyramid_oauth2_client, oauth2demo, and yasso (a Python OAuth2 > provider) The easiest to understand, but it hasn't been updated since > 2012. I had to make it compatible with Python 3 and Pyramid 1.9.2. I > got the demo to sometimes log in to yasso but when it came back to the > site it got an invalid state error (akin to a CSRF token mismatch) -- > it predates Pyramid's CSRF token support too. > > pyramid_oauthlib, oauthlib, and requests-oauthlib -- This looks the > best supported and most actively developed, but I can't tell which > parts I need as a client; much of it is for building an Oauth2 server. > The OAuth2 terminology is new to me so that makes it harder. > 'requests-oauthlib' is a wrapper for the 'requests' library to send > Oauth2 requests; I can't tell from the example whether I can use it > for authentication and if so how. > > authomatic -- This is easier to understand than oauthlib and recently > updated (2017) but I'm not sure how to configure my provider. The > built-in classes are for Facebook et al. For other providers it steers > you to the OpenID class. I may be able to use the base class or make a > subclass like the provided Yahoo and Google ones, but its arguments > don't match my server parameters so I'm not sure how to configure it. > It delegates to the 'openid' package, which below. > > openid -- There are several openid packages on PyPI: python-openid > 2.25 (2010 [last download file]), python-openid2 (2018), > python-openid3 (2013), python3-openid (2017). All of these have > similarly-worded descriptions as if they're by the same team. > 'python-openid2' has the most detailed description and is recent > (2018), but authomatic says it depends on 'openid' which I assume is > 'python-openid'. Still, the authomatic doc may be old and > 'python-openid2' may be compatible, but is it? > > Now, can I just use OpenID or OpenID Connect and forget about the > Oauth2 packages since I don't need authorization? Going back to > 'python-openid2', it says it's easy to use as a consumer, but the > example has its own BaseHTTPServer and strange method names and how > would I use it from Pyramid? > > For OpenID Connect, the Keycloak docs suggest 'oic' (2019). Ah, > recent. But the docs say, "Unfortunately, the documentation has been > largely left unmaintained and there are various issues.... the current > examples included in this repository are unmaintained and there are > many issues." Great, recent code but out-of-date examples. And again > hard to figure out how to use. > > Other OpenID Connect packages on PyPI are 'openid-connect' (2019): > "This is a low-level Python library for authentication against OpenID > Providers (e.g. Google). For high-level libraries see the Aiakos > project." Aiakos is a "Passwordless authentication gateway." And > 'oidc' (2014). I think 'oidc' was suggested in one of the previous > ones. > > There's also a repoze.who plugin and something about Venusian but > those sound old. > > So what are people using now, and is there an example of configuring > it for a non-Big-Name provider or specifically Keycloak? > > > > > -- > Mike Orr <[email protected]> > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/CAH9f%3DuqvnNdEEowGt%3DWhqi4Y3TXdiTqoF0r%2Bo9JeewaLUxJ5iA%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/E6B89FDA-B8E4-47AA-ACF7-81E7FC57A73B%400x58.com. For more options, visit https://groups.google.com/d/optout.
