OAuth With Twitter and Python Flask
Here’s a couple tips on getting OAuth to work with Python Flask.
First, Flask has bunch of awesome extensions that make coding with Flask so easy. The two I am using for an OAuth login system are Flask-OAuth (obviously), and Flask-Login. The database I am using is Postgres, with the great Flask-SQLAlchemy ORM.
The User class I am using just needs 3 properties:
For Flask-OAuth, most of the default configuration works as described. However, I did have
to change the
to use https. The
access_token_url should point to
“https://api.twitter.com/oauth/authenticate” for processing the login.
I had trouble getting it to recognize the callback URL. I kept getting this error:
raise OAuthException('Failed to generate request token'). I gave up debugging it,
and just added the correct callback URL in the settings in Twitter.
Using Flask-Login is also straight forward. I initially didn’t know how to make enable a User class to use the login system, turns out it’s just a four functions that have to be included in the class:
1 2 3 4 5 6 7 8 9 10 11
The glue that makes the two play nicely together is all in these three functions:
1 2 3 4 5 6
Before I send a Twitter OAuth request, I make sure the current_user is not authenticated. If I didn’t the OAuth would fail. Not sure why yet.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
What the callback handler does:
Once the authentication is complete, it looks in the database for the Twitter username. If
it’s not found, it creates a new account and calls
login_user(). If it is, it uses
the returned account object to login the user.
1 2 3 4 5 6
This third function is self-explanatory.
Now, it’s as easy adding the
@login_required decorator before a secure page