Is it possible to use OAuth 2.0 without a redirect_uri or without setting up a complex server?

Question

I got to transfer some files to a remote server for which I have to perform OAuth2.0 to get access token and then simply perform a POST request to upload the files.

Now I am too lazy to setup a Django project on cloud and then perform OAuth2 while there are not "too good" lib for that though.

So, I am thinking to perform OAuth2 using rauth lib as a simple python script without really setting up a server that accepts requests and all..

However, on the remote server profile, I need to provide a redirect_url and of course in the rauth client lib.

Are there any possible ways to do this authorization without really setting up a project on cloud..A simply python script is what I am looking for.

maxcountryman · Answer 1 · 2013-03-29T05:45:54.090

I'm the author and maintainer of rauth.

Rauth no longer enforces a redirect_uri, so if your provider allows it then you can forgo using it. However if you ultimate goal is not to setup a server, this should be doable even with a redirect_uri required by the provider. You can, for example, redirect to localhost where you could setup a minimal server using Flask or if the provider allows it, some other, arbitrary URL, e.g. Facebook provides https://www.facebook.com/connect/login_success.html for this purpose. And the provider you're using might have a similar scheme. Here's an example with rauth.

Another option is to use Bearer Auth with grant_type=password. All OAuth 2.0 providers are supposed to support Bearer Auth, but may not implement the password grant_type. This does not require a redirect_uri, instead you end up passing the server your user credentials and it should return an access token to you. If your provider allows Bearer Auth with grant_type of password, this is probably the ideal for you. Rauth 0.5.3 attempts to use Bearer Auth by default so all you have to do is pass in the grant_type. Be sure to update before giving this a go.

Here's a simple example:

# assume you have constructed an OAuth2Service object and bound it to `serv`

params = {'grant_type': 'password',
          'username': 'foo',
          'password': 'hunter2'}

s = service.get_auth_session(params=params)
r = s.get('https://example.com/api/some/endpoint')

Depending on the provider and what you want to do, it may require a little more investigation. However, hopefully this gives you something to start with.

Edit

I think my comment about password grant_type is a little confusing: I seem to be implying you have to use it with Bearer Auth (here by Bearer Auth I mean affixing the access token in the Authorization header in the Bearer format), but actually you don't. It's acceptable, although discouraged, to send the credentials along in the entity method[1]. If you're using rauth and find that authentication is not working as expected, you may need to disable Bearer Auth like this:

s = service.get_auth_session('/some/resource',
                             data={'code': code},
                             bearer_auth=False)

From the spec:

[1] "Clients SHOULD make authenticated requests with a bearer token using the Authorization request header field with the Bearer HTTP authorization scheme. Resource servers MUST support this method."

Is it possible to use OAuth 2.0 without a redirect_uri or without setting up a complex server?

1 Answers1