Python OAuth library recommendation

Barry Warsaw barry at ubuntu.com
Fri Nov 9 17:58:39 UTC 2012 

As part of the multi-cycle work to port all Python libraries and applications
on the desktop image to Python 3[1], we had a session at UDS-R about the state
of the OAuth libraries[2].  The most popular OAuth library on PyPI is 'oauth
1.0.1', but there are several problems with this library:

 * It only supports Python 2
 * It only supports OAuth v1
 * It is abandonware

This latter is probably the best reason to stop using the library.  It hasn't
been updated upstream since 2009.

After surveying the alternatives, the folks at the UDS-R session (both in
person and participating remotely) were unanimous in choosing oauthlib[3] as
the recommended library to use going forward.  There are many positive reasons
to choose this library:

 * It supports both Python 2 and 3
 * It supports OAuth v1 and v2 (draft)
 * It is actively maintained upstream by a developer friendly to Ubuntu
 * It is already in the Ubuntu archive (python-oauthlib, python3-oauthlib)

While Quantal has a slightly out-of-date version, Raring has the latest
upstream release[4].  I have not yet done a comprehensive API comparison, but
I have filed the following bugs to port the packages blocking python-oauth's
unseeding:

 * 1077076 (oneconf)
 * 1077083 (piston-mini-client)
 * 1077087 (ubuntu-sso-client)
 * 1077089 (ubuntuone-client)
 * 1077092 (ubuntuone-storage-protocol)
 * 1077094 (ubuntuone-couch)

If you are aware of any showstoppers, or (better yet) want to help, please
contact me or follow up on the bugs or blueprints.  I don't believe
python-oauthlib supports the server-side but that's not an issue for
task:desktop packages.

You might also be interested in the python{,3}-requests package, which is
built on the python{,3}-urllib3 and python{,3}-oauthlib packages.  requests
has built-in OAuth support so it can make requesting OAuth resources much
easier.

Cheers,
-Barry

[1] https://blueprints.launchpad.net/ubuntu/+spec/foundations-r-python-versions
[2] https://blueprints.launchpad.net/ubuntu/+spec/foundations-r-python3-oauth
[3] http://pypi.python.org/pypi/oauthlib/0.3.3
[4] Oops! looks like we're one patch version behind - will fix :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20121109/721d28a6/attachment.pgp>

More information about the ubuntu-devel mailing list