Python: module gdata.gauth

gdata.gauth

index
/usr/local/google/home/afshar/src/external-gdata-release/google3/src/gdata/gauth.py

Provides auth related token classes and functions for Google Data APIs. Token classes represent a user's authorization of this app to access their data. Usually these are not created directly but by a GDClient object. ClientLoginToken AuthSubToken SecureAuthSubToken OAuthHmacToken OAuthRsaToken TwoLeggedOAuthHmacToken TwoLeggedOAuthRsaToken Functions which are often used in application code (as opposed to just within the gdata-python-client library) are the following: generate_auth_sub_url authorize_request_token The following are helper functions which are used to save and load auth token objects in the App Engine datastore. These should only be used if you are using this library within App Engine: ae_load ae_save

Modules

atom
datetime
random
simplejson
time
urllib
urlparse

Classes



__builtin__.object

AuthSubToken

SecureAuthSubToken

ClientLoginToken
OAuth2Token

OAuth2TokenFromCredentials

OAuthHmacToken

OAuthRsaToken

TwoLeggedOAuthRsaToken

TwoLeggedOAuthHmacToken

exceptions.Exception(exceptions.BaseException)

Error

OAuth2AccessTokenError
OAuth2RevokeError
UnsupportedTokenType

class AuthSubToken(__builtin__.object)

    Methods defined here:

ModifyRequest = modify_request(self, http_request)

__init__(self, token_string, scopes=None)

modify_request(self, http_request)
Sets Authorization header, allows app to act on the user's behalf.

Static methods defined here:

FromUrl = from_url(str_or_uri)
Creates a new AuthSubToken using information in the URL. Uses auth_sub_string_from_url. Args:   str_or_uri: The current page's URL (as a str or atom.http_core.Uri)               which should contain a token query parameter since the               Google auth server redirected the user's browser to this               URL.

from_url(str_or_uri)
Creates a new AuthSubToken using information in the URL. Uses auth_sub_string_from_url. Args:   str_or_uri: The current page's URL (as a str or atom.http_core.Uri)               which should contain a token query parameter since the               Google auth server redirected the user's browser to this               URL.

Data descriptors defined here:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

class ClientLoginToken(__builtin__.object)

    Methods defined here:

ModifyRequest = modify_request(self, http_request)

__init__(self, token_string)

modify_request(self, http_request)

Data descriptors defined here:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

class Error(exceptions.Exception)


Method resolution order:

Error

exceptions.Exception

exceptions.BaseException

__builtin__.object

Data descriptors defined here:

__weakref__

list of weak references to the object (if defined)

Methods inherited from exceptions.Exception:

__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.Exception:

__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.BaseException:

__delattr__(...)
x.__delattr__('name') <==> del x.name

__getattribute__(...)
x.__getattribute__('name') <==> x.name

__getitem__(...)
x.__getitem__(y) <==> x[y]

__getslice__(...)
x.__getslice__(i, j) <==> x[i:j] Use of negative indices is not supported.

__reduce__(...)

__repr__(...)
x.__repr__() <==> repr(x)

__setattr__(...)
x.__setattr__('name', value) <==> x.name = value

__setstate__(...)

__str__(...)
x.__str__() <==> str(x)

__unicode__(...)

Data descriptors inherited from exceptions.BaseException:

__dict__

args

message

class OAuth2AccessTokenError(Error)

    Raised when an OAuth2 error occurs.

Method resolution order:

OAuth2AccessTokenError

Error

exceptions.Exception

exceptions.BaseException

__builtin__.object

Methods defined here:

__init__(self, error_message)

Data descriptors inherited from Error:

__weakref__

list of weak references to the object (if defined)

Data and other attributes inherited from exceptions.Exception:

__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.BaseException:

__delattr__(...)
x.__delattr__('name') <==> del x.name

__getattribute__(...)
x.__getattribute__('name') <==> x.name

__getitem__(...)
x.__getitem__(y) <==> x[y]

__getslice__(...)
x.__getslice__(i, j) <==> x[i:j] Use of negative indices is not supported.

__reduce__(...)

__repr__(...)
x.__repr__() <==> repr(x)

__setattr__(...)
x.__setattr__('name', value) <==> x.name = value

__setstate__(...)

__str__(...)
x.__str__() <==> str(x)

__unicode__(...)

Data descriptors inherited from exceptions.BaseException:

__dict__

args

message

class OAuth2RevokeError(Error)

    Raised when an OAuth2 token revocation was unsuccessful.

Method resolution order:

OAuth2RevokeError

Error

exceptions.Exception

exceptions.BaseException

__builtin__.object

Methods defined here:

__init__(self, http_response, response_body=None)
Sets the HTTP information in the error. Args:   http_response: The response from the server, contains error information.   response_body: string (optional) specified if the response has already                  been read from the http_response object.

__str__(self)

Data descriptors inherited from Error:

__weakref__

list of weak references to the object (if defined)

Data and other attributes inherited from exceptions.Exception:

__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.BaseException:

__delattr__(...)
x.__delattr__('name') <==> del x.name

__getattribute__(...)
x.__getattribute__('name') <==> x.name

__getitem__(...)
x.__getitem__(y) <==> x[y]

__getslice__(...)
x.__getslice__(i, j) <==> x[i:j] Use of negative indices is not supported.

__reduce__(...)

__repr__(...)
x.__repr__() <==> repr(x)

__setattr__(...)
x.__setattr__('name', value) <==> x.name = value

__setstate__(...)

__unicode__(...)

Data descriptors inherited from exceptions.BaseException:

__dict__

args

message

class OAuth2Token(__builtin__.object)

    Token object for OAuth 2.0 as described on <http://code.google.com/apis/accounts/docs/OAuth2.html>. Token can be applied to a gdata.client.GDClient object using the authorize() method, which then signs each request from that object with the OAuth 2.0 access token. This class supports 3 flows of OAuth 2.0:   Client-side web flow: call generate_authorize_url with `response_type='token''     and the registered `redirect_uri'.   Server-side web flow: call generate_authorize_url with the registered     `redirect_url'.   Native applications flow: call generate_authorize_url as it is. You will have     to ask the user to go to the generated url and pass in the authorization     code to your application.

Methods defined here:

ModifyRequest = modify_request(self, http_request)

__init__(self, client_id, client_secret, scope, user_agent, auth_uri='https://accounts.google.com/o/oauth2/auth', token_uri='https://accounts.google.com/o/oauth2/token', access_token=None, refresh_token=None, revoke_uri='https://accounts.google.com/o/oauth2/revoke')
Create an instance of OAuth2Token Args:   client_id: string, client identifier.   client_secret: string client secret.   scope: string, scope of the credentials being requested.   user_agent: string, HTTP User-Agent to provide for this application.   auth_uri: string, URI for authorization endpoint. For convenience     defaults to Google's endpoints but any OAuth 2.0 provider can be used.   token_uri: string, URI for token endpoint. For convenience     defaults to Google's endpoints but any OAuth 2.0 provider can be used.   revoke_uri: string, URI for revoke endpoint. For convenience     defaults to Google's endpoints but any OAuth 2.0 provider can be used.   access_token: string, access token.   refresh_token: string, refresh token.

authorize(self, client)
Authorize a gdata.client.GDClient instance with these credentials. Args:    client: An instance of gdata.client.GDClient        or something that acts like it. Returns:    A modified instance of client that was passed in. Example:   >>> c = gdata.client.GDClient(source='user-agent')   >>> c = token.authorize(c)

generate_authorize_url(self, redirect_uri='urn:ietf:wg:oauth:2.0:oob', response_type='code', access_type='offline', approval_prompt='auto', **kwargs)
Returns a URI to redirect to the provider. Args:   redirect_uri: Either the string 'urn:ietf:wg:oauth:2.0:oob' for a                 non-web-based application, or a URI that handles the                 callback from the authorization server.   response_type: Either the string 'code' for server-side or native                  application, or the string 'token' for client-side                  application.   access_type: Either the string 'offline' to request a refresh token or                'online'.   approval_prompt: Either the string 'auto' to let the OAuth mechanism                    determine if the approval page is needed or 'force'                    if the approval prompt is desired in all cases. If redirect_uri is 'urn:ietf:wg:oauth:2.0:oob' then pass in the generated verification code to get_access_token, otherwise pass in the query parameters received at the callback uri to get_access_token. If the response_type is 'token', no need to call get_access_token as the API will return it within the query parameters received at the callback:   oauth2_token.access_token = YOUR_ACCESS_TOKEN

get_access_token(self, code)
Exhanges a code for an access token. Args:   code: string or dict, either the code as a string, or a dictionary     of the query parameters to the redirect_uri, which contains     the code.

modify_request(self, http_request)
Sets the Authorization header in the HTTP request using the token. Returns:   The same HTTP request object which was passed in.

revoke(self, revoke_uri=None, refresh_token=None)
Revokes access via a refresh token. Args:   revoke_uri: string, URI for revoke endpoint. If not provided, or if     None is provided, the revoke_uri attribute on the object is used.   refresh_token: string, refresh token. If not provided, or if None is     provided, the refresh_token attribute on the object is used. Raises:   UnsupportedTokenType if the token is not one of the supported token   classes listed above. Example:   >>> token.revoke()

Data descriptors defined here:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

invalid

True if the credentials are invalid, such as being revoked.

class OAuth2TokenFromCredentials(OAuth2Token)

    Special subclass to be used in conjunction with google-api-python-client. These libraries are built for different purposes. This one is used for APIs that use the GData Protocol: https://developers.google.com/gdata/docs/2.0/reference while google-api-python-client is for APIs which are discovery-based: https://developers.google.com/discovery/v1/getting_started#background Developers using Google APIs may want to use both simultaneously, and this class provides a way for them to use OAuth 2.0 credentials obtained for use with google-api-python-client as credentials in gdata-python-client and to ensure all token/credential refresh impacts both this object and the google-api-python-client credentials object. In addition, any manual patching of this object or the credentials object will be immediately reflected since attributes such as `client_id`, `access_token`, etc. are directly proxied between instances of this class and the credentials objects that they own.

Method resolution order:

OAuth2TokenFromCredentials

OAuth2Token

__builtin__.object

Methods defined here:

__init__(self, credentials)
Constructor for OAuth2TokenFromCredentials object. The constructor for the superclass is not called because the actual values are retrieved from the credentials object directly via `property` instances which act as proxies. Args:   credentials: An instance of oauth2client.client.Credentials or some       subclass.

generate_authorize_url(self, *args, **kwargs)
# Disable methods not supported by Credentials.

get_access_token(self, *args, **kwargs)

revoke(self, *args, **kwargs)

Data descriptors defined here:

access_token

client_id

client_secret

refresh_token

token_expiry

token_uri

user_agent

Methods inherited from OAuth2Token:

ModifyRequest = modify_request(self, http_request)
Sets the Authorization header in the HTTP request using the token. Returns:   The same HTTP request object which was passed in.

authorize(self, client)
Authorize a gdata.client.GDClient instance with these credentials. Args:    client: An instance of gdata.client.GDClient        or something that acts like it. Returns:    A modified instance of client that was passed in. Example:   >>> c = gdata.client.GDClient(source='user-agent')   >>> c = token.authorize(c)

modify_request(self, http_request)
Sets the Authorization header in the HTTP request using the token. Returns:   The same HTTP request object which was passed in.

Data descriptors inherited from OAuth2Token:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

invalid

True if the credentials are invalid, such as being revoked.

class OAuthHmacToken(__builtin__.object)

    Methods defined here:

GenerateAuthorizationUrl = generate_authorization_url(self, google_apps_domain='default', language=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')

ModifyRequest = modify_request(self, http_request)

__init__(self, consumer_key, consumer_secret, token, token_secret, auth_state, next=None, verifier=None)

generate_authorization_url(self, google_apps_domain='default', language=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')
Creates the URL at which the user can authorize this app to access. Args:   google_apps_domain: str (optional) If the user should be signing in       using an account under a known Google Apps domain, provide the       domain name ('example.com') here. If not provided, 'default'       will be used, and the user will be prompted to select an account       if they are signed in with a Google Account and Google Apps       accounts.   language: str (optional) An ISO 639 country code identifying what       language the approval page should be translated in (for example,       'en' for English). The default is the user's selected language.   btmpl: str (optional) Forces a mobile version of the approval page. The     only accepted value is 'mobile'.   auth_server: str (optional) The start of the token authorization web     page. Defaults to     'https://www.google.com/accounts/OAuthAuthorizeToken'

modify_request(self, http_request)
Sets the Authorization header in the HTTP request using the token. Calculates an HMAC signature using the information in the token to indicate that the request came from this application and that this application has permission to access a particular user's data. Returns:   The same HTTP request object which was passed in.

Data descriptors defined here:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

Data and other attributes defined here:

SIGNATURE_METHOD = 'HMAC-SHA1'

class OAuthRsaToken(OAuthHmacToken)


Method resolution order:

OAuthRsaToken

OAuthHmacToken

__builtin__.object

Methods defined here:

ModifyRequest = modify_request(self, http_request)

__init__(self, consumer_key, rsa_private_key, token, token_secret, auth_state, next=None, verifier=None)

modify_request(self, http_request)
Sets the Authorization header in the HTTP request using the token. Calculates an RSA signature using the information in the token to indicate that the request came from this application and that this application has permission to access a particular user's data. Returns:   The same HTTP request object which was passed in.

Data and other attributes defined here:

SIGNATURE_METHOD = 'RSA-SHA1'

Methods inherited from OAuthHmacToken:

GenerateAuthorizationUrl = generate_authorization_url(self, google_apps_domain='default', language=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')
Creates the URL at which the user can authorize this app to access. Args:   google_apps_domain: str (optional) If the user should be signing in       using an account under a known Google Apps domain, provide the       domain name ('example.com') here. If not provided, 'default'       will be used, and the user will be prompted to select an account       if they are signed in with a Google Account and Google Apps       accounts.   language: str (optional) An ISO 639 country code identifying what       language the approval page should be translated in (for example,       'en' for English). The default is the user's selected language.   btmpl: str (optional) Forces a mobile version of the approval page. The     only accepted value is 'mobile'.   auth_server: str (optional) The start of the token authorization web     page. Defaults to     'https://www.google.com/accounts/OAuthAuthorizeToken'

generate_authorization_url(self, google_apps_domain='default', language=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')
Creates the URL at which the user can authorize this app to access. Args:   google_apps_domain: str (optional) If the user should be signing in       using an account under a known Google Apps domain, provide the       domain name ('example.com') here. If not provided, 'default'       will be used, and the user will be prompted to select an account       if they are signed in with a Google Account and Google Apps       accounts.   language: str (optional) An ISO 639 country code identifying what       language the approval page should be translated in (for example,       'en' for English). The default is the user's selected language.   btmpl: str (optional) Forces a mobile version of the approval page. The     only accepted value is 'mobile'.   auth_server: str (optional) The start of the token authorization web     page. Defaults to     'https://www.google.com/accounts/OAuthAuthorizeToken'

Data descriptors inherited from OAuthHmacToken:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

class SecureAuthSubToken(AuthSubToken)


Method resolution order:

SecureAuthSubToken

AuthSubToken

__builtin__.object

Methods defined here:

ModifyRequest = modify_request(self, http_request)

__init__(self, token_string, rsa_private_key, scopes=None)

modify_request(self, http_request)
Sets the Authorization header and includes a digital signature. Calculates a digital signature using the private RSA key, a timestamp (uses now at the time this method is called) and a random nonce. Args:   http_request: The atom.http_core.HttpRequest which contains all of the       information needed to send a request to the remote server. The       URL and the method of the request must be already set and cannot be       changed after this token signs the request, or the signature will       not be valid.

Static methods defined here:

FromUrl = from_url(str_or_uri, rsa_private_key)
Creates a new SecureAuthSubToken using information in the URL. Uses auth_sub_string_from_url. Args:   str_or_uri: The current page's URL (as a str or atom.http_core.Uri)       which should contain a token query parameter since the Google auth       server redirected the user's browser to this URL.   rsa_private_key: str the private RSA key cert used to sign all requests       made with this token.

from_url(str_or_uri, rsa_private_key)
Creates a new SecureAuthSubToken using information in the URL. Uses auth_sub_string_from_url. Args:   str_or_uri: The current page's URL (as a str or atom.http_core.Uri)       which should contain a token query parameter since the Google auth       server redirected the user's browser to this URL.   rsa_private_key: str the private RSA key cert used to sign all requests       made with this token.

Data descriptors inherited from AuthSubToken:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

class TwoLeggedOAuthHmacToken(OAuthHmacToken)


Method resolution order:

TwoLeggedOAuthHmacToken

OAuthHmacToken

__builtin__.object

Methods defined here:

ModifyRequest = modify_request(self, http_request)

__init__(self, consumer_key, consumer_secret, requestor_id)

modify_request(self, http_request)
Sets the Authorization header in the HTTP request using the token. Calculates an HMAC signature using the information in the token to indicate that the request came from this application and that this application has permission to access a particular user's data using 2LO. Returns:   The same HTTP request object which was passed in.

Methods inherited from OAuthHmacToken:

GenerateAuthorizationUrl = generate_authorization_url(self, google_apps_domain='default', language=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')
Creates the URL at which the user can authorize this app to access. Args:   google_apps_domain: str (optional) If the user should be signing in       using an account under a known Google Apps domain, provide the       domain name ('example.com') here. If not provided, 'default'       will be used, and the user will be prompted to select an account       if they are signed in with a Google Account and Google Apps       accounts.   language: str (optional) An ISO 639 country code identifying what       language the approval page should be translated in (for example,       'en' for English). The default is the user's selected language.   btmpl: str (optional) Forces a mobile version of the approval page. The     only accepted value is 'mobile'.   auth_server: str (optional) The start of the token authorization web     page. Defaults to     'https://www.google.com/accounts/OAuthAuthorizeToken'

generate_authorization_url(self, google_apps_domain='default', language=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')
Creates the URL at which the user can authorize this app to access. Args:   google_apps_domain: str (optional) If the user should be signing in       using an account under a known Google Apps domain, provide the       domain name ('example.com') here. If not provided, 'default'       will be used, and the user will be prompted to select an account       if they are signed in with a Google Account and Google Apps       accounts.   language: str (optional) An ISO 639 country code identifying what       language the approval page should be translated in (for example,       'en' for English). The default is the user's selected language.   btmpl: str (optional) Forces a mobile version of the approval page. The     only accepted value is 'mobile'.   auth_server: str (optional) The start of the token authorization web     page. Defaults to     'https://www.google.com/accounts/OAuthAuthorizeToken'

Data descriptors inherited from OAuthHmacToken:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

Data and other attributes inherited from OAuthHmacToken:

SIGNATURE_METHOD = 'HMAC-SHA1'

class TwoLeggedOAuthRsaToken(OAuthRsaToken)


Method resolution order:

TwoLeggedOAuthRsaToken

OAuthRsaToken

OAuthHmacToken

__builtin__.object

Methods defined here:

ModifyRequest = modify_request(self, http_request)

__init__(self, consumer_key, rsa_private_key, requestor_id)

modify_request(self, http_request)
Sets the Authorization header in the HTTP request using the token. Calculates an RSA signature using the information in the token to indicate that the request came from this application and that this application has permission to access a particular user's data using 2LO. Returns:   The same HTTP request object which was passed in.

Data and other attributes inherited from OAuthRsaToken:

SIGNATURE_METHOD = 'RSA-SHA1'

Methods inherited from OAuthHmacToken:

GenerateAuthorizationUrl = generate_authorization_url(self, google_apps_domain='default', language=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')
Creates the URL at which the user can authorize this app to access. Args:   google_apps_domain: str (optional) If the user should be signing in       using an account under a known Google Apps domain, provide the       domain name ('example.com') here. If not provided, 'default'       will be used, and the user will be prompted to select an account       if they are signed in with a Google Account and Google Apps       accounts.   language: str (optional) An ISO 639 country code identifying what       language the approval page should be translated in (for example,       'en' for English). The default is the user's selected language.   btmpl: str (optional) Forces a mobile version of the approval page. The     only accepted value is 'mobile'.   auth_server: str (optional) The start of the token authorization web     page. Defaults to     'https://www.google.com/accounts/OAuthAuthorizeToken'

generate_authorization_url(self, google_apps_domain='default', language=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')
Creates the URL at which the user can authorize this app to access. Args:   google_apps_domain: str (optional) If the user should be signing in       using an account under a known Google Apps domain, provide the       domain name ('example.com') here. If not provided, 'default'       will be used, and the user will be prompted to select an account       if they are signed in with a Google Account and Google Apps       accounts.   language: str (optional) An ISO 639 country code identifying what       language the approval page should be translated in (for example,       'en' for English). The default is the user's selected language.   btmpl: str (optional) Forces a mobile version of the approval page. The     only accepted value is 'mobile'.   auth_server: str (optional) The start of the token authorization web     page. Defaults to     'https://www.google.com/accounts/OAuthAuthorizeToken'

Data descriptors inherited from OAuthHmacToken:

__dict__

dictionary for instance variables (if defined)

__weakref__

list of weak references to the object (if defined)

class UnsupportedTokenType(Error)

    Raised when token to or from blob is unable to convert the token.

Method resolution order:

UnsupportedTokenType

Error

exceptions.Exception

exceptions.BaseException

__builtin__.object

Data descriptors inherited from Error:

__weakref__

list of weak references to the object (if defined)

Methods inherited from exceptions.Exception:

__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

Data and other attributes inherited from exceptions.Exception:

__new__ = <built-in method __new__ of type object>
T.__new__(S, ...) -> a new object with type S, a subtype of T

Methods inherited from exceptions.BaseException:

__delattr__(...)
x.__delattr__('name') <==> del x.name

__getattribute__(...)
x.__getattribute__('name') <==> x.name

__getitem__(...)
x.__getitem__(y) <==> x[y]

__getslice__(...)
x.__getslice__(i, j) <==> x[i:j] Use of negative indices is not supported.

__reduce__(...)

__repr__(...)
x.__repr__() <==> repr(x)

__setattr__(...)
x.__setattr__('name', value) <==> x.name = value

__setstate__(...)

__str__(...)
x.__str__() <==> str(x)

__unicode__(...)

Data descriptors inherited from exceptions.BaseException:

__dict__

args

message

Functions


AeDelete = ae_delete(token_key)
Removes the token object from the App Engine datastore.

AeLoad = ae_load(token_key)
Retrieves a token object from the App Engine datastore. This is a convenience method for using the library with App Engine. See also ae_save. Args:   token_key: str The unique key associated with the desired token when it              was saved using ae_save. Returns:   A token object if there was a token associated with the token_key or None   if the key could not be found.

AeSave = ae_save(token, token_key)
Stores an auth token in the App Engine datastore. This is a convenience method for using the library with App Engine. Recommended usage is to associate the auth token with the current_user. If a user is signed in to the app using the App Engine users API, you can use gdata.gauth.ae_save(some_token, users.get_current_user().user_id()) If you are not using the Users API you are free to choose whatever string you would like for a token_string. Args:   token: an auth token object. Must be one of ClientLoginToken,          AuthSubToken, SecureAuthSubToken, OAuthRsaToken, or OAuthHmacToken          (see token_to_blob).   token_key: str A unique identified to be used when you want to retrieve              the token. If the user is signed in to App Engine using the              users API, I recommend using the user ID for the token_key:              users.get_current_user().user_id()

AuthSubStringFromUrl = auth_sub_string_from_url(url, scopes_param_prefix='auth_sub_scopes')
Finds the token string (and scopes) after the browser is redirected. After the Google Accounts AuthSub pages redirect the user's broswer back to the web application (using the 'next' URL from the request) the web app must extract the token from the current page's URL. The token is provided as a URL parameter named 'token' and if generate_auth_sub_url was used to create the request, the token's valid scopes are included in a URL parameter whose name is specified in scopes_param_prefix. Args:   url: atom.url.Url or str representing the current URL. The token value        and valid scopes should be included as URL parameters.   scopes_param_prefix: str (optional) The URL parameter key which maps to                        the list of valid scopes for the token. Returns:   A tuple containing the token value as a string, and a tuple of scopes   (as atom.http_core.Uri objects) which are URL prefixes under which this   token grants permission to read and write user data.   (token_string, (scope_uri, scope_uri, scope_uri, ...))   If no scopes were included in the URL, the second value in the tuple is   None. If there was no token param in the url, the tuple returned is   (None, None)

AuthorizeRequestToken = authorize_request_token(request_token, url)
Adds information to request token to allow it to become an access token. Modifies the request_token object passed in by setting and unsetting the necessary fields to allow this token to form a valid upgrade request. Args:   request_token: The OAuth request token which has been authorized by the       user. In order for this token to be upgraded to an access token,       certain fields must be extracted from the URL and added to the token       so that they can be passed in an upgrade-token request.   url: The URL of the current page which the user's browser was redirected       to after they authorized access for the app. This function extracts       information from the URL which is needed to upgraded the token from       a request token to an access token. Returns:   The same token object which was passed in.

FindScopesForServices = find_scopes_for_services(service_names=None)
Creates a combined list of scope URLs for the desired services. This method searches the AUTH_SCOPES dictionary. Args:   service_names: list of strings (optional) Each name must be a key in the                  AUTH_SCOPES dictionary. If no list is provided (None) then                  the resulting list will contain all scope URLs in the                  AUTH_SCOPES dict. Returns:   A list of URL strings which are the scopes needed to access these services   when requesting a token using AuthSub or OAuth.

GenerateClientLoginRequestBody = generate_client_login_request_body(email, password, service, source, account_type='HOSTED_OR_GOOGLE', captcha_token=None, captcha_response=None)
Creates the body of the autentication request See http://code.google.com/apis/accounts/AuthForInstalledApps.html#Request for more details. Args:   email: str   password: str   service: str   source: str   account_type: str (optional) Defaul is 'HOSTED_OR_GOOGLE', other valid       values are 'GOOGLE' and 'HOSTED'   captcha_token: str (optional)   captcha_response: str (optional) Returns:   The HTTP body to send in a request for a client login token.

GetCaptchaChallenge = get_captcha_challenge(http_body, captcha_base_url='http://www.google.com/accounts/')
Returns the URL and token for a CAPTCHA challenge issued by the server. Args:   http_body: str The body of the HTTP response from the server which       contains the CAPTCHA challenge.   captcha_base_url: str This function returns a full URL for viewing the       challenge image which is built from the server's response. This       base_url is used as the beginning of the URL because the server       only provides the end of the URL. For example the server provides       'Captcha?ctoken=Hi...N' and the URL for the image is       'http://www.google.com/accounts/Captcha?ctoken=Hi...N' Returns:   A dictionary containing the information needed to repond to the CAPTCHA   challenge, the image URL and the ID token of the challenge. The   dictionary is in the form:   {'token': string identifying the CAPTCHA image,    'url': string containing the URL of the image}   Returns None if there was no CAPTCHA challenge in the response.

GetClientLoginTokenString = get_client_login_token_string(http_body)
Returns the token value for a ClientLoginToken. Reads the token from the server's response to a Client Login request and creates the token value string to use in requests. Args:   http_body: str The body of the server's HTTP response to a Client Login       request Returns:   The token value string for a ClientLoginToken.

TokenFromBlob = token_from_blob(blob)
Deserializes a token string from the datastore back into a token object. Supported token classes: ClientLoginToken, AuthSubToken, SecureAuthSubToken, OAuthRsaToken, and OAuthHmacToken, TwoLeggedOAuthRsaToken, TwoLeggedOAuthHmacToken and OAuth2Token. Args:   blob: string created by token_to_blob. Raises:   UnsupportedTokenType if the token is not one of the supported token   classes listed above. Returns:   A new token object with members set to the values serialized in the   blob string. Note that any members which were set to '' in the original   token will now be None.

TokenToBlob = token_to_blob(token)
Serializes the token data as a string for storage in a datastore. Supported token classes: ClientLoginToken, AuthSubToken, SecureAuthSubToken, OAuthRsaToken, and OAuthHmacToken, TwoLeggedOAuthRsaToken, TwoLeggedOAuthHmacToken and OAuth2Token. Args:   token: A token object which must be of one of the supported token classes. Raises:   UnsupportedTokenType if the token is not one of the supported token   classes listed above. Returns:   A string represenging this token. The string can be converted back into   an equivalent token object using token_from_blob. Note that any members   which are set to '' will be set to None when the token is deserialized   by token_from_blob.

UpgradeToAccessToken = upgrade_to_access_token(request_token, server_response_body)
Extracts access token information from response to an upgrade request. Once the server has responded with the new token info for the OAuth access token, this method modifies the request_token to set and unset necessary fields to create valid OAuth authorization headers for requests. Args:   request_token: An OAuth token which this function modifies to allow it       to be used as an access token.   server_response_body: str The server's response to an OAuthAuthorizeToken       request. This should contain the new token and token_secret which       are used to generate the signature and parameters of the Authorization       header in subsequent requests to Google Data APIs. Returns:   The same token object which was passed in.

ae_delete(token_key)
Removes the token object from the App Engine datastore.

ae_load(token_key)
Retrieves a token object from the App Engine datastore. This is a convenience method for using the library with App Engine. See also ae_save. Args:   token_key: str The unique key associated with the desired token when it              was saved using ae_save. Returns:   A token object if there was a token associated with the token_key or None   if the key could not be found.

ae_save(token, token_key)
Stores an auth token in the App Engine datastore. This is a convenience method for using the library with App Engine. Recommended usage is to associate the auth token with the current_user. If a user is signed in to the app using the App Engine users API, you can use gdata.gauth.ae_save(some_token, users.get_current_user().user_id()) If you are not using the Users API you are free to choose whatever string you would like for a token_string. Args:   token: an auth token object. Must be one of ClientLoginToken,          AuthSubToken, SecureAuthSubToken, OAuthRsaToken, or OAuthHmacToken          (see token_to_blob).   token_key: str A unique identified to be used when you want to retrieve              the token. If the user is signed in to App Engine using the              users API, I recommend using the user ID for the token_key:              users.get_current_user().user_id()

auth_sub_string_from_body(http_body)
Extracts the AuthSub token from an HTTP body string. Used to find the new session token after making a request to upgrade a single use AuthSub token. Args:   http_body: str The repsonse from the server which contains the AuthSub       key. For example, this function would find the new session token       from the server's response to an upgrade token request. Returns:   The raw token value string to use in an AuthSubToken object.

auth_sub_string_from_url(url, scopes_param_prefix='auth_sub_scopes')
Finds the token string (and scopes) after the browser is redirected. After the Google Accounts AuthSub pages redirect the user's broswer back to the web application (using the 'next' URL from the request) the web app must extract the token from the current page's URL. The token is provided as a URL parameter named 'token' and if generate_auth_sub_url was used to create the request, the token's valid scopes are included in a URL parameter whose name is specified in scopes_param_prefix. Args:   url: atom.url.Url or str representing the current URL. The token value        and valid scopes should be included as URL parameters.   scopes_param_prefix: str (optional) The URL parameter key which maps to                        the list of valid scopes for the token. Returns:   A tuple containing the token value as a string, and a tuple of scopes   (as atom.http_core.Uri objects) which are URL prefixes under which this   token grants permission to read and write user data.   (token_string, (scope_uri, scope_uri, scope_uri, ...))   If no scopes were included in the URL, the second value in the tuple is   None. If there was no token param in the url, the tuple returned is   (None, None)

authorize_request_token(request_token, url)
Adds information to request token to allow it to become an access token. Modifies the request_token object passed in by setting and unsetting the necessary fields to allow this token to form a valid upgrade request. Args:   request_token: The OAuth request token which has been authorized by the       user. In order for this token to be upgraded to an access token,       certain fields must be extracted from the URL and added to the token       so that they can be passed in an upgrade-token request.   url: The URL of the current page which the user's browser was redirected       to after they authorized access for the app. This function extracts       information from the URL which is needed to upgraded the token from       a request token to an access token. Returns:   The same token object which was passed in.

build_auth_sub_data(http_request, timestamp, nonce)
Creates the data string which must be RSA-signed in secure requests. For more details see the documenation on secure AuthSub requests: http://code.google.com/apis/accounts/docs/AuthSub.html#signingrequests Args:   http_request: The request being made to the server. The Request's URL       must be complete before this signature is calculated as any changes       to the URL will invalidate the signature.   nonce: str Random 64-bit, unsigned number encoded as an ASCII string in       decimal format. The nonce/timestamp pair should always be unique to       prevent replay attacks.   timestamp: Integer representing the time the request is sent. The       timestamp should be expressed in number of seconds after January 1,       1970 00:00:00 GMT.

build_oauth_base_string(http_request, consumer_key, nonce, signaure_type, timestamp, version, next='oob', token=None, verifier=None)
Generates the base string to be signed in the OAuth request. Args:   http_request: The request being made to the server. The Request's URL       must be complete before this signature is calculated as any changes       to the URL will invalidate the signature.   consumer_key: Domain identifying the third-party web application. This is       the domain used when registering the application with Google. It       identifies who is making the request on behalf of the user.   nonce: Random 64-bit, unsigned number encoded as an ASCII string in decimal       format. The nonce/timestamp pair should always be unique to prevent       replay attacks.   signaure_type: either RSA_SHA1 or HMAC_SHA1   timestamp: Integer representing the time the request is sent. The       timestamp should be expressed in number of seconds after January 1,       1970 00:00:00 GMT.   version: The OAuth version used by the requesting web application. This       value must be '1.0' or '1.0a'. If not provided, Google assumes version       1.0 is in use.   next: The URL the user should be redirected to after granting access       to a Google service(s). It can include url-encoded query parameters.       The default value is 'oob'. (This is the oauth_callback.)   token: The string for the OAuth request token or OAuth access token.   verifier: str Sent as the oauth_verifier and required when upgrading a       request token to an access token.

dump_tokens(tokens)

find_scopes_for_services(service_names=None)
Creates a combined list of scope URLs for the desired services. This method searches the AUTH_SCOPES dictionary. Args:   service_names: list of strings (optional) Each name must be a key in the                  AUTH_SCOPES dictionary. If no list is provided (None) then                  the resulting list will contain all scope URLs in the                  AUTH_SCOPES dict. Returns:   A list of URL strings which are the scopes needed to access these services   when requesting a token using AuthSub or OAuth.

generate_auth_header(consumer_key, timestamp, nonce, signature_type, signature, version='1.0', next=None, token=None, verifier=None)
Builds the Authorization header to be sent in the request. Args:   consumer_key: Identifies the application making the request (str).   timestamp:   nonce:   signature_type: One of either HMAC_SHA1 or RSA_SHA1   signature: The HMAC or RSA signature for the request as a base64       encoded string.   version: The version of the OAuth protocol that this request is using.       Default is '1.0'   next: The URL of the page that the user's browser should be sent to       after they authorize the token. (Optional)   token: str The OAuth token value to be used in the oauth_token parameter       of the header.   verifier: str The OAuth verifier which must be included when you are       upgrading a request token to an access token.

generate_auth_sub_url(next, scopes, secure=False, session=True, request_url=<atom.http_core.Uri object>, domain='default', scopes_param_prefix='auth_sub_scopes')
Constructs a URI for requesting a multiscope AuthSub token. The generated token will contain a URL parameter to pass along the requested scopes to the next URL. When the Google Accounts page redirects the broswser to the 'next' URL, it appends the single use AuthSub token value to the URL as a URL parameter with the key 'token'. However, the information about which scopes were requested is not included by Google Accounts. This method adds the scopes to the next URL before making the request so that the redirect will be sent to a page, and both the token value and the list of scopes for which the token was requested. Args:   next: atom.http_core.Uri or string The URL user will be sent to after         authorizing this web application to access their data.   scopes: list containint strings or atom.http_core.Uri objects. The URLs           of the services to be accessed. Could also be a single string           or single atom.http_core.Uri for requesting just one scope.   secure: boolean (optional) Determines whether or not the issued token           is a secure token.   session: boolean (optional) Determines whether or not the issued token            can be upgraded to a session token.   request_url: atom.http_core.Uri or str The beginning of the request URL.                This is normally                'http://www.google.com/accounts/AuthSubRequest' or                '/accounts/AuthSubRequest'   domain: The domain which the account is part of. This is used for Google           Apps accounts, the default value is 'default' which means that           the requested account is a Google Account (@gmail.com for           example)   scopes_param_prefix: str (optional) The requested scopes are added as a                        URL parameter to the next URL so that the page at                        the 'next' URL can extract the token value and the                        valid scopes from the URL. The key for the URL                        parameter defaults to 'auth_sub_scopes' Returns:   An atom.http_core.Uri which the user's browser should be directed to in   order to authorize this application to access their information.

generate_client_login_request_body(email, password, service, source, account_type='HOSTED_OR_GOOGLE', captcha_token=None, captcha_response=None)
Creates the body of the autentication request See http://code.google.com/apis/accounts/AuthForInstalledApps.html#Request for more details. Args:   email: str   password: str   service: str   source: str   account_type: str (optional) Defaul is 'HOSTED_OR_GOOGLE', other valid       values are 'GOOGLE' and 'HOSTED'   captcha_token: str (optional)   captcha_response: str (optional) Returns:   The HTTP body to send in a request for a client login token.

generate_hmac_signature(http_request, consumer_key, consumer_secret, timestamp, nonce, version, next='oob', token=None, token_secret=None, verifier=None)

generate_oauth_authorization_url(token, next=None, hd='default', hl=None, btmpl=None, auth_server='https://www.google.com/accounts/OAuthAuthorizeToken')
Creates a URL for the page where the request token can be authorized. Args:   token: str The request token from the OAuth server.   next: str (optional) URL the user should be redirected to after granting       access to a Google service(s). It can include url-encoded query       parameters.   hd: str (optional) Identifies a particular hosted domain account to be       accessed (for example, 'mycollege.edu'). Uses 'default' to specify a       regular Google account ('username@gmail.com').   hl: str (optional) An ISO 639 country code identifying what language the       approval page should be translated in (for example, 'hl=en' for       English). The default is the user's selected language.   btmpl: str (optional) Forces a mobile version of the approval page. The       only accepted value is 'mobile'.   auth_server: str (optional) The start of the token authorization web       page. Defaults to       'https://www.google.com/accounts/OAuthAuthorizeToken' Returns:   An atom.http_core.Uri pointing to the token authorization page where the   user may allow or deny this app to access their Google data.

generate_request_for_access_token(request_token, auth_server_url='https://www.google.com/accounts/OAuthGetAccessToken')
Creates a request to ask the OAuth server for an access token. Requires a request token which the user has authorized. See the documentation on OAuth with Google Data for more details: http://code.google.com/apis/accounts/docs/OAuth.html#AccessToken Args:   request_token: An OAuthHmacToken or OAuthRsaToken which the user has       approved using their browser.   auth_server_url: (optional) The URL at which the OAuth access token is       requested. Defaults to       https://www.google.com/accounts/OAuthGetAccessToken Returns:   A new HttpRequest object which can be sent to the OAuth server to   request an OAuth Access Token.

generate_request_for_request_token(consumer_key, signature_type, scopes, rsa_key=None, consumer_secret=None, auth_server_url='https://www.google.com/accounts/OAuthGetRequestToken', next='oob', version='1.0')
Creates request to be sent to auth server to get an OAuth request token. Args:   consumer_key:   signature_type: either RSA_SHA1 or HMAC_SHA1. The rsa_key must be       provided if the signature type is RSA but if the signature method       is HMAC, the consumer_secret must be used.   scopes: List of URL prefixes for the data which we want to access. For       example, to request access to the user's Blogger and Google Calendar       data, we would request       ['http://www.blogger.com/feeds/',        'https://www.google.com/calendar/feeds/',        'http://www.google.com/calendar/feeds/']   rsa_key: Only used if the signature method is RSA_SHA1.   consumer_secret: Only used if the signature method is HMAC_SHA1.   auth_server_url: The URL to which the token request should be directed.       Defaults to 'https://www.google.com/accounts/OAuthGetRequestToken'.   next: The URL of the page that the user's browser should be sent to       after they authorize the token. (Optional)   version: The OAuth version used by the requesting web application.       Defaults to '1.0a' Returns:   An atom.http_core.HttpRequest object with the URL, Authorization header   and body filled in.

generate_rsa_signature(http_request, consumer_key, rsa_key, timestamp, nonce, version, next='oob', token=None, token_secret=None, verifier=None)

generate_signature(data, rsa_key)
Signs the data string for a secure AuthSub request.

get_captcha_challenge(http_body, captcha_base_url='http://www.google.com/accounts/')
Returns the URL and token for a CAPTCHA challenge issued by the server. Args:   http_body: str The body of the HTTP response from the server which       contains the CAPTCHA challenge.   captcha_base_url: str This function returns a full URL for viewing the       challenge image which is built from the server's response. This       base_url is used as the beginning of the URL because the server       only provides the end of the URL. For example the server provides       'Captcha?ctoken=Hi...N' and the URL for the image is       'http://www.google.com/accounts/Captcha?ctoken=Hi...N' Returns:   A dictionary containing the information needed to repond to the CAPTCHA   challenge, the image URL and the ID token of the challenge. The   dictionary is in the form:   {'token': string identifying the CAPTCHA image,    'url': string containing the URL of the image}   Returns None if there was no CAPTCHA challenge in the response.

get_client_login_token_string(http_body)
Returns the token value for a ClientLoginToken. Reads the token from the server's response to a Client Login request and creates the token value string to use in requests. Args:   http_body: str The body of the server's HTTP response to a Client Login       request Returns:   The token value string for a ClientLoginToken.

hmac_token_from_body(http_body, consumer_key, consumer_secret, auth_state)

load_tokens(blob)

oauth_token_info_from_body(http_body)
Exracts an OAuth request token from the server's response. Returns:   A tuple of strings containing the OAuth token and token secret. If   neither of these are present in the body, returns (None, None)

oauth_token_info_from_url(url)
Exracts an OAuth access token from the redirected page's URL. Returns:   A tuple of strings containing the OAuth token and the OAuth verifier which   need to sent when upgrading a request token to an access token.

rsa_token_from_body(http_body, consumer_key, rsa_private_key, auth_state)

token_from_blob(blob)
Deserializes a token string from the datastore back into a token object. Supported token classes: ClientLoginToken, AuthSubToken, SecureAuthSubToken, OAuthRsaToken, and OAuthHmacToken, TwoLeggedOAuthRsaToken, TwoLeggedOAuthHmacToken and OAuth2Token. Args:   blob: string created by token_to_blob. Raises:   UnsupportedTokenType if the token is not one of the supported token   classes listed above. Returns:   A new token object with members set to the values serialized in the   blob string. Note that any members which were set to '' in the original   token will now be None.

token_to_blob(token)
Serializes the token data as a string for storage in a datastore. Supported token classes: ClientLoginToken, AuthSubToken, SecureAuthSubToken, OAuthRsaToken, and OAuthHmacToken, TwoLeggedOAuthRsaToken, TwoLeggedOAuthHmacToken and OAuth2Token. Args:   token: A token object which must be of one of the supported token classes. Raises:   UnsupportedTokenType if the token is not one of the supported token   classes listed above. Returns:   A string represenging this token. The string can be converted back into   an equivalent token object using token_from_blob. Note that any members   which are set to '' will be set to None when the token is deserialized   by token_from_blob.

upgrade_to_access_token(request_token, server_response_body)
Extracts access token information from response to an upgrade request. Once the server has responded with the new token info for the OAuth access token, this method modifies the request_token to set and unset necessary fields to create valid OAuth authorization headers for requests. Args:   request_token: An OAuth token which this function modifies to allow it       to be used as an access token.   server_response_body: str The server's response to an OAuthAuthorizeToken       request. This should contain the new token and token_secret which       are used to generate the signature and parameters of the Authorization       header in subsequent requests to Google Data APIs. Returns:   The same token object which was passed in.

Data

ACCESS_TOKEN = 3
ACCESS_TOKEN_URL = 'https://www.google.com/accounts/OAuthGetAccessToken'
AUTHORIZED_REQUEST_TOKEN = 2
AUTHSUB_AUTH_LABEL = 'AuthSub token='
AUTH_SCOPES = {'analytics': ('https://www.google.com/analytics/feeds/',), 'apps': ('https://apps-apis.google.com/a/feeds/user/', 'https://apps-apis.google.com/a/feeds/policies/', 'https://apps-apis.google.com/a/feeds/alias/', 'https://apps-apis.google.com/a/feeds/groups/', 'https://apps-apis.google.com/a/feeds/compliance/audit/', 'https://apps-apis.google.com/a/feeds/migration/', 'https://apps-apis.google.com/a/feeds/emailsettings/2.0/'), 'blogger': ('http://www.blogger.com/feeds/',), 'books': ('http://www.google.com/books/feeds/',), 'cl': ('https://www.google.com/calendar/feeds/', 'http://www.google.com/calendar/feeds/'), 'code': ('http://code.google.com/feeds/issues',), 'codesearch': ('http://www.google.com/codesearch/feeds/',), 'cp': ('https://www.google.com/m8/feeds/', 'http://www.google.com/m8/feeds/'), 'finance': ('http://finance.google.com/finance/feeds/',), 'gbase': ('http://base.google.com/base/feeds/', 'http://www.google.com/base/feeds/'), ...}
DEFAULT_DOMAIN = 'default'
HMAC_SHA1 = 'HMAC-SHA1'
OAUTH2_AUTH_LABEL = 'Bearer '
OAUTH_AUTHORIZE_URL = 'https://www.google.com/accounts/OAuthAuthorizeToken'
PROGRAMMATIC_AUTH_LABEL = 'GoogleLogin auth='
REQUEST_TOKEN = 1
REQUEST_TOKEN_URL = 'https://www.google.com/accounts/OAuthGetRequestToken'
RSA_SHA1 = 'RSA-SHA1'
__author__ = 'j.s@google.com (Jeff Scudder)'

Author

j.s@google.com (Jeff Scudder)

Data
		ACCESS_TOKEN = 3 ACCESS_TOKEN_URL = 'https://www.google.com/accounts/OAuthGetAccessToken' AUTHORIZED_REQUEST_TOKEN = 2 AUTHSUB_AUTH_LABEL = 'AuthSub token=' AUTH_SCOPES = {'analytics': ('https://www.google.com/analytics/feeds/',), 'apps': ('https://apps-apis.google.com/a/feeds/user/', 'https://apps-apis.google.com/a/feeds/policies/', 'https://apps-apis.google.com/a/feeds/alias/', 'https://apps-apis.google.com/a/feeds/groups/', 'https://apps-apis.google.com/a/feeds/compliance/audit/', 'https://apps-apis.google.com/a/feeds/migration/', 'https://apps-apis.google.com/a/feeds/emailsettings/2.0/'), 'blogger': ('http://www.blogger.com/feeds/',), 'books': ('http://www.google.com/books/feeds/',), 'cl': ('https://www.google.com/calendar/feeds/', 'http://www.google.com/calendar/feeds/'), 'code': ('http://code.google.com/feeds/issues',), 'codesearch': ('http://www.google.com/codesearch/feeds/',), 'cp': ('https://www.google.com/m8/feeds/', 'http://www.google.com/m8/feeds/'), 'finance': ('http://finance.google.com/finance/feeds/',), 'gbase': ('http://base.google.com/base/feeds/', 'http://www.google.com/base/feeds/'), ...} DEFAULT_DOMAIN = 'default' HMAC_SHA1 = 'HMAC-SHA1' OAUTH2_AUTH_LABEL = 'Bearer ' OAUTH_AUTHORIZE_URL = 'https://www.google.com/accounts/OAuthAuthorizeToken' PROGRAMMATIC_AUTH_LABEL = 'GoogleLogin auth=' REQUEST_TOKEN = 1 REQUEST_TOKEN_URL = 'https://www.google.com/accounts/OAuthGetRequestToken' RSA_SHA1 = 'RSA-SHA1' __author__ = 'j.s@google.com (Jeff Scudder)'