Authentication¶
Two authentication methods are supported:
- Token authentication (
TokenAuthentication
) - OAuth authentication (
OAuthAuthentication
)
Token authentication¶
Token authentication is the simplest form of authentication. In the MoneyBird application a token can be generated,
which you can pass to your TokenAuthentication
instance.
Token authentication is useful when your application only accesses a single MoneyBird administration. Token authentication is not recommended when you want to access multiple administrations, especially not when you access administrations belonging to users of your application. Please use OAuth authentication instead.
from moneybird import TokenAuthentication
auth = TokenAuthentication('my_moneybird_token')
Warning
Never include your token in your source code since this token can be (mis)used to access your MoneyBird account!
I recommend to pass your token to your application using a local configuration file, or even better, an environment variable.
OAuth authentication¶
OAuth authentication can be used when your application accesses multiple administrations. Using OAuth, the user authorizes your application using a secure process. OAuth requires interaction with the user to work.
This documentation assumes that the reader has a sufficient knowledge of the OAuth technology and the processes related to it.
Details about the MoneyBird OAuth implementation can be found here.
Prerequisites¶
For OAuth authentication your application has to be registered in MoneyBird. MoneyBird will provide you with a client id and a client secret. Both these values are required by the OAuth authentication implementation.
Warning
Never include your client id and/or client secret in your source code!
The OAuth authentication can be set up as follows:
from moneybird import OAuthAuthentication
auth = OAuthAuthentication(
redirect_url='https://yoursite.example.com/oauth/callback/',
client_id='your_client_id',
client_secret='your_client_secret',
)
Requesting authorization¶
Before you can do any API calls, an access token needs to be obtained. This can be done by redirecting the user to the
authorize url. This url can be obtained using OAuthAuthentication.authorize_url()
.
The response from MoneyBird can be processed and exchanged for an access token using
OAuthAuthentication.obtain_token()
.
Authenticating a user¶
When an access token has been obtained this token can be used to perform API calls. The OAuthAuthentication
instance can be (re)used, or the obtained token can be used with a new TokenAuthentication
instance.
from moneybird import MoneyBird, OAuthAuthentication
auth = OAuthAuthentication(
redirect_url='https://yoursite.example.com/oauth/callback/',
client_id='your_client_id',
client_secret='your_client_secret',
)
auth.obtain_token('https://yoursite.example.com/oauth/callback/?code=any&state=random_string', 'random_string')
moneybird = MoneyBird(auth)
from moneybird import MoneyBird, OAuthAuthentication
auth = OAuthAuthentication(
redirect_url='https://yoursite.example.com/oauth/callback/',
client_id='your_client_id',
client_secret='your_client_secret',
)
access_token = auth.obtain_token('https://yoursite.example.com/oauth/callback/?code=any&state=random_string', 'random_string')
moneybird = MoneyBird(TokenAuthentication(access_token))
The access token can be stored for later use. At the moment of writing MoneyBird access tokens do not expire. However, a user might remove the authorization for the token, making the API inaccessible using the token.
For convenience, OAuthAuthentication.__init__()
also acceps an auth_token
parameter. This enables you
to always use an OAuthAuthentication
instance regardless of whether you already have a token or not.
Internal API¶
-
class
moneybird.authentication.
Authentication
[source]¶ Bases:
object
Base class for authentication implementations.
-
class
moneybird.authentication.
OAuthAuthentication
(redirect_url: str, client_id: str, client_secret: str, auth_token: str = '')[source]¶ Bases:
moneybird.authentication.Authentication
OAuth authentication for the MoneyBird API.
This is a wrapper around TokenAuthentication since token authentication is used after the OAuth process has been performed. This authentication method cannot be used directly, some work is required since the user has to perform a number of actions before a token can be obtained.
Parameters: - redirect_url – The URL to redirect to after successful authorization
- client_id – The OAuth client id obtained from MoneyBird
- client_secret – The OAuth client secret obtained from MoneyBird
- auth_token – The optional token from an earlier authorization
-
exception
OAuthError
(error_code: str, description: str = None)[source]¶ Bases:
Exception
Exception for OAuth protocol errors.
Returns the URL to which the user can be redirected to authorize your application to access his/her account and the state which can be used for CSRF protection as a tuple.
- Example:
>>> auth = OAuthAuthentication('https://example.com/oauth/moneybird/', 'your_id', 'your_secret') >>> auth.authorize_url() ('https://moneybird.com/oauth/authorize?client_id=your_id&redirect_uri=https%3A%2F%2Fexample.com%2Flogin%2F moneybird&state=random_string', 'random_string')
Parameters: - scope – The requested scope
- state – Optional state, when omitted a random value is generated
Returns: 2-tuple containing the URL to redirect the user to and the randomly generated state
-
OAuthAuthentication.
obtain_token
(redirect_url: str, state: str) → str[source]¶ Exchange the code obtained using authorize_url for an authorization token.
- Example:
>>> auth = OAuthAuthentication('https://example.com/oauth/moneybird/', 'your_id', 'your_secret') >>> auth.obtain_token('https://example.com/oauth/moneybird/?code=any&state=random_string', 'random_string') 'token_for_auth' >>> auth.is_ready() True
Parameters: - redirect_url – The full URL the user was redirected to
- state – The state used in the authorize url
Returns: The authorization token
-
class
moneybird.authentication.
TokenAuthentication
(auth_token: str = '')[source]¶ Bases:
moneybird.authentication.Authentication
Token authentication for the MoneyBird API.
Parameters: auth_token – The authentication token to use.