[Django]-Oauth for Google API example using Python / Django

This work for me.

def login(request):
     consumer_key    =   'blabla'
     consumer_secret =   'blabla'
     callback = request.GET['callback']
     request_token_url = 'https://api.linkedin.com/uas/oauth/requestToken'
     authorize_url =     'https://api.linkedin.com/uas/oauth/authorize'
     access_token_url =  'https://api.linkedin.com/uas/oauth/accessToken'
     consumer = oauth.Consumer(consumer_key, consumer_secret)

     if ('oauth_verifier' not in request.GET):
       client = oauth.Client(consumer)
       body = 'oauth_callback=http://shofin.com/login?callback='+callback+"&placeId="+request.GET[placeId]
       resp,content = client.request(request_token_url,"POST",headers={'Content-Type':'application/x-www-form-urlencoded'},body=body)
       request_token = dict(urlparse.parse_qsl(content))
       loginUrl = authorize_url+"?oauth_token="+request_token['oauth_token']
       cache.set(request_token['oauth_token'],request_token['oauth_token_secret'])
       return HttpResponseRedirect(loginUrl)

     elif request.GET['oauth_verifier']:
       token = oauth.Token(request.GET['oauth_token'],cache.get(request.GET['oauth_token']))
       token.set_verifier(request.GET['oauth_verifier'])
       client = oauth.Client(consumer, token)
       resp,content = client.request(access_token_url,"POST",{})
       access_token = dict(urlparse.parse_qsl(content))
       token = oauth.Token(key=access_token['oauth_token'], secret=access_token['oauth_token_secret'])

       client = oauth.Client(consumer, token)
       resp,json = client.request("http://api.linkedin.com/v1/people/~?format=json")
       return render_to_response(callback,{'placeId':request.GET['placeId'],'userId':userId,'folkId':folkId)

Have you tried the official gdata python api ?
It ships with an oauth client and hides the complexity of oauth calls.
http://code.google.com/p/gdata-python-client/

This may be the answer.

When calling OAuthGetRequestToken you sign the base_string with your consumer_secret followed by an & (ampersand)

When calling OAuthGetAccessToken you sign the base_string with your consumer_secret followed by an & (ampersand) followed by token_secret.

You would sign the base_string using (consumer_secret + “&”) for OAuthGetRequestToken and
you would sign the base_string using (consumer_secret + “&” + token_secret) for OAuthGetAccessToken

http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iii-security-architecture/
In the PLAINTEXT and HMAC-SHA1 methods, the shared secret is the combination of the Consumer Secret and Token Secret.

Tornado has working code for Google oauth. Check it out here. google auth. I ‘ve used it and worked pretty well out of the box. All you need to do is pluck out the class and carefully put it into a django view.

PS: Tornado makes use of async module for the user to return. Since you are using django you need to rely on some get variable to identify that a user has just granted access to your application.

IIRC Google oauth is not quite following the standard, you have to specify what service you’re requesting for (look at the examples provided in the google docs) in the request as an additional parameter, or it won’t work.