Honestly, I don't know! I only use OAuth 2 for one project, and that used to use the google-api-python-client, which especially at the time was a dependency jumbo pack. I've used custom code ever since, so have never really used a library for it! Been tempted to create one though, just a simple lightweight thing, though many others probably exist.
@@Carberra Thank you. I'm in the middle of my first PKCE implementation, and I'm also going the write-your-own route. I'm interfacing with AWS Cognito, and I've been surprised at the lack of tutorial videos on the subject. Thanks again, your content helped me!
The json module has a "load" method to read a json file directly. There is no need to use either OS or Pathlib to load the json file. 😜 # Typical usage: with ("secrets.json", "r") as file: secrets = json.load(file)
I prefer Pathlib for all file-system operations because it's a lot easier to handle exceptions, relative/absolute conversions, and most importantly one-line code for read/write operations.
@@yibowei9636 I might argue that using the "with" keyword (context manager) is more "Pythonic". 🐍🐍🐍 If handling exception/s is required, I tend to use the following: try: with open(file, "r") as file: # do something json.load(file) except IOError as ioe: print(ioe) except Exception as e: print(e)
Great explanation. It will improve my access/refresh handling! I wrote an ugly selenium script to automate the authorize part. For my application the access/refresh tokens are very shortlived. Have you (or anybody) thought about automating the authorization part?
Thanks! As far as I know the authorisation part is designed specifically so it can't be automated. I don't know if anyone's managed it, but I tried once and couldn't manage it. I didn't try anything with Selenium though.
I think Selenium is kind of last resort to hack the unhackable. I don't think it will be resistant to changes on the website. But for now it avoids many clicks...There might me more maintable options than Selenium. But my knowledge here is limited...
Dunno... It's good to learn about these things but I don't think I'd ever be comfortable writing security critical things like this myself. There's a long, careful academic / peer / deployment process the libraries go through that I just couldn't duplicate on my own. Nah, I'd never get above 99.9% confident there wasn't a hidden exploit and that's just not good enough... On this sort of thing I'm going to be risk adverse and use a library all day long.
