I haven't seen any Python specific implementations so I thought I'd share. The only requirement is [url=http://docs.python-requests.org/en/latest/]requests[/url]. If you don't yet have it I highly recommend it.
The two links we need are:
BUNGIE_SIGNIN_URI = "https://www.bungie.net/en/User/SignIn/Psnid"
PSN_OAUTH_URI = "https://auth.api.sonyentertainmentnetwork.com/login.do"
1. GET BUNGIE_SIGNIN_URI (I partly did this because I plan on adding support for Xbox sign-in).
Since we allow redirections and we're not using a session we have to look in the history to find the cookie we want.
This gets us our first JSESSIONID cookie from PSN.
2. POST PSN_OAUTH_URI
We POST with a form-encoded body containing our username/password. We also pass in the JSESSIONID cookie from the first step. This gets us a new JSESSIONID cookie.
In the header we'll find a location field.
3. GET the location field from the previous step. Make sure the pass in the JSESSIONID cookie from the second step.
In the response header you'll see a field called[i] x-np-grant-code[/i].
4. GET BUNGIE_SIGNIN_URI with the x-np-grant-code appended as a query string with [i]code[/i] as the field name.
It should look something like:
5. We create a requests Session. We save the [i]bungled[/i] and [i]bungleatk[/i] cookies to our session. We also add our API key to our headers and add the bungled cookie to the [i]x-csrf[/i] field. Now all future requests from our Session will work.
At first I tried doing this over a single session, but it wouldn't work - at least not the private APIs. Only once did I use individual requests did it work. It's most likely due to some cookie issues, but I can't really be bothered to figure out exactly why. Cheers.