OAuth 2.0 server
Project description
This is an OAuth 2.0 server library and WSGI middleware filter.
It supports simple string-based bearer token and a custom extension to enable
the use of X.509 certificates as tokens. The latter has been added for a
specialised use case to enable a SLCS (Short-lived Credential Service) to issue
delegated X.509-based credentials with OAuth.
Releases
========
0.5.0
-----
Integrated enhancements from Willem Engen including:
* password-based client authentication, which is a commonly used client
authentication method
* resource authentication for the check_token endpoint, to avoid brute-force
attacks on token check; also provides a starting point for audience-restricted
tokens and resource-restricted attribute release
* return user attribute from check_token endpoint, so that the resource knows
what the user is; attribute name user_name according to CloudFoundry
Resource and client authentication use the same classes, and now are instantiated
with a string indicating their use (to give meaningful log messages). The
client_authenticator interface was removed, since all authenticators can derive
directly from authenticator_interface, since they're both used for clients and
resources; they were also renamed to make that clear (removing _client).
In client_register.ini and resource_register.ini (the latter is new) the field
secret is optional.
Client code is unchanged.
0.4.0
-----
* Revised examples in ndg.oauth.client.examples. bearer_tok uses bearer token
to secure access to a simple html page on a resource server, slcs is an
example protecting a short-lived credential service aka. Online Certificate
Authority. This requires the ContrailOnlineCAService package and should be
used in conjunction with the equivalent example in the ndg_oauth_client
example.
* Added discrete WSGI resource server middleware
ndg.oauth.server.wsgi.resource_server.Oauth2ResourceServerMiddleware
* Includes support for bearer access token passed in Authorization header to
resource server.
Prerequisites
=============
This has been developed and tested for Python 2.6 and 2.7.
Installation
============
Installation can be performed using easy_install or pip.
Configuration
=============
Examples are contained in the examples/ sub-folder:
bearer_tok/:
This configures a simple test application that uses string based tokens.
slcs/:
Bearer token example protecting a Short-Lived Credential Service or OnlineCA.
ContrailOnlineCAService package is needed for this example.
The examples should be used in conjunction with the ndg_oauth_client package.
It supports simple string-based bearer token and a custom extension to enable
the use of X.509 certificates as tokens. The latter has been added for a
specialised use case to enable a SLCS (Short-lived Credential Service) to issue
delegated X.509-based credentials with OAuth.
Releases
========
0.5.0
-----
Integrated enhancements from Willem Engen including:
* password-based client authentication, which is a commonly used client
authentication method
* resource authentication for the check_token endpoint, to avoid brute-force
attacks on token check; also provides a starting point for audience-restricted
tokens and resource-restricted attribute release
* return user attribute from check_token endpoint, so that the resource knows
what the user is; attribute name user_name according to CloudFoundry
Resource and client authentication use the same classes, and now are instantiated
with a string indicating their use (to give meaningful log messages). The
client_authenticator interface was removed, since all authenticators can derive
directly from authenticator_interface, since they're both used for clients and
resources; they were also renamed to make that clear (removing _client).
In client_register.ini and resource_register.ini (the latter is new) the field
secret is optional.
Client code is unchanged.
0.4.0
-----
* Revised examples in ndg.oauth.client.examples. bearer_tok uses bearer token
to secure access to a simple html page on a resource server, slcs is an
example protecting a short-lived credential service aka. Online Certificate
Authority. This requires the ContrailOnlineCAService package and should be
used in conjunction with the equivalent example in the ndg_oauth_client
example.
* Added discrete WSGI resource server middleware
ndg.oauth.server.wsgi.resource_server.Oauth2ResourceServerMiddleware
* Includes support for bearer access token passed in Authorization header to
resource server.
Prerequisites
=============
This has been developed and tested for Python 2.6 and 2.7.
Installation
============
Installation can be performed using easy_install or pip.
Configuration
=============
Examples are contained in the examples/ sub-folder:
bearer_tok/:
This configures a simple test application that uses string based tokens.
slcs/:
Bearer token example protecting a Short-Lived Credential Service or OnlineCA.
ContrailOnlineCAService package is needed for this example.
The examples should be used in conjunction with the ndg_oauth_client package.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ndg_oauth_server-0.5.0.tar.gz
(33.2 kB
view hashes)
Built Distribution
ndg_oauth_server-0.5.0-py2.7.egg
(219.5 kB
view hashes)
Close
Hashes for ndg_oauth_server-0.5.0-py2.7.egg
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8c72fecf10fb9cf28e8d9e6951f00e677c8f0ab7d74e1420ac5b962739a66267 |
|
| MD5 | 488f81b5dc0dcffb124ec1f6917e336e |
|
| BLAKE2b-256 | 897f9a385c6cf6566c015005401d90264af0808e6b4f1feaf2878cdae0b029db |
