Skip to main content

OAuth 2.0 server

Project description

This is an OAuth 2.0 server library and WSGI middleware filter.

It supports simple string-based bearer token and a custom extension to enable
the use of X.509 certificates as tokens. The latter has been added for a
specialised use case to enable a SLCS (Short-lived Credential Service) to issue
delegated X.509-based credentials with OAuth.

Releases
========
0.5.1
-----
Integrated enhancements from Willem van Engen including:

* password-based client authentication, which is a commonly used client
authentication method
* resource authentication for the check_token endpoint, to avoid brute-force
attacks on token check; also provides a starting point for audience-restricted
tokens and resource-restricted attribute release
* return user attribute from check_token endpoint, so that the resource knows
what the user is; attribute name user_name according to CloudFoundry

Resource and client authentication use the same classes, and now are instantiated
with a string indicating their use (to give meaningful log messages). The
client_authenticator interface was removed, since all authenticators can derive
directly from authenticator_interface, since they're both used for clients and
resources; they were also renamed to make that clear (removing _client).

In client_register.ini and resource_register.ini (the latter is new) the field
secret is optional.

Client code is unchanged.

0.4.0
-----
* Revised examples in ndg.oauth.client.examples. bearer_tok uses bearer token
to secure access to a simple html page on a resource server, slcs is an
example protecting a short-lived credential service aka. Online Certificate
Authority. This requires the ContrailOnlineCAService package and should be
used in conjunction with the equivalent example in the ndg_oauth_client
example.
* Added discrete WSGI resource server middleware
ndg.oauth.server.wsgi.resource_server.Oauth2ResourceServerMiddleware
* Includes support for bearer access token passed in Authorization header to
resource server.

Prerequisites
=============
This has been developed and tested for Python 2.6 and 2.7.

Installation
============
Installation can be performed using easy_install or pip.

Configuration
=============
Examples are contained in the examples/ sub-folder:

bearer_tok/:
This configures a simple test application that uses string based tokens.
slcs/:
Bearer token example protecting a Short-Lived Credential Service or OnlineCA.
ContrailOnlineCAService package is needed for this example.

The examples should be used in conjunction with the ndg_oauth_client package.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ndg_oauth_server-0.5.1.tar.gz (33.3 kB view details)

Uploaded Source

Built Distribution

ndg_oauth_server-0.5.1-py2.7.egg (219.5 kB view details)

Uploaded Source

File details

Details for the file ndg_oauth_server-0.5.1.tar.gz.

File metadata

File hashes

Hashes for ndg_oauth_server-0.5.1.tar.gz
Algorithm Hash digest
SHA256 5eb0a5a45d2ee2a2ac916f240853ff0cfb4aca5a4ba5d427c3338895a4bcd10f
MD5 1726a5c95de7f4fc99f8691c2ab32aa3
BLAKE2b-256 773de68c2fbb889b5339a49592fca332c351e1edf573a4d0f7a8aee0510669e7

See more details on using hashes here.

File details

Details for the file ndg_oauth_server-0.5.1-py2.7.egg.

File metadata

File hashes

Hashes for ndg_oauth_server-0.5.1-py2.7.egg
Algorithm Hash digest
SHA256 411cc56b06ffdd63452d15c0c86e8118573bdad46c97ec130843ede74c9ec9b6
MD5 c0b10d77145a36cff403a8b8e163720f
BLAKE2b-256 8f6f2a9e4c72aa7adb5d2634afde7171c259dc0a66a7ef44c8fb0a0d5f369f16

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page