OAuth 2.0 server
Project description
This is an OAuth 2.0 server library and WSGI middleware filter.
It supports simple string-based bearer token and a custom extension to enable
the use of X.509 certificates as tokens. The latter has been added for a
specialised use case to enable a SLCS (Short-lived Credential Service) to issue
delegated X.509-based credentials with OAuth.
Releases
========
0.5.1
-----
Integrated enhancements from Willem van Engen including:
* password-based client authentication, which is a commonly used client
authentication method
* resource authentication for the check_token endpoint, to avoid brute-force
attacks on token check; also provides a starting point for audience-restricted
tokens and resource-restricted attribute release
* return user attribute from check_token endpoint, so that the resource knows
what the user is; attribute name user_name according to CloudFoundry
Resource and client authentication use the same classes, and now are instantiated
with a string indicating their use (to give meaningful log messages). The
client_authenticator interface was removed, since all authenticators can derive
directly from authenticator_interface, since they're both used for clients and
resources; they were also renamed to make that clear (removing _client).
In client_register.ini and resource_register.ini (the latter is new) the field
secret is optional.
Client code is unchanged.
0.4.0
-----
* Revised examples in ndg.oauth.client.examples. bearer_tok uses bearer token
to secure access to a simple html page on a resource server, slcs is an
example protecting a short-lived credential service aka. Online Certificate
Authority. This requires the ContrailOnlineCAService package and should be
used in conjunction with the equivalent example in the ndg_oauth_client
example.
* Added discrete WSGI resource server middleware
ndg.oauth.server.wsgi.resource_server.Oauth2ResourceServerMiddleware
* Includes support for bearer access token passed in Authorization header to
resource server.
Prerequisites
=============
This has been developed and tested for Python 2.6 and 2.7.
Installation
============
Installation can be performed using easy_install or pip.
Configuration
=============
Examples are contained in the examples/ sub-folder:
bearer_tok/:
This configures a simple test application that uses string based tokens.
slcs/:
Bearer token example protecting a Short-Lived Credential Service or OnlineCA.
ContrailOnlineCAService package is needed for this example.
The examples should be used in conjunction with the ndg_oauth_client package.
It supports simple string-based bearer token and a custom extension to enable
the use of X.509 certificates as tokens. The latter has been added for a
specialised use case to enable a SLCS (Short-lived Credential Service) to issue
delegated X.509-based credentials with OAuth.
Releases
========
0.5.1
-----
Integrated enhancements from Willem van Engen including:
* password-based client authentication, which is a commonly used client
authentication method
* resource authentication for the check_token endpoint, to avoid brute-force
attacks on token check; also provides a starting point for audience-restricted
tokens and resource-restricted attribute release
* return user attribute from check_token endpoint, so that the resource knows
what the user is; attribute name user_name according to CloudFoundry
Resource and client authentication use the same classes, and now are instantiated
with a string indicating their use (to give meaningful log messages). The
client_authenticator interface was removed, since all authenticators can derive
directly from authenticator_interface, since they're both used for clients and
resources; they were also renamed to make that clear (removing _client).
In client_register.ini and resource_register.ini (the latter is new) the field
secret is optional.
Client code is unchanged.
0.4.0
-----
* Revised examples in ndg.oauth.client.examples. bearer_tok uses bearer token
to secure access to a simple html page on a resource server, slcs is an
example protecting a short-lived credential service aka. Online Certificate
Authority. This requires the ContrailOnlineCAService package and should be
used in conjunction with the equivalent example in the ndg_oauth_client
example.
* Added discrete WSGI resource server middleware
ndg.oauth.server.wsgi.resource_server.Oauth2ResourceServerMiddleware
* Includes support for bearer access token passed in Authorization header to
resource server.
Prerequisites
=============
This has been developed and tested for Python 2.6 and 2.7.
Installation
============
Installation can be performed using easy_install or pip.
Configuration
=============
Examples are contained in the examples/ sub-folder:
bearer_tok/:
This configures a simple test application that uses string based tokens.
slcs/:
Bearer token example protecting a Short-Lived Credential Service or OnlineCA.
ContrailOnlineCAService package is needed for this example.
The examples should be used in conjunction with the ndg_oauth_client package.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ndg_oauth_server-0.5.1.tar.gz
(33.3 kB
view details)
Built Distribution
ndg_oauth_server-0.5.1-py2.7.egg
(219.5 kB
view details)
File details
Details for the file ndg_oauth_server-0.5.1.tar.gz
.
File metadata
- Download URL: ndg_oauth_server-0.5.1.tar.gz
- Upload date:
- Size: 33.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5eb0a5a45d2ee2a2ac916f240853ff0cfb4aca5a4ba5d427c3338895a4bcd10f |
|
MD5 | 1726a5c95de7f4fc99f8691c2ab32aa3 |
|
BLAKE2b-256 | 773de68c2fbb889b5339a49592fca332c351e1edf573a4d0f7a8aee0510669e7 |
File details
Details for the file ndg_oauth_server-0.5.1-py2.7.egg
.
File metadata
- Download URL: ndg_oauth_server-0.5.1-py2.7.egg
- Upload date:
- Size: 219.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 411cc56b06ffdd63452d15c0c86e8118573bdad46c97ec130843ede74c9ec9b6 |
|
MD5 | c0b10d77145a36cff403a8b8e163720f |
|
BLAKE2b-256 | 8f6f2a9e4c72aa7adb5d2634afde7171c259dc0a66a7ef44c8fb0a0d5f369f16 |