ndg-oauth-client 0.3.0

This is an OAuth 2.0 client library and WSGI middleware filter.

It supports simple string-based bearer token and a custom extension to enable
the use of X.509 certificates as tokens. The latter has been added to enable
a SLCS (Short-lived Credential Service) to issue delegated X.509-based
credentials using OAuth.

ndg.oauth.client.lib.oauth2client:Oauth2Client is a client that calls a
specified callable with an access token obtained from a configured OAuth server.
ndg.oauth.client.lib.oauth2_myproxy_client:Oauth2MyProxyClient extends this to
handle key creation for obtaining X.509 certificates.

The filter ndg.oauth.client.wsgi.oauth2_client:Oauth2ClientMiddleware uses
Oauth2MyProxyClient and sets the obtained access token in the WSGI environ. The
token contains the key/certificate pair so that it can be used by other WSGI
applications or middleware to authenticate.

Prerequisites
=============
This has been developed and tested for Python 2.6 and 2.7.

Installation
============
Installation can be performed using easy_install or pip.

Configuration
=============
Examples are contained in the examples/ sub-folder:

bearer_tok/:
This configures a simple test application that uses string based tokens.
slcs/:
This is a more complex and specialised example that issues X.509 certificate-
based tokens as part of a Short-lived Credential Service. The corresponding
authorisation server available from the ndg.oauth server package requires
access to a specially configured MyProxyCA service (
http://grid.ncsa.illinois.edu/myproxy/ca/) configured with a custom PAM to
allow issue of credentials. See:
http://ndg-security.ceda.ac.uk/browser/trunk/MashMyData/pam_credential_translation

The examples should be used in conjunction with the ndg.oauth server package.