A WSGI OAuth packageapplication and middlware.
Project description
Overview
The wsgioauth package is a library for use with Web Services Gateway Interface (WSGI) applications that require oauth integration. The package is made to serve both the service provider and consumer (pending development).
Service Provider
The service provider libraries are made up of two pieces: a WSGI middleware and a WSGI application. The application is used to administer the provisioning of consumer information; and optionally could be used to remove access tokens. This package defines a very limited XML-RPC API (see the calls module) for use with the service provider administration application. It is recommended that the application be overridden or at the very least minimally uses the XML-RPC API. An example of the service provider administration application can be found in the the mock module under the app_factory function.
The service provider WSGI middleware is to be used intercept OAuth requests and protect the application. A storage abstraction is necessary to run the middleware. The provider module contains a skeleton Storage class that should be sub-classed. There is an example non-persistent storage class in the mock module that is used in the tests and to run the example. Authentication can be done by the another application, the same application running the middleware, etc. if an authentication plugin is written to use. To register the a plugin, use the ‘wsgioauth_authentication’ egg entry-point group (see this package’s setup.py for an example). OAuth signatures methods are also looked up using egg entry-points; so one could all their own signature method if needed. The ‘wsgioauth_signatures’ group is used to register signature method plugins. By default, this package registers signatures methods for PLAINTEXT and HMAC_SHA1.
Consumer
TODO…
Example
The only part of the example application that is completed is the service provider administration application that provides an XML-RPC API. The middleware will run on a simple echo application in the near future.
At the moment there are no plans for the consumer example.
TODO items
Make the XML-RPC API also play friendly with JSON-RPC requests.
Create a consumer is an application library. The consumer library will be more of a framework than an actual out-of-the-box application.
Create egg entry-points for token verification generator functions. The verification generator is used to define a string for the oauth_verifier parameter. Could be useful to define real words rather than a random string of letters and numbers.
Go back through all the code where an error is raised and try to be more specific about what went wrong.
Changelog
0.1 (2010-01-06)
Initial pre-alpha release.
0.0 (2009-12-00)
Created the service provider middleware from the ashes of another package I was working on. The middleware is used to authorize users attempting to access the protected resource (aka the application or parts of the application).
Established egg entry-points for:
Simple authentication plugins that would most likely call up the applications login or some central login page. (see setup.py’s entry_points for an example)
Signature plugins that are used to sign, unsign and check OAuth requests.
Created examples (in the mock module) for:
A service provider administration application.
A very simple storage implementation.
Created our own Token class based off off oauth2.Token, because we needed a new constructor for keyword arguments and the ability to plug-in our own verifier generation.
Replaced oauth2.Request with a subclassed webob.Request at wsgioauth.request.Request. The subclass simply adds the oauth_params method to provider an easy way of gathering the oauth parameters from a request of any of the three acceptable methods.
Replaced oauth2.Server with a WSGI application/middleware at wsgioauth.provider.*.
License
Copyright (c) 2008-2009 The Pennsylvania State University. WebLion packages are developed and maintained by the WebLion Group and its partners.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
This document is written using the Structured Text format for conversion into alternative formats.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.