skip to navigation
skip to content

ndg-oauth-server 0.6.0

OAuth 2.0 server

This is an OAuth 2.0 server library and WSGI middleware filter.



  • Clean up of password-based authentication of client by authorization server
  • Removal of redundant MyProxy hooks


Integrated enhancements from Willem van Engen including:

  • password-based client authentication, which is a commonly used client authentication method
  • resource authentication for the check_token endpoint, to avoid brute-force attacks on token check; also provides a starting point for audience-restricted tokens and resource-restricted attribute release
  • return user attribute from check_token endpoint, so that the resource knows what the user is; attribute name user_name according to CloudFoundry

Resource and client authentication use the same classes, and now are instantiated with a string indicating their use (to give meaningful log messages). The client_authenticator interface was removed, since all authenticators can derive directly from authenticator_interface, since they’re both used for clients and resources; they were also renamed to make that clear (removing _client).

In client_register.ini and resource_register.ini (the latter is new) the field secret is optional.

Client code is unchanged.


  • Revised examples in ndg.oauth.client.examples. bearer_tok uses bearer token to secure access to a simple html page on a resource server, slcs is an example protecting a short-lived credential service aka. Online Certificate Authority. This requires the ContrailOnlineCAService package and should be used in conjunction with the equivalent example in the ndg_oauth_client example.
  • Added discrete WSGI resource server middleware ndg.oauth.server.wsgi.resource_server.Oauth2ResourceServerMiddleware
  • Includes support for bearer access token passed in Authorization header to resource server.


This has been developed and tested for Python 2.6 and 2.7.


Installation can be performed using easy_install or pip.


Examples are contained in the examples/ sub-folder:

This configures a simple test application that uses string based tokens.
Bearer token example protecting a Short-Lived Credential Service or OnlineCA. ContrailOnlineCAService package is needed for this example.

The examples should be used in conjunction with the ndg_oauth_client package.

File Type Py Version Uploaded on Size
ndg_oauth_server-0.6.0.tar.gz (md5) Source 2015-06-08 97KB