Oauth2 endpoint for pyramid applications
Project description
pyramid_oauth2_provider README
==================
Getting Started
---------------
In an existing pyramid project you can take advantage of pyramid_oauth2_provider
by doing the following:
* Add `config.include('pyramid_oauth2_provider')` to your project setup. This
will configure a `/oauth2/token` route for the token endpoint and an
authentication policy that will support oauth2. If you want to be able to use
both cookie auth and oauth2 at the same time, you should use the
`pyramid_oauth2_provider.authentication.OauthTktAuthenticationPolicy` instead
of the default.
* Define a implementation of the `pyramid_oauth2_provider.interfaces.IAuthCheck`
interface that works against your current user authentication check mechanism.
* In your paster configuration configure which IAuthCheck implementation to use
by specifying `oauth2_provider.auth_checker`.
* In your development configuration, you may also want to disable ssl
enforcement by specifying `oauth2_provider.require_ssl = false`.
* Generate client credentials using the `create_client_credentials` script,
provided as part of `pyramid_oauth2_provider`.
Request Flow
------------
Let's start by laying out a few ground rules when it comes to oauth2:
1. All requests *must* be made via HTTPS.
2. All data is transferred in headers and the body of messages rather than
through url parameters.
The token endpoint is provided as a way to obtain and renew `access_tokens`.
#### Example initial token request:
POST /oauth2/token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
* The basic auth header is the `client_id:client_secret` base64 encoded.
* Content-Type must be application/x-www-form-urlencoded
#### Example refresh token request:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKW&user_id=1234
* The basic auth header is the `client_id:client_secret` base64 encoded.
* Content-Type must be application/x-www-form-urlencoded
* The `grant_type` must be "refresh".
* All form elements are required.
#### Example token response:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKW",
"user_id":1234,
}
* The same response is returned for both auth token and refresh token requests.
* The `token_type` will always be "bearer".
* For purposes of this example the `access_token` and `refresh_token` are
shorter than normal.
==================
Getting Started
---------------
In an existing pyramid project you can take advantage of pyramid_oauth2_provider
by doing the following:
* Add `config.include('pyramid_oauth2_provider')` to your project setup. This
will configure a `/oauth2/token` route for the token endpoint and an
authentication policy that will support oauth2. If you want to be able to use
both cookie auth and oauth2 at the same time, you should use the
`pyramid_oauth2_provider.authentication.OauthTktAuthenticationPolicy` instead
of the default.
* Define a implementation of the `pyramid_oauth2_provider.interfaces.IAuthCheck`
interface that works against your current user authentication check mechanism.
* In your paster configuration configure which IAuthCheck implementation to use
by specifying `oauth2_provider.auth_checker`.
* In your development configuration, you may also want to disable ssl
enforcement by specifying `oauth2_provider.require_ssl = false`.
* Generate client credentials using the `create_client_credentials` script,
provided as part of `pyramid_oauth2_provider`.
Request Flow
------------
Let's start by laying out a few ground rules when it comes to oauth2:
1. All requests *must* be made via HTTPS.
2. All data is transferred in headers and the body of messages rather than
through url parameters.
The token endpoint is provided as a way to obtain and renew `access_tokens`.
#### Example initial token request:
POST /oauth2/token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
* The basic auth header is the `client_id:client_secret` base64 encoded.
* Content-Type must be application/x-www-form-urlencoded
#### Example refresh token request:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKW&user_id=1234
* The basic auth header is the `client_id:client_secret` base64 encoded.
* Content-Type must be application/x-www-form-urlencoded
* The `grant_type` must be "refresh".
* All form elements are required.
#### Example token response:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKW",
"user_id":1234,
}
* The same response is returned for both auth token and refresh token requests.
* The `token_type` will always be "bearer".
* For purposes of this example the `access_token` and `refresh_token` are
shorter than normal.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for pyramid_oauth2_provider-0.2.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 943b6964a9a5401976b3bb630ab87f3a4ac427c11be237ad954b3ed2174b41a3 |
|
| MD5 | 092a0ca80d7f8c99836f0e610da4c946 |
|
| BLAKE2b-256 | 1f1844c01b3892a4baebbdb08c18553d3a314747f94820fe345ea42b35b9426a |
Close
Hashes for pyramid_oauth2_provider-0.2-py2.7.egg
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9e6207c1fa9526b52ad4db04a97a7c1e8ccf9ac41af7b76f86aac9645fda74b8 |
|
| MD5 | e79bb66ff405a65ebce49438448a4b6e |
|
| BLAKE2b-256 | b37dbd8b0bbd66577d97b318d5986be0f21fa4f553a17fe7cb001884ed2a1d24 |
