Skip to content
/ ndg_oauth Public
forked from cedadev/ndg_oauth

Python OAuth 2.0 Implementation including client and server packages.

License

View license
2 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TheLanguageArchive/ndg_oauth

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
ndg_oauth_client
ndg_oauth_client
 
 
ndg_oauth_server
ndg_oauth_server
 
 
.project
.project
 
 
.pydevproject
.pydevproject
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CLARIN OAUTH AS project

This fork of the ndg_oauth project is aimed at enabling us to run the OAUTH Authorization Server (AS) behind an apache reverse proxy. Some changes required for us and implemented by Willem van Engen have already been integrated in the main ndg_oauth project (https://github.com/cedadev/ndg_oauth).

Requirements

  • python 2.7
  • openssl-dev 0.9.8f or later
  • python virtualenv
  • python easy_install

In Debian / Ubuntu:

sudo apt-get install build-essential openssl libssl-dev libffi-dev git python python-dev python-virtualenv

Installation

[Work in progress]

This guide assumes installation of the AS in the /srv/OAuth

Create Python 2 virtual environment for AS

virtualenv /srv/OAuth

Switch to Python 2 venv

. /srv/OAuth/bin/activate

Install pyopenssl package in the virtual environment

Ensure openssl-dev (and libffi-dev) is installed; then create the python openssl module:

easy_install pyOpenSSL

install NDG AS

Fetch the source files from the Git repository into /srv/OAuth/src:

mkdir /srv/OAuth/src
cd /srv/OAuth/src
git clone https://github.com/TheLanguageArchive/ndg_oauth.git
easy_install /srv/OAuth/src/ndg_oauth/ndg_oauth_server/

Initialize the base server in /srv/OAuth/server:

mkdir -p /srv/OAuth/server
cp -r /srv/OAuth/src/ndg_oauth/ndg_oauth_server/ndg/oauth/server/examples/bearer_tok/* /srv/OAuth/server
rm /srv/OAuth/server/README /srv/OAuth/server/__init__.py

OAuth AS configuration

Server

After installation edit /srv/OAuth/server/bearer_tok_server_app.ini.

In order to start the AS with the paste http server, activate the virtual environment and start the server with the correct configuration file:

. /srv/OAuth/bin/activate
cd /srv/OAuth/server
paster serve bearer_tok_server_app.ini start

Clients

For each client you want to add to the AS you have to add a section in /srv/OAuth/server/client_register.ini

Startup script

init.d script (oauthctl.sh):

#/bin/sh

case "$1" in
start)
    cd /srv/ndg-oath-as/ && \
    . /srv/python/2/venvs/OAuth/bin/activate && \
    paster serve bearer_tok_server_app.ini start
;;
stop)
    cd /srv/ndg-oath-as/ && \
    . /srv/python/2/venvs/OAuth/bin/activate && \
    paster serve bearer_tok_server_app.ini stop
;;
restart)
    cd /srv/ndg-oath-as/ && \
    . /srv/python/2/venvs/OAuth/bin/activate && \
    paster serve bearer_tok_server_app.ini restart
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac

Apache configuration

Configure and start the AS as described in the previous section. For this example we assume the AS is running at localhost on port 8080.

We will define the reverse proxy mappings as follows:

https://your.server.com                       http://localhost:8080/
     /client_authorization/            --->       /client_authorization/

     /oauth-as/client_authorization/   --->       /client_authorization/
     /oauth-as/authorize               --->       /oauth-as/authorize


     /oauth-as/access_token            --->       /oauth-as/access_token
     /oauth-as/check_token             --->       /oauth-as/check_token

/client_authorization/ ---> /client_authorization/

<Location /client_authorization/>
    #Configure your authentication here

    RequestHeader set X_FORWARDED_USER %{REMOTE_USER}s
    ProxyPass https://localhost:8080/client_authorization/
    ProxyPassReverse https://localhost:8080/client_authorization/
    ProxyPassReverseCookiePath /client_authorization/ /client_authorization/
</Location>

/oauth-as/client_authorization/ ---> /client_authorization/

<Location /oauth-as/client_authorization/>
    #Configure your authentication here

    RequestHeader set X_FORWARDED_USER %{REMOTE_USER}s
    ProxyPass https://localhost:8080/client_authorization/
    ProxyPassReverse https://localhost:8080/client_authorization/
    ProxyPassReverseCookiePath /client_authorization/ /oauth-as/client_authorization/
</Location>

/oauth-as/authorize ---> /oauth-as/authorize

<Location /oauth-as/authorize>
    #Configure your authentication here

    RequestHeader set X_FORWARDED_USER %{REMOTE_USER}s
    ProxyPass https://localhost:8080/oauth-as/authorize
    ProxyPassReverse htps://localhost:8080/oauth-as/authorize
    ProxyPassReverseCookiePath /oauth-as/authorize /oauth-as/authorize
</Location>

/oauth-as/access_token ---> /oauth-as/access_token

<Location /oauth-as/access_token>
    ProxyPass https://localhost:8080/oauth-as/access_token
    ProxyPassReverse htps://localhost:8080/oauth-as/access_token
</Location>

/oauth-as/check_token ---> /oauth-as/check_token

<Location /oauth-as/check_token>
    ProxyPass https://localhost:8080/oauth-as/check_token
    ProxyPassReverse htps://localhost:8080/oauth-as/check_token
</Location>

Original ndg_oauth documentation

ndg_oauth

Python OAuth 2.0 Implementation including client and server packages:

  • ndg_oauth_client
  • ndg_oauth_server

These include WSGI wrappers for easy integration with Python frameworks such as Pylons/Pyramid or Django.

Both are available on PyPI e.g.

$ pip install ndg_oauth_client ndg_oauth_server

Latest release is version 0.5.0.

About

Python OAuth 2.0 Implementation including client and server packages.

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 96.2%
  • CSS 2.3%
  • JavaScript 1.5%