{ "info": { "author": "Mozilla Services", "author_email": "services-dev@mozilla.org", "bugtrack_url": null, "classifiers": [ "Programming Language :: Python" ], "description": "==========================\nrepoze.who.plugins.vepauth\n==========================\n\nThis is a repoze.who plugin for automated authentication via BrowserID:\n\n https://browserid.org/\n https://wiki.mozilla.org/Identity/BrowserIDSync\n\nThe plugin implements an experimental protocol for authenticating to ReSTful\nweb services with the Verified Email Protocol, a.k.a Mozilla's BrowserID\nproject. It is designed for use in automated tools like the Firefox Sync\nClient. If you're looking for something to use for human visitors on your\nsite, please try:\n\n http://github.com/mozilla-services/repoze.who.plugins.browserid\n\nWhen accessing a protected resource, the server will generate a 401 challenge\nresponse with the scheme \"OAuth+VEP\" as follows::\n\n > GET /protected_resource HTTP/1.1\n > Host: example.com\n\n < HTTP/1.1 401 Unauthorized\n < WWW-Authenticate: OAuth+VEP url=\"/request_token\"\n\nThe client should extract the url from this challenge and POST a VEP assertion\nto that location. This will create a new authentication session and return a\nset of OAuth client credentials::\n\n > POST /request_token HTTP/1.1\n > Host: example.com\n > Content-Type: application/x-www-form-urlencoded\n >\n > assertion=VEP_ASSERTION_DATA\n\n < HTTP/1.1 200 OK\n < Content-Type: application/json\n <\n < {\n < \"oauth_consumer_key\": SESSION_TOKEN,\n < \"oauth_consumer_secret\": SESSION_SECRET\n < }\n\nSubsequent requests should be signed using these credentials in Two-Legged\nOAuth mode::\n\n > GET /protected_resource HTTP/1.1\n > Host: example.com\n > Authorization: OAuth oauth_consumer_key=SESSION_TOKEN,\n > oauth_signature_method=\"HMAC-SHA1\",\n > oauth_version=\"1.0\",\n > oauth_timestamp=TIMESTAMP,\n > oauth_nonce=NONCE\n > oauth_signature=SIGNATURE\n\n < HTTP/1.1 200 OK\n < Content-Type: text/plain\n <\n < For your eyes only: secret data!\n\nSession tokens are timestamped and will eventually expire. If this happens\nyou will receive a 401 response as before, and should POST a new assertion\nto obtain fresh credentials.\n\nExtending the token management\n------------------------------\n\n`repoze.who.plugins.vepauth` is extensible. If you want to provide a different\nmechanism to manage the tokens, you can do so by providing a different token\nmanager instance to the plugin with the `token_manager` option.\n\nThe `TokenManager` class have two methods than need to be implemented (it's an\nabstract class): `make_token` and `parse_token`. The implementation details are\nleft to the childs classes.\n\n`repose.who.plugins.vepauth` comes with one `SignedTokenManager` which\nimplement a simple token management class in pure python. It has a number of\nmethods that can be overridden to customize its behavior.\n\n\n0.3.0 - 2012-02-14\n==================\n\n * Replaced Two-Legged OAuth with MAC Access Auth, implemented according\n to the latest draft standard:\n\n https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01\n\n\n0.2.0 - 2012-02-14\n==================\n\n * Added basic pattern-matching for the token_url, e.g. \"/{app}/token\".\n * Made TokenManager.make_token and TokenManager.parse_token accept the\n incoming request as first argument, mostly so they can get at the\n results of pattern-matching.\n * Let TokenManager.make_token return a dict of extra info to be included\n in the response.\n\n\n0.1.0 - 2012-02-07\n==================\n\n * Initial release.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/mozilla-services/repoze.who.plugins.vepauth", "keywords": "authentication repoze browserid oauth", "license": "UNKNOWN", "maintainer": null, "maintainer_email": null, "name": "repoze.who.plugins.vepauth", "package_url": "https://pypi.org/project/repoze.who.plugins.vepauth/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/repoze.who.plugins.vepauth/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/mozilla-services/repoze.who.plugins.vepauth" }, "release_url": "https://pypi.org/project/repoze.who.plugins.vepauth/0.3.0/", "requires_dist": null, "requires_python": null, "summary": "repoze.who.plugins.vepauth", "version": "0.3.0" }, "last_serial": 798863, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "cd6473e24a21f16027c1ee2b6fe90feb", "sha256": "a6d26478a060d04f690b0df2695cc9acf92046ebb3e5aed86bdd7201fd613933" }, "downloads": -1, "filename": "repoze.who.plugins.vepauth-0.1.0.tar.gz", "has_sig": false, "md5_digest": "cd6473e24a21f16027c1ee2b6fe90feb", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17748, "upload_time": "2012-02-07T01:48:29", "url": "https://files.pythonhosted.org/packages/1c/6f/060b58fa0a3dd84a0f0a6e03d3d38d9e7f7e6b75ba920b362547666e573e/repoze.who.plugins.vepauth-0.1.0.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "d2e10f0b879fc2fd9fa075858006b550", "sha256": "862a122eb2791c3665a8b4842a7527562acf9909bc59f87887c41553dcb2439a" }, "downloads": -1, "filename": "repoze.who.plugins.vepauth-0.2.0.tar.gz", "has_sig": false, "md5_digest": "d2e10f0b879fc2fd9fa075858006b550", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19620, "upload_time": "2012-02-14T01:25:35", "url": "https://files.pythonhosted.org/packages/10/b3/bb86f3a4eaac3c6397dc5832e023f513b955b46641ac5265eca2b919f4b2/repoze.who.plugins.vepauth-0.2.0.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "e43577e6be816df7f4426c976bd5539d", "sha256": "832e59509e3604ecf2dd1543fc2214b2bc508b57989d1f6a02847d91a22c9664" }, "downloads": -1, "filename": "repoze.who.plugins.vepauth-0.3.0.tar.gz", "has_sig": false, "md5_digest": "e43577e6be816df7f4426c976bd5539d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20455, "upload_time": "2012-02-14T12:05:50", "url": "https://files.pythonhosted.org/packages/9e/9c/63b93311835a78f6a3dc874c0e578c8203811afd69459e81c3f263e5cbc2/repoze.who.plugins.vepauth-0.3.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e43577e6be816df7f4426c976bd5539d", "sha256": "832e59509e3604ecf2dd1543fc2214b2bc508b57989d1f6a02847d91a22c9664" }, "downloads": -1, "filename": "repoze.who.plugins.vepauth-0.3.0.tar.gz", "has_sig": false, "md5_digest": "e43577e6be816df7f4426c976bd5539d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20455, "upload_time": "2012-02-14T12:05:50", "url": "https://files.pythonhosted.org/packages/9e/9c/63b93311835a78f6a3dc874c0e578c8203811afd69459e81c3f263e5cbc2/repoze.who.plugins.vepauth-0.3.0.tar.gz" } ] }