osiris 1.3

OAuth 2.0 compliant token server with authentication proxy capabilities
Osiris is an Egyptian god, usually identified as the god of the afterlife, the underworld and the dead. He is classically depicted as a green-skinned man with a pharaoh's beard, partially mummy-wrapped at the legs, wearing a distinctive crown with two large ostrich feathers at either side, and holding a symbolic crook and flail. Osiris was the afterlife's judge, he weighed the dead souls and compare them with the Feather of Truth. Those which weighed the most were sent to Ammut (the soul devourer) and not heavy enough to Aaru (the egyptian paradise).

The osiris package is an oAuth 2.0 (draft 22) compliant server based on Pyramid. The current version (1.0) it supports the Resource owner password credentials authentication flow. It uses pyramid_who as user backend providing the way to behave as an oAuth authentication gateway. This means that you can use your authentication backend (LDAP, SQL, etc.) oAuth enabled with Osiris. Osiris uses a pluggable store factory to store the issued token information. The current version includes the MongoDB one.

The Resource owner password credentials flow

This flow is not the most popular oAuth flow, but it's useful in case that we want to oAuth enable an app or a set of apps in an scenario with an already existing user backend. Using this flow you can use Osiris as a gateway between your existing user store and oAuth enable it. Osiris will authenticate the user credentials against your user store and if suceeds it will issue a oAuth token. Then, an app can use it to impersonate the user's token to access an oAuth enabled REST API, for example.

For that reason and out of the oAuth specification, Osiris features an additional endpoint to allow remote applications and resource servers to check previously issued tokens and users and validate it. This endpoint will respond if the token is valid for the user specified and if the token is not expired or revoked.

You can use Osiris as a standalone application or use it as a Pyramid plugin and make your app Osiris enabled.

Setup

This is the configuration to use it as a standalone Pyramid app, along with your own one using Paste urlmap in your app .ini:

You can also Osiris enable your own app, in your __init__.py:

config.include(osiris)

and in the .ini:

Options

These are the .ini options available for Osiris:

osiris.store
 Currently only available osiris.store.mongodb_store. Required.
osiris.store.host
 Defaults to 'localhost'. Optional.
osiris.store.port
 Defaults to '27017'. Optional.
osiris.store.db
 The name of the database. Defaults to 'osiris'. Optional.
osiris.store.collection
 The collection to store the tokens. Defaults to 'tokens'. Optional.
osiris.tokenexpiry
 The time in seconds that the token is valid. Defaults to 0 (unlimited). Optional.
osiris.whoconfig
 The pyramid_who (repoze.who) .ini with the configuration of the authentication backends. Required.

REST API for Resource owner password credentials flow

Following the oAuth 2.0 authentication standard (draft 22), the Resource owner password credentials flow must implement this web services and use these parameters:

/token

Method:
 POST
Params:

 grant_type
 Required. Value must be set to password
 username
 Required. The resource owner username, encoded as UTF-8.
 password
 Required. The resource owner password, encoded as UTF-8.
 scope
 Optional. The scope of the access request.

Content-Type:
 application/x-www-form-urlencoded
Response:

 HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache

 {
 "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"bearer", "expires_in":3600, "scope": "exampleScope"

 }

last updated on:
February 23rd, 2012, 10:25 GMT
price:
FREE!
developed by:
Victor Fernandez de Alba
homepage:
github.com
license type:
Other/Proprietary License
category:
ROOT \ Internet \ HTTP (WWW)

FREE!

In a hurry? Add it to your Download Basket!

user rating

UNRATED
0.0/5
 

0/5

What's New in This Release:
  • Added use of greenlets and handle reconnects if cluster is enabled [Victor Fernandez de Alba]
  • Support for mongoDB cluster [Victor Fernandez de Alba]
read full changelog

Add your review!

SUBMIT