Welcome, guest | Sign In | My Account | Store | Cart

Notice! PyPM is being replaced with the ActiveState Platform, which enhances PyPM’s build and deploy capabilities. Create your free Platform account to download ActivePython or customize Python with the packages you require and get automatic updates.

pypm install ndg-oauth-server

How to install ndg_oauth_server

  1. Download and install ActivePython
  2. Open Command Prompt
  3. Type pypm install ndg-oauth-server
 Python 2.7Python 3.2Python 3.3
Windows (32-bit)
Windows (64-bit)
Mac OS X (10.5+)
Linux (32-bit)
0.5.1Never BuiltWhy not?
0.4.0 Available View build log
0.3.0 Available View build log
Linux (64-bit)
0.5.1 Available View build log
0.4.0 Available View build log
0.3.0 Available View build log
BSD - See LICENCE file for details
Lastest release
version 0.5.1 on Jan 9th, 2014

This is an OAuth 2.0 server library and WSGI middleware filter.

It supports simple string-based bearer token and a custom extension to enable the use of X.509 certificates as tokens. The latter has been added for a specialised use case to enable a SLCS (Short-lived Credential Service) to issue delegated X.509-based credentials with OAuth.



Integrated enhancements from Willem van Engen including:

  • password-based client authentication, which is a commonly used client authentication method
  • resource authentication for the check_token endpoint, to avoid brute-force attacks on token check; also provides a starting point for audience-restricted tokens and resource-restricted attribute release
  • return user attribute from check_token endpoint, so that the resource knows what the user is; attribute name user_name according to CloudFoundry

Resource and client authentication use the same classes, and now are instantiated with a string indicating their use (to give meaningful log messages). The client_authenticator interface was removed, since all authenticators can derive directly from authenticator_interface, since they're both used for clients and resources; they were also renamed to make that clear (removing _client).

In client_register.ini and resource_register.ini (the latter is new) the field secret is optional.

Client code is unchanged.

  • Revised examples in ndg.oauth.client.examples. bearer_tok uses bearer token to secure access to a simple html page on a resource server, slcs is an example protecting a short-lived credential service aka. Online Certificate Authority. This requires the ContrailOnlineCAService package and should be used in conjunction with the equivalent example in the ndg_oauth_client example.
  • Added discrete WSGI resource server middleware ndg.oauth.server.wsgi.resource_server.Oauth2ResourceServerMiddleware
  • Includes support for bearer access token passed in Authorization header to resource server.


This has been developed and tested for Python 2.6 and 2.7.


Installation can be performed using easy_install or pip.


Examples are contained in the examples/ sub-folder:

This configures a simple test application that uses string based tokens.
Bearer token example protecting a Short-Lived Credential Service or OnlineCA. ContrailOnlineCAService package is needed for this example.

The examples should be used in conjunction with the ndg_oauth_client package.

Subscribe to package updates

Last updated Jan 9th, 2014

Download Stats

Last month:1

What does the lock icon mean?

Builds marked with a lock icon are only available via PyPM to users with a current ActivePython Business Edition subscription.

Need custom builds or support?

ActivePython Enterprise Edition guarantees priority access to technical support, indemnification, expert consulting and quality-assured language builds.

Plan on re-distributing ActivePython?

Get re-distribution rights and eliminate legal risks with ActivePython OEM Edition.