This module provides OAuth support for Zope/Plone, with the option to be extensible through the Zope Component Architecture to allow the addition of more feature-rich components. Features core to OAuth are fully supported, this includes the full OAuth authentication workflow, client (consumer) management for site managers and access token management for resource owners. Scope restriction is also supported; site managers can define content types and subpaths that are available for client usage using scope profiles, and clients can specify a list of them to better inform the resource owners of what will be accessed under their access rights.
While the test coverage is fairly complete and demonstrates that access permissions and scope restriction function as intended, the author does not currently endorse the usage of this package in a mission critical environment where absolute security is required, as there are no audits have been done on this package by security experts. Otherwise, please ensure that your users are aware of who the trusted third-party clients are and that your site's privacy and security policies are updated to fully inform your users of risks that may be associated with the usage of OAuth with this package.
This package requires Plone 4.1 or later.
You can install pmr2.oauth using buildout by adding an entry for this package in both eggs and zcml sections.
Example:
[buildout] ... [instance] ... eggs = ... pmr2.oauth zcml = ... pmr2.oauth
Run buildout, then restart the Zope/Plone instance. This package must also be activated using the Add-ons panel under Site Setup within the Plone instance where OAuth based authorization is to be used.
If the add-on is correctly installed and activated, an index of views
made available as part of this add-on can be found at
${portal_url}/@@pmr2-oauth
.
If you are upgrading from a previously installed version of this add-on,
please refer to docs/UPGRADE.rst
for some important information.
For more detailed information, please refer to the doctest file at
pmr2/oauth/README.rst
.
This add-on was created as part of the Physiome Model Repository in order to enable it to provide secured web-service access using a well supported, industry-standard authorization method for third-party clients.