New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support parsing HTTP_AUTHORIZATION header in case of mod_wsgi deployment #77

Open
frankdu opened this Issue Jul 10, 2011 · 0 comments

Comments

Projects
None yet
2 participants
@frankdu

frankdu commented Jul 10, 2011

Class method Request.from_request() checks 'Authorization' HTTP header for OAuth parameters. However, if you deploy web app with mod_wsgi, 2 important things happen:

  1. By default, Authorization header is dropped, and you need to use 'WSGIPassAuthorization On' to pass it to your web app codes, for example python/django codes.
  2. Authorization header is renamed to HTTP_AUTHORIZATION on passing mod_wsgi.

Therefore, to support this case on the server side, the class method Request.from_request() needs to look at HTTP_AUTHORIZATION header as well. It important for implementing OAuth provider services.

The fix is at https://github.com/frankdu/python-oauth2/tree/mod_wsgi_patch. Please check if it good for moving its ass to the master branch.

For more information, please refer to the links below. If anything supplemental is needed, please let me know.

Best Regards,
Du

Links:

  1. Branch
    https://github.com/frankdu/python-oauth2/tree/mod_wsgi_patch
  2. Explanation Article
    http://www.frankdu.com/notes/2011/07/10/deploy-oauth-provider-with-mod_wsgi/
  3. mod_wsgi: Access Control Mechanisms
    http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms
  4. WSGIPassAuthorization Directive
    http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment