python-oauth2 icon indicating copy to clipboard operation
python-oauth2 copied to clipboard
verified publisher icon joestump

Support parsing HTTP_AUTHORIZATION header in case of mod_wsgi deployment

Open frankdu opened this issue 14 years ago • 0 comments

Class method Request.from_request() checks 'Authorization' HTTP header for OAuth parameters. However, if you deploy web app with mod_wsgi, 2 important things happen:

  1. By default, Authorization header is dropped, and you need to use 'WSGIPassAuthorization On' to pass it to your web app codes, for example python/django codes.
  2. Authorization header is renamed to HTTP_AUTHORIZATION on passing mod_wsgi.

Therefore, to support this case on the server side, the class method Request.from_request() needs to look at HTTP_AUTHORIZATION header as well. It important for implementing OAuth provider services.

The fix is at https://github.com/frankdu/python-oauth2/tree/mod_wsgi_patch. Please check if it good for moving its ass to the master branch.

For more information, please refer to the links below. If anything supplemental is needed, please let me know.

Best Regards, Du

Links:

  1. Branch https://github.com/frankdu/python-oauth2/tree/mod_wsgi_patch
  2. Explanation Article http://www.frankdu.com/notes/2011/07/10/deploy-oauth-provider-with-mod_wsgi/
  3. mod_wsgi: Access Control Mechanisms http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms
  4. WSGIPassAuthorization Directive http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization

frankdu avatar Jul 10 '11 22:07 frankdu