# wsgi-auth-middleware
`wsgi-auth-middleware` provides WSGI middleware to perform HTTP authentication (RFC7235) using a variety of schemes.
[](https://pypi.org/project/wsgi-auth-middleware)
[](https://pypi.org/project/wsgi-auth-middleware)
-----
## Table of Contents
- [Installation](#installation)
- [Usage](#usage)
- [Supported Specifications](#supported-specifications)
- [License](#license)
## Installation
Each backend requires additional dependencies that must be explicitly chosen using the [PEP508 Extras](https://peps.python.org/pep-0508/#extras) that cover it. The following command will install `wsgi-auth-middleware` with all supported backends.
```console
pip install wsgi-auth-middleware[gssapi,pam]
```
## Usage
This middleware package provides the `HttpAuthWsgiMiddleware` class and various callables that implement authentication primitives. The result of wrapping a WSGI app with `HttpAuthWsgiMiddleware` will be a new WSGI app that performs HTTP authentication and, upon success, places the authenticated username string in `environ["REMOTE_USER"]`.
`wsgi-auth-middleware` is designed to be flexible. You can mix and match HTTP authentication schemes (frontends) with any system authentication backends that support their interfaces. Typical usage looks like this:
```python
from wsgi_auth_middleware import HttpAuthWsgiMiddleware
from wsgi_auth_middleware.frontends import BasicFrontend, NegotiateFrontend
from wsgi_auth_middleware.backends import PamBackend, GssapiBackend
pam_backend = PamBackend(service='my_pam_service')
basic_frontend = BasicFrontend(auth_backends=[pam_backend], realm='my realm')
gssapi_backend = GssapiBackend(fqdn='example.org')
negotiate_frontend = NegotiateFrontend(auth_backends=[gssapi_backend])
# Authentication will be tried in the sequential order given by `auth_frontends`.
authenticated_app = HttpAuthWsgiMiddleware(
app=my_wsgi_app,
auth_frontends=[negotiate_frontend, basic_frontend]
)
```
## Supported Specifications
### Currently supported HTTP authentication schemes
* [RFC7235 - Hypertext Transfer Protocol (HTTP/1.1): Authentication](https://datatracker.ietf.org/doc/html/rfc7235)
* [RFC7617 - The 'Basic' HTTP Authentication Scheme](https://datatracker.ietf.org/doc/html/rfc7617)
* [(Kerberos only) RFC4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows](https://datatracker.ietf.org/doc/html/rfc4559)
### WSGI specifications
* [PEP 3333 – Python Web Server Gateway Interface v1.0.1](https://peps.python.org/pep-3333/)
* [A very basic description of authentication opportunities in WSGI](https://wsgi.readthedocs.io/en/latest/specifications/simple_authentication.html)
## License
`wsgi-auth-middleware` is distributed under the terms of the [ISC](https://spdx.org/licenses/ISC.html) license.
Raw data
{
"_id": null,
"home_page": null,
"name": "wsgi-auth-middleware",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "GSSAPI, HTTP, PAM, WSGI, authentication, kerberos, middleware",
"author": null,
"author_email": "Siva Mahadevan <me@svmhdvn.name>",
"download_url": "https://files.pythonhosted.org/packages/a3/9c/fb5a993db7c42aed595fe33eec9d5240e199191a8027dd2c844dccbb00f2/wsgi_auth_middleware-0.1.2.tar.gz",
"platform": null,
"description": "# wsgi-auth-middleware\n\n`wsgi-auth-middleware` provides WSGI middleware to perform HTTP authentication (RFC7235) using a variety of schemes.\n\n[](https://pypi.org/project/wsgi-auth-middleware)\n[](https://pypi.org/project/wsgi-auth-middleware)\n\n-----\n\n## Table of Contents\n\n- [Installation](#installation)\n- [Usage](#usage)\n- [Supported Specifications](#supported-specifications)\n- [License](#license)\n\n## Installation\n\nEach backend requires additional dependencies that must be explicitly chosen using the [PEP508 Extras](https://peps.python.org/pep-0508/#extras) that cover it. The following command will install `wsgi-auth-middleware` with all supported backends.\n\n```console\npip install wsgi-auth-middleware[gssapi,pam]\n```\n\n## Usage\n\nThis middleware package provides the `HttpAuthWsgiMiddleware` class and various callables that implement authentication primitives. The result of wrapping a WSGI app with `HttpAuthWsgiMiddleware` will be a new WSGI app that performs HTTP authentication and, upon success, places the authenticated username string in `environ[\"REMOTE_USER\"]`.\n\n`wsgi-auth-middleware` is designed to be flexible. You can mix and match HTTP authentication schemes (frontends) with any system authentication backends that support their interfaces. Typical usage looks like this:\n\n```python\nfrom wsgi_auth_middleware import HttpAuthWsgiMiddleware\nfrom wsgi_auth_middleware.frontends import BasicFrontend, NegotiateFrontend\nfrom wsgi_auth_middleware.backends import PamBackend, GssapiBackend\n\npam_backend = PamBackend(service='my_pam_service')\nbasic_frontend = BasicFrontend(auth_backends=[pam_backend], realm='my realm')\n\ngssapi_backend = GssapiBackend(fqdn='example.org')\nnegotiate_frontend = NegotiateFrontend(auth_backends=[gssapi_backend])\n\n# Authentication will be tried in the sequential order given by `auth_frontends`.\nauthenticated_app = HttpAuthWsgiMiddleware(\n app=my_wsgi_app,\n auth_frontends=[negotiate_frontend, basic_frontend]\n)\n```\n\n## Supported Specifications\n\n### Currently supported HTTP authentication schemes\n\n* [RFC7235 - Hypertext Transfer Protocol (HTTP/1.1): Authentication](https://datatracker.ietf.org/doc/html/rfc7235)\n* [RFC7617 - The 'Basic' HTTP Authentication Scheme](https://datatracker.ietf.org/doc/html/rfc7617)\n* [(Kerberos only) RFC4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows](https://datatracker.ietf.org/doc/html/rfc4559)\n\n### WSGI specifications\n\n* [PEP 3333 \u2013 Python Web Server Gateway Interface v1.0.1](https://peps.python.org/pep-3333/)\n* [A very basic description of authentication opportunities in WSGI](https://wsgi.readthedocs.io/en/latest/specifications/simple_authentication.html)\n\n## License\n\n`wsgi-auth-middleware` is distributed under the terms of the [ISC](https://spdx.org/licenses/ISC.html) license.\n",
"bugtrack_url": null,
"license": null,
"summary": "HTTP authentication WSGI middleware",
"version": "0.1.2",
"project_urls": {
"Bugs": "https://todo.sr.ht/~svmhdvn/wsgi-auth-middleware",
"Changelog": "https://git.sr.ht/~svmhdvn/wsgi-auth-middleware/refs",
"Documentation": "https://git.sr.ht/~svmhdvn/wsgi-auth-middleware/tree/main/item/README.md",
"Donate": "https://liberapay.com/svmhdvn",
"Homepage": "https://sr.ht/~svmhdvn/wsgi-auth-middleware/",
"Source": "https://git.sr.ht/~svmhdvn/wsgi-auth-middleware/"
},
"split_keywords": [
"gssapi",
" http",
" pam",
" wsgi",
" authentication",
" kerberos",
" middleware"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a5d171f165a379c0d7e59e761631d8df854960a3aa8e2f6a9f097e34b0075631",
"md5": "7b5bd6e13b63cb42104467710ac3fee3",
"sha256": "d5c5a13264bb1797c539d8ad8331ab97b1195993040ff875b0d334fa4cc9680e"
},
"downloads": -1,
"filename": "wsgi_auth_middleware-0.1.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7b5bd6e13b63cb42104467710ac3fee3",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 6936,
"upload_time": "2024-06-18T16:39:53",
"upload_time_iso_8601": "2024-06-18T16:39:53.819988Z",
"url": "https://files.pythonhosted.org/packages/a5/d1/71f165a379c0d7e59e761631d8df854960a3aa8e2f6a9f097e34b0075631/wsgi_auth_middleware-0.1.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "a39cfb5a993db7c42aed595fe33eec9d5240e199191a8027dd2c844dccbb00f2",
"md5": "c8469b6859f433b9d1d8302bcc8c76b0",
"sha256": "51d5a135c052f10580d5e964af4433b2b826cad4379d987b583ee2c03b0ed010"
},
"downloads": -1,
"filename": "wsgi_auth_middleware-0.1.2.tar.gz",
"has_sig": false,
"md5_digest": "c8469b6859f433b9d1d8302bcc8c76b0",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 7582,
"upload_time": "2024-06-18T16:39:55",
"upload_time_iso_8601": "2024-06-18T16:39:55.393700Z",
"url": "https://files.pythonhosted.org/packages/a3/9c/fb5a993db7c42aed595fe33eec9d5240e199191a8027dd2c844dccbb00f2/wsgi_auth_middleware-0.1.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-18 16:39:55",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "wsgi-auth-middleware"
}
JSON