ngerakines.me / oauth-masterclass-python
this repo has no description
fork atom
Python 100.0%
1 1 0

Clone this repository

https://tangled.org/ngerakines.me/oauth-masterclass-python
git@tangled.org:ngerakines.me/oauth-masterclass-python

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

OAuth Masterclass Python#

A Flask application demonstrating ATProtocol OAuth with DPoP (Demonstrating Proof-of-Possession) and PKCE (Proof Key for Code Exchange).

Part of the OAuth Masterclass by Nick Gerakines.

Prerequisites#

  • Python 3.7 or higher
  • pip

Setup and Installation#

  1. Create a virtual environment:
python -m venv venv
  1. Activate the virtual environment:
# On macOS/Linux:
source venv/bin/activate

# On Windows:
venv\Scripts\activate
  1. Install dependencies:
pip install flask requests pyjwt cryptography dnspython

Running the Application#

  1. Ensure your virtual environment is activated (see step 2 above)

  2. Run the Flask application:

python app.py
  1. The application will start on port 5000. Access it at:
    • Local development: http://localhost:5000
    • Production: https://oauth-py.smokesignal.tools

Features#

  • ATProtocol OAuth authentication
  • DPoP token binding
  • PKCE for enhanced security
  • Handle resolution with HTTP fallback to DNS (following ATProtocol specification)
  • DID document resolution (did:plc and did:web)
  • Token refresh handling
  • Protected routes with automatic token refresh

Deactivating the Virtual Environment#

When you're done, deactivate the virtual environment:

deactivate

Demo#

  1. Start the application
  2. Start the proxy
  3. Visit https://oauth-py.smokesignal.tools/
  4. Example records at https://pdsls.dev/at://did:plc:cbkjy5n7bk3ax2wplmtjofq2/garden.lexicon.oauth-masterclass.now

License#

This project is licensed under the MIT License - see the LICENSE file for details.