this repo has no description
1# OAuth Masterclass Python
2
3A Flask application demonstrating ATProtocol OAuth with DPoP (Demonstrating Proof-of-Possession) and PKCE (Proof Key for Code Exchange).
4
5Part of the **OAuth Masterclass** by [Nick Gerakines](https://github.com/ngerakines).
6
7## Prerequisites
8
9- Python 3.7 or higher
10- pip
11
12## Setup and Installation
13
141. Create a virtual environment:
15```bash
16python -m venv venv
17```
18
192. Activate the virtual environment:
20```bash
21# On macOS/Linux:
22source venv/bin/activate
23
24# On Windows:
25venv\Scripts\activate
26```
27
283. Install dependencies:
29```bash
30pip install flask requests pyjwt cryptography dnspython
31```
32
33## Running the Application
34
351. Ensure your virtual environment is activated (see step 2 above)
36
372. Run the Flask application:
38```bash
39python app.py
40```
41
423. The application will start on port 5000. Access it at:
43 - Local development: `http://localhost:5000`
44 - Production: `https://oauth-py.smokesignal.tools`
45
46## Features
47
48- ATProtocol OAuth authentication
49- DPoP token binding
50- PKCE for enhanced security
51- Handle resolution with HTTP fallback to DNS (following ATProtocol specification)
52- DID document resolution (did:plc and did:web)
53- Token refresh handling
54- Protected routes with automatic token refresh
55
56## Deactivating the Virtual Environment
57
58When you're done, deactivate the virtual environment:
59```bash
60deactivate
61```
62
63# Demo
64
651. Start the application
662. Start the proxy
673. Visit https://oauth-py.smokesignal.tools/
684. Example records at https://pdsls.dev/at://did:plc:cbkjy5n7bk3ax2wplmtjofq2/garden.lexicon.oauth-masterclass.now
69
70## License
71
72This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.