Metadata-Version: 1.0
Name: PyBrowserID
Version: 0.4.0
Summary: Python library for the BrowserID Protocol
Home-page: https://github.com/mozilla/PyBrowserID
Author: Mozilla Identity Team
Author-email: dev-identity@lists.mozilla.org
License: MPLv2.0
Description: ========================================================
        PyBrowserID: a python library for the BrowseriD Protocol
        ========================================================
        
        This is a python client library for the BrowserID protocol:
        
            https://browserid.org/
        
        For the vast majority of deployments, you will simply want to call the "verify"
        functon to verify a given assertion::
        
            >>> data = browserid.verify(BROWSERIDASSERTION, "http://mysite.com")
            >>> print data["email"]
            "test@example.com"
        
        The precise implementation of this function will change depending on the
        current recommendedations of the BrowserID team.  Currently it POSTs the
        assertion to the remote verifier services on browserid.org.
        
        Note that you *must* specify your site's root URL as the second argument
        to that function.  This is the "expected audience" and is a key security
        feature of BrowserID.
        
        If you are not able to determine the precise hostname by which your site
        is being accessed (e.g. due to virtual hosting) then you may specify one or
        more wildcard patterns like so::
        
            >>> data = browserid.verify(BROWSERIDASSERTION, ["http://*.mysite.com"])
            >>> print data["email"]
            "test@example.com"
        
        For finer control over the verification process, you can create an instance of
        a "Verifier" class and avoid having to specify the audience patterns over
        and over again::
        
            >>> verifier = browserid.RemoteVerifier(["*.mysite.com"])
            >>> data = verifier.verify(BROWSERIDASSERTION)
            >>> print data["email"]
            "test@example.com"
        
        For improved performance, or if you just want to live on the bleeding edge,
        you can explicitly perform verification locally by using the LocalVerifier
        class like so::
        
            >>> verifier = browserid.LocalVerifier(["*.mysite.com"])
            >>> data = verifier.verify(BROWSERIDASSERTION)
            >>> print data["email"]
            "test@example.com"
        
        Note that the details of the BrowserID Protocol are still in flux, so
        local verification might break due to incompatible changes.  As things 
        stabilise this will become the default implementation.
        
        
        
        0.4.0 - 2012-03-13
        ==================
        
          * Renamed from PyVEP to PyBrowserID, in keeping with Mozilla branding.
          * Audience checking now accepts glob-style patterns as well as fixed
            audience strings.
          * Verifier objects now accept a list of audience patterns as their first
            argument.  This is designed to encourage doing the right thing rather than,
            say, passing in the hostname from the request.
          * Allowed LocalVerifier to use of a custom JWT parser.
          * Removed browserid.verify_[remote|local|dummy] since they just cause
            confusion.  You should either accept the defaults provided by the
            browserid.verify function, or use a full-blown Verifier object.
          * Split certificate loading and caching into a separate class, in
            browserid.certificates:CertificatesManager.
          * Removed the DummyVerifier class in favour of supporting functions
            in browserid.tests.support.
        
        
        0.3.2 - 2012-02-03
        ==================
        
          * Fix segfaults on OSX.
          * Update license to MPL 2.0.
        
        
        0.3.1 - 2012-01-24
        ==================
        
          * Update the audience-extraction code in RemoteVerifier to support the
            new-style assertion format; thanks junkafarian.
        
        
        0.3.0 - 2012-01-06
        ==================
        
          * Support the "new-style" VEP assertion format.  This avoids double-b64-
            encoding and generally results in smaller assertions.
          * Warn rather than fail if we can't find the CA certificates.  This will
            help new users get up and running more easily.
          * Add shortcut functions for verification with the default options.
            They are vep.verify(), vep.verify_remote(), vep.verify_local(), and 
            vep.verify_dummy().
          * Add vep.utils.get_assertion_info(), which parses useful information out
            of an assertion without actually verifying it.
          * Make LocalVerifier expire cached public keys after 6 hours by default.
          * Allow LocalVerifier to take a user-specified cache object so that public
            keys can be stored in e.g. memcached.
          * Update to the latest issuer-key-fetch protocol (using /.well-known/vep).
          * Add InvalidIssuerError to report on invalid or untrusted issuers.
          * Clean up the internal JWT interface.  It now uses module-level functions
            rather than classmethods.
        
        
        0.2.1 - 2011-12-16
        ==================
        
         * Use M2Crypto for faster DSA operations.
         * DummyVerifier: fix hex formatting for compatability with jwcrypto.
         * DummyVerifier: don't emit FutureWarning on initialisation.
        
        
        0.2.0 - 2011-12-07
        ==================
        
         * do more validation of the assertion before checking the certificates,
           to avoid expensive crypto ops for things we know to be invalid.
         * implement DummyVerifier class to aid in testing, both of this package
           and of packages that are using PyVEP.
         * add exception hierarchy in vep.errors, so that calling code can easily
           tell why verification failed.
        
        
        0.1.1 - 2011-12-01
        ==================
        
         * add "diresworb.org" to default list of trusted secondaries.
         * implement additional signature algorithms.
         * if "hostname/.well-known/host-meta" gives a 404, fall back to "hostname/pk"
           to find the public key.
        
        
        0.1.0 - 2011-11-23
        ==================
        
         * initial release.
        
        
Keywords: authentication browserid login email
Platform: UNKNOWN
Classifier: Programming Language :: Python
Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)
