Federated Open Authentication (FedOAuth)
========================================
FedOAuth is a provider for federated authentication mechanisms with a modular authentication backend.

Currently shipped are:
- OpenID
- Persona / BrowserID


Setup
-----
To setup a local hack instance, just copy fedoauth.cfg.sample to fedoauth.cfg, copy fedoauth.log.cfg.sample to fedoauth.log.cfg,
run "python setup.py develop" and execute ./runserver.

It should now say something like "Running on http://....:5000/"

Please note that by default all authentication backends and providers are disabled.


OpenID
------
The OpenID provider will work out of the box after configuration.

Please make sure to set enabled to True.


Persona
-------
Please note that Persona will require your server to be internet-accessible over TLS.

To get the Persona provider working, you need to generate a 2048-bit RSA key.
To do this, execute: openssl genrsa -des3 -out persona.key 2048

After this, configure the filename and passphrase to this key.

Please note that for this to work, you need to serve FedOAuth on the core of a domain with SSL.

If you host FedOAuth on id.example.com, you can get username@example.com to verify by putting a file with the following contents in the .well-known/browserid path for example.com:

{ "authority": "id.example.com" }

Please note that this file must be served over HTTPS.

Also, when using this (called delegation), CAREFULLY read the comment on the PERSONA_ISSUER configuration key.


Problems
--------
If you have any questions, do not hestitate to contact me.
Either ping me on IRC (puiterwijk on FreeNode) or drop an email to patrick AT puiterwijk DOT org.