OAuth Provider Support

[paulosman]

In order to provide standards based authentication to the P2PU API, we'll need to implement support for OAuth 2.0. I've started a first cut of this with bd269c9. To test out what is currently there:

• Create a client application using the Django console:

from django.contrib.auth.models import User
from oauth2app.models import Client

user = User.objects.get(...) # get some user
client = Client.objects.create(name='Sample App', user=user, redirect_uri='http://localhost:3000')

# print client credentials
print client.key
print client.secret

• Construct authorization URL and authorize the app.

http://localhost:8000/oauth/authorize?client_id=<from_above>&redirect_uri=http://localhost:3000/callback&response_type=code

• Approve the app's authorization request and you'll be redirected to the callback URL (it's fine if it 404s) with a code query string parameter. Save that code for the following step.
• Exchange authorization code for access token. This is best done with curl:

curl -X POST http://localhost:3000/oauth/token -d'client_id=from_above' -d'client_secret=from_above' -d'code=from_above' -d'redirect_uri=http://localhost:3000/callback' -d'grant_type=authorization_code'

If successful, the response should be a JSON object with information about the access token.

• Extract the access token property to test out an authenticated request:

curl "http://localhost:3000/oauth/test?bearer_token=from_above"

Recommended steps to complete this issue:

1. Security audit. This uses oauth2app which seems fairly popular. We should still make sure we're not introducing any security vulnerabilities by adding this.
2. Pretty up the Authorization page (templates/oauth/authorize.html).
3. Implement support for authentication throughout the existing API.