Extension to allow paswordless login to the CKAN API
Project description
CKAN Passwordless API
Extension to allow paswordless login to the CKAN API.
Documentation: https://envidat.gitlab-pages.wsl.ch/ckanext-passwordless_api/
Source Code: https://gitlabext.wsl.ch/EnviDat/ckanext-passwordless_api
This plugin is primarily intended for custom frontends built on the CKAN API.
By using API tokens from CKAN core (>2.9), this plugin provides an authentication flow where:
- Users receive a login token via email (via reset key in core).
- API token is returned on valid login token (reset key) submission.
- The API token should then be included in Authorization headers from the frontend --> CKAN calls.
Based on work by @espona (Lucia Espona Pernas) for ckanext-passwordless (https://github.com/EnviDat/ckanext-passwordless).
Config
Optional variables can be set in your ckan.ini to modify the email templates:
- passwordless_api.guidelines_url Description: A link to your website guidelines. Default: None, not included.
- passwordless_api.policies_url Description: A link to your website policies. Default: None, not included.
- passwordless_api.welcome_template Description: Path to welcome template to render as html email. Default: uses default template.
- passwordless_api.reset_key_template Description: Path to reset key template to render as html email Default: uses default template.
Endpoints
All endpoints require a POST body.
- passwordless_request_reset_key Description: Request a login token for a given email. Creates user if they do not exist & sends welcome email. Param1: email (str).
- passwordless_request_api_token Description: Request an API token, given the email and login token (reset_key). Param1: email (str). Param2: key (str).
- passwordless_revoke_api_token Description: Revoke an API token. Param1: token (str).
Notes
- It is also recommended to disable access to the API via cookie, to help prevent CSRF:
ckan.auth.disable_cookie_auth_in_api = true
- The configuration for API tokens can be configured in core:
api_token.nbytes = 60
api_token.jwt.decode.secret = string:YOUR_SUPER_SECRET_STRING
api_token.jwt.algorithm = HS256
# expire_api_token plugin (unit = 1 day in seconds, lifetime = 3 days)
expire_api_token.default_lifetime = 3
expire_api_token.default_unit = 86400
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for ckanext-passwordless-api-0.1.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | f5d5007d5d3b1e779cf1baf9ccaa302e64d2c25a2a968d1fe125da09618a6030 |
|
MD5 | e7f5b8d5c659da0a1646de5b0eb4f2d5 |
|
BLAKE2b-256 | d3e7e74c4e998c9b850f1c8f968899d6adc7138c94a3670535182799c1a6579b |
Close
Hashes for ckanext_passwordless_api-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 36521a3ec77097d08551de0cef7e6380839ac006ef29da517fa60a26d3b9ee50 |
|
MD5 | 96695b0a51c07e9f8c034e37e56e7d79 |
|
BLAKE2b-256 | 0dddc9796c0f648a884fbfe9ab466a45bfb10c60c0bcc2cf417544f4be5c4703 |