Skip to main content

Extension to allow paswordless login to the CKAN API

Project description

CKAN Passwordless API

Extension to allow paswordless login to the CKAN API.

Documentation: https://envidat.gitlab-pages.wsl.ch/ckanext-passwordless_api/

Source Code: https://gitlabext.wsl.ch/EnviDat/ckanext-passwordless_api


This plugin is primarily intended for custom frontends built on the CKAN API.

By using API tokens from CKAN core (>2.9), this plugin provides an authentication flow where:

  1. Users receive a login token via email (via reset key in core).
  2. API token is returned on valid login token (reset key) submission.
  3. The API token should then be included in Authorization headers from the frontend --> CKAN calls.

Based on work by @espona (Lucia Espona Pernas) for ckanext-passwordless (https://github.com/EnviDat/ckanext-passwordless).

Config

Optional variables can be set in your ckan.ini to modify the email templates:

  • passwordless_api.guidelines_url Description: A link to your website guidelines. Default: None, not included.
  • passwordless_api.policies_url Description: A link to your website policies. Default: None, not included.
  • passwordless_api.welcome_template Description: Path to welcome template to render as html email. Default: uses default template.
  • passwordless_api.reset_key_template Description: Path to reset key template to render as html email Default: uses default template.

Endpoints

All endpoints require a POST body.

  • passwordless_request_reset_key Description: Request a login token for a given email. Creates user if they do not exist & sends welcome email. Param1: email (str).
  • passwordless_request_api_token Description: Request an API token, given the email and login token (reset_key). Param1: email (str). Param2: key (str).
  • passwordless_revoke_api_token Description: Revoke an API token. Param1: token (str).

Notes

  • It is also recommended to disable access to the API via cookie, to help prevent CSRF: ckan.auth.disable_cookie_auth_in_api = true
  • The configuration for API tokens can be configured in core:
api_token.nbytes = 60
api_token.jwt.decode.secret = string:YOUR_SUPER_SECRET_STRING
api_token.jwt.algorithm = HS256

# expire_api_token plugin (unit = 1 day in seconds, lifetime = 3 days)
expire_api_token.default_lifetime = 3
expire_api_token.default_unit = 86400

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ckanext-passwordless-api-0.1.0.tar.gz (10.5 kB view details)

Uploaded Source

Built Distribution

ckanext_passwordless_api-0.1.0-py3-none-any.whl (3.4 kB view details)

Uploaded Python 3

File details

Details for the file ckanext-passwordless-api-0.1.0.tar.gz.

File metadata

File hashes

Hashes for ckanext-passwordless-api-0.1.0.tar.gz
Algorithm Hash digest
SHA256 f5d5007d5d3b1e779cf1baf9ccaa302e64d2c25a2a968d1fe125da09618a6030
MD5 e7f5b8d5c659da0a1646de5b0eb4f2d5
BLAKE2b-256 d3e7e74c4e998c9b850f1c8f968899d6adc7138c94a3670535182799c1a6579b

See more details on using hashes here.

File details

Details for the file ckanext_passwordless_api-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for ckanext_passwordless_api-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 36521a3ec77097d08551de0cef7e6380839ac006ef29da517fa60a26d3b9ee50
MD5 96695b0a51c07e9f8c034e37e56e7d79
BLAKE2b-256 0dddc9796c0f648a884fbfe9ab466a45bfb10c60c0bcc2cf417544f4be5c4703

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page