Extension to allow paswordless login to the CKAN API
Project description
CKAN Passwordless API
Extension to allow paswordless login to the CKAN API.
Documentation: https://envidat.gitlab-pages.wsl.ch/ckanext-passwordless_api/
Source Code: https://gitlabext.wsl.ch/EnviDat/ckanext-passwordless_api
This plugin is primarily intended for custom frontends built on the CKAN API.
By using API tokens from CKAN core (>2.9), this plugin provides an authentication flow where:
- Users receive a login token via email (via reset key in core).
- API token is returned on valid login token (reset key) submission.
- The API token should then be included in Authorization headers from the frontend --> CKAN calls.
Based on work by @espona (Lucia Espona Pernas) for ckanext-passwordless (https://github.com/EnviDat/ckanext-passwordless).
Config
Optional variables can be set in your ckan.ini to modify the email templates:
- passwordless_api.guidelines_url Description: A link to your website guidelines. Default: None, not included.
- passwordless_api.policies_url Description: A link to your website policies. Default: None, not included.
- passwordless_api.welcome_template Description: Path to welcome template to render as html email. Default: uses default template.
- passwordless_api.reset_key_template Description: Path to reset key template to render as html email Default: uses default template.
Endpoints
POST
- <CKAN_HOST>/api/3/action/passwordless_request_reset_key
- Description: Request a login token for a given email.
- Creates user if they do not exist & sends welcome email.
- Param1: email (str).
- <CKAN_HOST>/api/3/action/passwordless_request_api_token
- Description: Request an API token, given the email and login token (reset_key).
- Param1: email (str).
- Param2: key (str).
- <CKAN_HOST>/api/3/action/passwordless_revoke_api_token
- Description: Revoke an API token.
- Param1: token (str).
GET
- <CKAN_HOST>/api/3/action/passwordless_get_user
- Description: Get user details, given their API token. Also resets and returns a new API token (i.e. renewal).
Notes
- It is also recommended to disable access to the API via cookie, to help prevent CSRF:
ckan.auth.disable_cookie_auth_in_api = true
- The configuration for API tokens can be configured in core:
api_token.nbytes = 60
api_token.jwt.decode.secret = string:YOUR_SUPER_SECRET_STRING
api_token.jwt.algorithm = HS256
# expire_api_token plugin (unit = 1 day in seconds, lifetime = 3 days)
expire_api_token.default_lifetime = 3
expire_api_token.default_unit = 86400
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for ckanext-passwordless-api-0.2.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | c2690b06f76fadad26e27b79b0cdcdafc848d1ec86ca17b1cc29069e030dcaa2 |
|
MD5 | 713db6255c46dc678b76a477b1777993 |
|
BLAKE2b-256 | e53ed8753a61afa1c0e922b4ff825e9b090ed80f2d8a0ff9dd098af2311427d8 |
Close
Hashes for ckanext_passwordless_api-0.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 19ae41e09060ee77f04149f987905e00608c6ccf2f019528892abbeeae518012 |
|
MD5 | b1653152e22f5990cdd226b3f2709d4b |
|
BLAKE2b-256 | a8eb0f5b57441252a244af08a14e3d9077e0af1aaa8640fbe4fe6f5e87809380 |