Extension to allow paswordless login to the CKAN API
Project description
CKAN Passwordless API
Documentation: https://envidat.gitlab-pages.wsl.ch/ckanext-passwordless_api/
Source Code: https://gitlabext.wsl.ch/EnviDat/ckanext-passwordless_api
This plugin is primarily intended for custom frontends built on the CKAN API.
By using API tokens from CKAN core (>2.9), this plugin provides an authentication flow where:
- Users receive a login token via email (via reset key in core).
- API token is returned on valid login token (reset key) submission.
- The API token should then be included in Authorization headers from the frontend --> CKAN calls.
Based on work by @espona (Lucia Espona Pernas) for ckanext-passwordless (https://github.com/EnviDat/ckanext-passwordless).
Config
Optional variables can be set in your ckan.ini to modify the email templates:
- passwordless_api.guidelines_url Description: A link to your website guidelines. Default: None, not included.
- passwordless_api.policies_url Description: A link to your website policies. Default: None, not included.
- passwordless_api.welcome_template Description: Path to welcome template to render as html email. Default: uses default template.
- passwordless_api.reset_key_template Description: Path to reset key template to render as html email Default: uses default template.
Endpoints
POST
- <CKAN_HOST>/api/3/action/passwordless_request_reset_key
- Description: Request a login token for a given email.
- Creates user if they do not exist & sends welcome email.
- Param1: email (str).
- <CKAN_HOST>/api/3/action/passwordless_request_api_token
- Description: Request an API token, given the email and login token (reset_key).
- Param1: email (str).
- Param2: key (str).
- <CKAN_HOST>/api/3/action/passwordless_revoke_api_token
- Description: Revoke an API token.
- Param1: token (str).
GET
- <CKAN_HOST>/api/3/action/passwordless_get_user
- Description: Get user details, given their API token. Also resets and returns a new API token (i.e. renewal).
Notes
- It is also recommended to disable access to the API via cookie, to help prevent CSRF:
ckan.auth.disable_cookie_auth_in_api = true - The configuration for API tokens can be configured in core:
api_token.nbytes = 60
api_token.jwt.decode.secret = string:YOUR_SUPER_SECRET_STRING
api_token.jwt.algorithm = HS256
# expire_api_token plugin (unit = 1 day in seconds, lifetime = 3 days)
expire_api_token.default_lifetime = 3
expire_api_token.default_unit = 86400
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file ckanext-passwordless-api-0.2.0.tar.gz.
File metadata
- Download URL: ckanext-passwordless-api-0.2.0.tar.gz
- Upload date:
- Size: 11.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c2690b06f76fadad26e27b79b0cdcdafc848d1ec86ca17b1cc29069e030dcaa2 |
|
| MD5 | 713db6255c46dc678b76a477b1777993 |
|
| BLAKE2b-256 | e53ed8753a61afa1c0e922b4ff825e9b090ed80f2d8a0ff9dd098af2311427d8 |
File details
Details for the file ckanext_passwordless_api-0.2.0-py3-none-any.whl.
File metadata
- Download URL: ckanext_passwordless_api-0.2.0-py3-none-any.whl
- Upload date:
- Size: 3.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 19ae41e09060ee77f04149f987905e00608c6ccf2f019528892abbeeae518012 |
|
| MD5 | b1653152e22f5990cdd226b3f2709d4b |
|
| BLAKE2b-256 | a8eb0f5b57441252a244af08a14e3d9077e0af1aaa8640fbe4fe6f5e87809380 |
