Extension to allow paswordless login to the CKAN API
Project description
CKAN Passwordless API
Extension to allow paswordless login to the CKAN API.
Documentation: https://envidat.gitlab-pages.wsl.ch/ckanext-passwordless_api/
Source Code: https://gitlabext.wsl.ch/EnviDat/ckanext-passwordless_api
This plugin is primarily intended for custom frontends built on the CKAN API.
By using API tokens from CKAN core (>2.9), this plugin provides an authentication flow where:
- Users receive a login token via email (via reset key in core).
- API token is returned on valid login token (reset key) submission.
- The API token should then be included in Authorization headers from the frontend --> CKAN calls.
Based on work by @espona (Lucia Espona Pernas) for ckanext-passwordless (https://github.com/EnviDat/ckanext-passwordless).
Config
Optional variables can be set in your ckan.ini:
- passwordless_api.guidelines_url
- Description: A link to your website guidelines.
- Default: None, not included.
- passwordless_api.policies_url
- Description: A link to your website policies.
- Default: None, not included.
- passwordless_api.welcome_template
- Description: Path to welcome template to render as html email.
- Default: uses default template.
- passwordless_api.reset_key_template
- Description: Path to reset key template to render as html email
- Default: uses default template.
- passwordless_api.cookie_name
- Description: Set to place the API token in a cookie, with given name.
The cookie will default to
secure
,httpOnly
,samesite: Lax
. - Default: None, no cookie used.
- Description: Set to place the API token in a cookie, with given name.
The cookie will default to
- passwordless_api.cookie_domain
- Description: The domain for samesite to respect, required if cookie set.
- Default: None.
- passwordless_api.cookie_samesite
- Description: To change the cookie samesite value to
Strict
. Only enable this if you know what you are doing. - Default: None, samesite value is set to
Lax
.
- Description: To change the cookie samesite value to
- passwordless_api.cookie_http_only
- Description: Use a httpOnly cookie, recommended.
- Default: true.
- passwordless_api.cookie_path
- Description: Set a specific path to use the cookie, e.g.
/api
. - Default:
/
(all paths).
- Description: Set a specific path to use the cookie, e.g.
Endpoints
POST
- <CKAN_HOST>/api/3/action/passwordless_request_reset_key
- Description: Request a login token for a given email.
- Creates user if they do not exist & sends welcome email.
- Param1: email (str).
- <CKAN_HOST>/api/3/action/passwordless_request_api_token
- Description: Request an API token, given the email and login token (reset_key).
- Param1: email (str).
- Param2: key (str).
- <CKAN_HOST>/api/3/action/passwordless_revoke_api_token
- Description: Revoke an API token.
- Param1: token (str).
GET
- <CKAN_HOST>/api/3/action/passwordless_revoke_api_token
- Description: If logged in, revoke the current API token.
- <CKAN_HOST>/api/3/action/passwordless_get_user
- Description: Get user details, given their API token. Also resets and returns a new API token (i.e. renewal).
Notes
- It is also recommended to disable access to the API via cookie, to help prevent CSRF:
ckan.auth.disable_cookie_auth_in_api = true
- The configuration for API tokens can be configured in core:
api_token.nbytes = 60
api_token.jwt.decode.secret = string:YOUR_SUPER_SECRET_STRING
api_token.jwt.algorithm = HS256
# expire_api_token plugin (unit = 1 day in seconds, lifetime = 3 days)
expire_api_token.default_lifetime = 3
expire_api_token.default_unit = 86400
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for ckanext-passwordless-api-0.3.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0cfb813d730cd93abf919dcf921b13fc7bae8580e2f9967e023aea098fae7b16 |
|
MD5 | af56c22a7b10004791529f668144c701 |
|
BLAKE2b-256 | a1d81dc759d9d680ac3b328de8cd3e5047e7a6042a80156ced7648fcfea8196b |
Close
Hashes for ckanext_passwordless_api-0.3.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9c7686f6c4a6292be93656f91b9a8b7212201f000afc3397fe17221f421645d0 |
|
MD5 | e4862e281f1723cd8a54666fa5890552 |
|
BLAKE2b-256 | faa212e3e60623dc24d3daeddf9dc9c827469167d8b152c1f1518f31e4e5f13b |