Skip to main content

Extension to allow paswordless login to the CKAN API

Project description

CKAN Passwordless API

Extension to allow paswordless login to the CKAN API.

Documentation: https://envidat.gitlab-pages.wsl.ch/ckanext-passwordless_api/

Source Code: https://gitlabext.wsl.ch/EnviDat/ckanext-passwordless_api


This plugin is primarily intended for custom frontends built on the CKAN API.

By using API tokens from CKAN core (>2.9), this plugin provides an authentication flow where:

  1. Users receive a login token via email (via reset key in core).
  2. API token is returned on valid login token (reset key) submission.
  3. The API token should then be included in Authorization headers from the frontend --> CKAN calls.

Based on work by @espona (Lucia Espona Pernas) for ckanext-passwordless (https://github.com/EnviDat/ckanext-passwordless).

Config

Optional variables can be set in your ckan.ini:

  • passwordless_api.guidelines_url
    • Description: A link to your website guidelines.
    • Default: None, not included.
  • passwordless_api.policies_url
    • Description: A link to your website policies.
    • Default: None, not included.
  • passwordless_api.welcome_template
    • Description: Path to welcome template to render as html email.
    • Default: uses default template.
  • passwordless_api.reset_key_template
    • Description: Path to reset key template to render as html email
    • Default: uses default template.
  • passwordless_api.cookie_name
    • Description: Set to place the API token in a cookie, with given name. The cookie will default to secure, httpOnly, samesite: Lax.
    • Default: None, no cookie used.
  • passwordless_api.cookie_domain
    • Description: The domain for samesite to respect, required if cookie set.
    • Default: None.
  • passwordless_api.cookie_samesite
    • Description: To change the cookie samesite value to Strict. Only enable this if you know what you are doing.
    • Default: None, samesite value is set to Lax.
  • passwordless_api.cookie_http_only
    • Description: Use a httpOnly cookie, recommended.
    • Default: true.
  • passwordless_api.cookie_path
    • Description: Set a specific path to use the cookie, e.g. /api.
    • Default: / (all paths).

Endpoints

POST

  • <CKAN_HOST>/api/3/action/passwordless_request_reset_key
    • Description: Request a login token for a given email.
    • Creates user if they do not exist & sends welcome email.
    • Param1: email (str).
  • <CKAN_HOST>/api/3/action/passwordless_request_api_token
    • Description: Request an API token, given the email and login token (reset_key).
    • Param1: email (str).
    • Param2: key (str).
  • <CKAN_HOST>/api/3/action/passwordless_revoke_api_token
    • Description: Revoke an API token.
    • Param1: token (str).

GET

  • <CKAN_HOST>/api/3/action/passwordless_revoke_api_token
    • Description: If logged in, revoke the current API token.
  • <CKAN_HOST>/api/3/action/passwordless_get_user
    • Description: Get user details, given their API token. Also resets and returns a new API token (i.e. renewal).

Notes

  • It is also recommended to disable access to the API via cookie, to help prevent CSRF: ckan.auth.disable_cookie_auth_in_api = true
  • The configuration for API tokens can be configured in core:
api_token.nbytes = 60
api_token.jwt.decode.secret = string:YOUR_SUPER_SECRET_STRING
api_token.jwt.algorithm = HS256

# expire_api_token plugin (unit = 1 day in seconds, lifetime = 3 days)
expire_api_token.default_lifetime = 3
expire_api_token.default_unit = 86400

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ckanext-passwordless-api-0.3.0.tar.gz (12.4 kB view details)

Uploaded Source

Built Distribution

ckanext_passwordless_api-0.3.0-py3-none-any.whl (3.8 kB view details)

Uploaded Python 3

File details

Details for the file ckanext-passwordless-api-0.3.0.tar.gz.

File metadata

File hashes

Hashes for ckanext-passwordless-api-0.3.0.tar.gz
Algorithm Hash digest
SHA256 0cfb813d730cd93abf919dcf921b13fc7bae8580e2f9967e023aea098fae7b16
MD5 af56c22a7b10004791529f668144c701
BLAKE2b-256 a1d81dc759d9d680ac3b328de8cd3e5047e7a6042a80156ced7648fcfea8196b

See more details on using hashes here.

File details

Details for the file ckanext_passwordless_api-0.3.0-py3-none-any.whl.

File metadata

File hashes

Hashes for ckanext_passwordless_api-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9c7686f6c4a6292be93656f91b9a8b7212201f000afc3397fe17221f421645d0
MD5 e4862e281f1723cd8a54666fa5890552
BLAKE2b-256 faa212e3e60623dc24d3daeddf9dc9c827469167d8b152c1f1518f31e4e5f13b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page