{{ DESCRIPTION }}
Project description
Oauth2 Flask Service
A generic OAuth2 authentication service and user permission manager.
Based off OpenSpending auth service.
Quick start
Clone the repo and install
make install
Run tests
make test
Run server
python server.py
Env Vars
PRIVATE_KEY
&PUBLIC_KEY
an RSA key-pair in PEM format. Seetools/generate_key_pair.sh
for more info.GOOGLE_KEY
&GOOGLE_SECRET
: OAuth credentials for authenticating with GoogleGITHUB_KEY
&GITHUB_SECRET
: OAuth credentials for authenticating with GithubDATABASE_URL
: A SQLAlchemy compatible database connection string (where user data is stored)EXTERNAL_ADDRESS
: The hostname where this service is located onALLOWED_SERVICES
: Which permissions providers are available. A;
delimited list of provider identifiers. Each provider identifier takes the form of[alias:]provider
, whereprovider
is the name of a Python module which exports aget_permissions(service, userid)
function.INSTALLED_EXTENSIONS
: List of installed extensions. A;
delimited list ofextension
- the name of a Python modules which exports one or all of these functionson_new_user(user_info)
on_user_login(user_info)
on_user_logout(user_info)
API
Check an authentication token's validity
/auth/check
Method: GET
Query Parameters:
jwt
- authentication tokennext
- URL to redirect to when finished authentication
Returns:
If authenticated:
{
"authenticated": true,
"profile": {
"id": "<user-id>",
"name": "<user-name>",
"email": "<user-email>",
"avatar_url": "<url-for-user's-profile-photo>",
"idhash": "<unique-id-of-the-user>",
"username": "<user-selected-id>" # If user has a username
}
}
If not:
{
"authenticated": false,
"providers": {
"google": {
"url": "<url-for-logging-in-with-the-Google-provider>"
},
"github": {
"url": "<url-for-logging-in-with-the-Github-provider>"
},
}
}
When the authentication flow is finished, the caller will be redirected to the next
URL with an extra query parameter
jwt
which contains the authentication token. The caller should cache this token for further interactions with the API.
Get permission for a service
/auth/authorize
Method: GET
Query Parameters:
jwt
- user token (received from/user/check
)service
- the relevant service (e.g.storage-service
)
Returns:
{
"token": "<token-for-the-relevant-service>"
"userid": "<unique-id-of-the-user>",
"permissions": {
"permission-x": true,
"permission-y": false
},
"service": "<relevant-service>"
}
Change the username
/auth/update
Method: POST
Query Parameters:
jwt
- authentication token (received from/user/check
)username
- A new username for the user profile (this action is only allowed once)
Returns:
{
"success": true,
"error": "<error-message-if-applicable>"
}
Note: trying to update other user profile fields like email
will fail silently and return
{
"success": true
}
Receive authorization public key
/auth/public-key
Method: GET
Returns:
The service's public key in PEM format.
Can be used by services to validate that the permission token is authentic.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file dgp-oauth2-1.3.4.tar.gz
.
File metadata
- Download URL: dgp-oauth2-1.3.4.tar.gz
- Upload date:
- Size: 81.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ef1b3fd2af2e69b0b3eddc73b9841b2bf8a96bc87ce0c8a5fe3da41fa8f14de5 |
|
MD5 | 4c49fbfb3e9c14b1d7e3210f7601650b |
|
BLAKE2b-256 | fdd4060e88d28408d488a59da9f4b3a2ee775c39b330823bd3ab93fecabbd468 |
File details
Details for the file dgp_oauth2-1.3.4-py3-none-any.whl
.
File metadata
- Download URL: dgp_oauth2-1.3.4-py3-none-any.whl
- Upload date:
- Size: 12.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 31bd74be50a268f6978e69a6742764caedd05a67ee64ab054ecb27d8cc672a6e |
|
MD5 | 42cf9a124a6bc3b00411cf8d610e6c21 |
|
BLAKE2b-256 | f8ca664e980fa6ddbec44d7b21b7db8fac6cbc321595d65df4d3ea7a6390efbe |