endi_oidc_provider
Project description
enDI OpenID Provider
=================================
This is still a work in progress.
Open Id connect provider based on enDI (http://endi.coop).
Only *Authorization Code Flow* is supported
Getting Started
---------------
- cd <directory containing this file>
- $VENV/bin/pip install -e .
- $VENV/bin/initialize_endi_oidc_provider_db development.ini
- $VENV/bin/pserve development.ini
Authorization handling
-----------------------
Generate a new client's key :
.. code-block:: console
oidc-manage <config_uri> clientadd --client=<client> --uri=<redirect_uri> --scopes=<scopes> --cert_salt=<cert_salt>
config_uri : Your ini file
client: A label for your client
redirect_uri : The redirect uri has described in the openid connect specifications (The one passed in the Authorize step)
scopes : The scope the application is requesting (at least the openid scope should be provided) e.g: "openid profile"
cert_salt : A salt random key that will be used to encrypt the client secret in the database
After generating both client_id and client_secret. The client app is able to request authentication.
Authorize Endpoint
........................
The client app can call the Authorization url :
https://myoidc_provider.com/oidc/authorize
It allows :
- Authenticate a user
- Get an Authorization code in the response
Token url
.........................
Called in the background, the Token endpoint is accessible at the following url :
https://myoidc_provider.com/oidc/token
The RFC : https://tools.ietf.org/html/rfc6749#section-2.3.1
Describes Client Password transmission methods.
Supported client auth method :
* Through request headers : Basic auth tokens are supported
* Through request POST params : client_id and client_secret keys are then expected
In the response you get :
- An access token with mandatory informations
- An id_token JWS encrypted as described in the spec
- Since we use code flow, the id_token also returns the at_hash access_token identification key
enDI integration
-----------------------
In your enDI's ini file add the following :
.. codeblock:: python
pyramid.includes =
...
endi_oidc_provider
...
(That's for model registration so that the db startup initialize the tables)
And add the following :
.. codeblock::
endi.includes =
...
endi_oidc_provider.plugin
...
That register OIDC client application configuration UI :
* routes
* views
* traversal tree branch
* template api stuff
* templates
* menu entries
0.0
---
- Initial version
=================================
This is still a work in progress.
Open Id connect provider based on enDI (http://endi.coop).
Only *Authorization Code Flow* is supported
Getting Started
---------------
- cd <directory containing this file>
- $VENV/bin/pip install -e .
- $VENV/bin/initialize_endi_oidc_provider_db development.ini
- $VENV/bin/pserve development.ini
Authorization handling
-----------------------
Generate a new client's key :
.. code-block:: console
oidc-manage <config_uri> clientadd --client=<client> --uri=<redirect_uri> --scopes=<scopes> --cert_salt=<cert_salt>
config_uri : Your ini file
client: A label for your client
redirect_uri : The redirect uri has described in the openid connect specifications (The one passed in the Authorize step)
scopes : The scope the application is requesting (at least the openid scope should be provided) e.g: "openid profile"
cert_salt : A salt random key that will be used to encrypt the client secret in the database
After generating both client_id and client_secret. The client app is able to request authentication.
Authorize Endpoint
........................
The client app can call the Authorization url :
https://myoidc_provider.com/oidc/authorize
It allows :
- Authenticate a user
- Get an Authorization code in the response
Token url
.........................
Called in the background, the Token endpoint is accessible at the following url :
https://myoidc_provider.com/oidc/token
The RFC : https://tools.ietf.org/html/rfc6749#section-2.3.1
Describes Client Password transmission methods.
Supported client auth method :
* Through request headers : Basic auth tokens are supported
* Through request POST params : client_id and client_secret keys are then expected
In the response you get :
- An access token with mandatory informations
- An id_token JWS encrypted as described in the spec
- Since we use code flow, the id_token also returns the at_hash access_token identification key
enDI integration
-----------------------
In your enDI's ini file add the following :
.. codeblock:: python
pyramid.includes =
...
endi_oidc_provider
...
(That's for model registration so that the db startup initialize the tables)
And add the following :
.. codeblock::
endi.includes =
...
endi_oidc_provider.plugin
...
That register OIDC client application configuration UI :
* routes
* views
* traversal tree branch
* template api stuff
* templates
* menu entries
0.0
---
- Initial version
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
endi_oidc_provider-5.0.0.tar.gz
(30.2 kB
view details)
Built Distribution
File details
Details for the file endi_oidc_provider-5.0.0.tar.gz.
File metadata
- Download URL: endi_oidc_provider-5.0.0.tar.gz
- Upload date:
- Size: 30.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/2.7.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d7c146e66b4fac5217192c2568f729836906f8ce8a99b3d54f99cdc24bc431fd |
|
| MD5 | fdafd64ba1e35e76db3dd7b0c3a526f8 |
|
| BLAKE2b-256 | 9452691a9f1fedda2f9dcd5e86026ca3bbf7175f31fc8f05c67bca31585873a7 |
File details
Details for the file endi_oidc_provider-5.0.0-py2-none-any.whl.
File metadata
- Download URL: endi_oidc_provider-5.0.0-py2-none-any.whl
- Upload date:
- Size: 40.7 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/2.7.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3eaa34f3e9426e3d328e33a65b8d1b6b9265a10a361f469f3ab58e20b6a815d8 |
|
| MD5 | f468c11c1c3d7049af0634a28df1cb9b |
|
| BLAKE2b-256 | 1de6190314f00ee737b82fa73af1303c21c051d7a04ce1c747742755515928df |
