endi_oidc_provider

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tonthon21 from gravatar.com tonthon21

Unverified details

These details have not been verified by PyPI
Meta
  • Tags web, wsgi, bfg, pylons, pyramid
Classifiers

Project description

This is still a work in progress.

Open Id connect provider based on enDI (http://endi.coop).

Only Authorization Code Flow is supported

Getting Started

Install

Install oidc provider in the same virtual environment as endi.

$VENV/bin/pip install endi_oidc_provider

Configure your development.ini file

  • Ensure the paths to the session files :

    • session.data_dir : path on disk

    • session.lock_dir : path on disk

  • Set the connection uri for database access :

    • sqlalchemy.url : the mysql uri to access endi’s database

  • Configure oidc specific keys (unique salt and oidc endpoint url ):

    • oidc.salt : a unique salt used for encryption

    • oidc.issuer_url : url of the oidc endpoint (like https://myendi.coop/oidc)

Start the service

  • $VENV/bin/pserve development.ini

enDI integration

In your enDI’s ini file add the following :

pyramid.includes =
                    ...
                    endi_oidc_provider
                    ...

That’s for model registration so that the db startup initialize the tables.

And add the following :

endi.includes =
                    ...
                    endi_oidc_provider.plugin
                    ...

It adds an administration panel to manage the oidc consumers that access the API.

Authorization handling

Client’s key

You can generate a Client private key through command-line or through the administration panel https://myendi.coop/admin/oidc/

oidc-manage <config_uri> clientadd --client=<client> --uri=<redirect_uri> --scopes=<scopes> --cert_salt=<cert_salt> --logout_uri=<logout_uri> --admin_email=<admin_email>

  • config_uri : Your ini file

  • client: A label for your client

  • redirect_uri : The redirect uri has described in the openid connect specifications (The one passed in the Authorize step)

  • scopes : The scope the application is requesting (at least the openid scope should be provided) e.g: “openid profile”

  • cert_salt : A salt random key that will be used to encrypt the client secret in the database

  • logout_uri : The uri to call on global logout (will be called through iframes)

  • admin_email: The e-mail of the consumers administrator

After generating both client_id and client_secret. The client app is able to request authentication. The client secret and client id should be pased to the consumer’s admin, they are mandatory to allow the oidc authentication/authorization.

Authorize Endpoint

The client app can call the Authorization url :

https://myoidc_provider.com/oidc/authorize

It authenticates the user and returns an Authorization code in the response.

Token url

Called in the background, the Token endpoint is accessible at the following url :

https://myoidc_provider.com/oidc/token

The RFC : https://tools.ietf.org/html/rfc6749#section-2.3.1

Describes Client Password transmission methods.

Supported client auth method :

  • Through request headers : Basic auth tokens are supported

  • Through request POST params : client_id and client_secret keys are then expected

In the response you get :

  • An access token with mandatory informations

  • An id_token JWS encrypted as described in the spec

  • Since we use code flow, the id_token also returns the at_hash access_token identification key

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tonthon21 from gravatar.com tonthon21

Unverified details

These details have not been verified by PyPI
Meta
  • Tags web, wsgi, bfg, pylons, pyramid
Classifiers

Release history Release notifications | RSS feed

6.3.1

6.3.0

6.3.0a1 pre-release

This version

6.2.0

6.2.0a0 pre-release

6.0.1

5.0.1

5.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

endi_oidc_provider-6.2.0.tar.gz (33.0 kB view details)

Uploaded Source

Built Distribution

endi_oidc_provider-6.2.0-py3-none-any.whl (40.8 kB view details)

Uploaded Python 3

File details

Details for the file endi_oidc_provider-6.2.0.tar.gz.

File metadata

  • Download URL: endi_oidc_provider-6.2.0.tar.gz
  • Upload date:
  • Size: 33.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.1.3 requests-toolbelt/0.9.1 tqdm/4.56.1 CPython/3.9.7

File hashes

Hashes for endi_oidc_provider-6.2.0.tar.gz
Algorithm Hash digest
SHA256 5d17ebb7fee07e3998cd3c09bf6295d1fef292711137dd5b74d7d666cd0316c7
MD5 e88de7c3b4980a5e45ef174c6a9c4112
BLAKE2b-256 441ff94c93b64c5173e58579c2878388e2121e67ff6acc70c0953768d5a45e16

See more details on using hashes here.

File details

Details for the file endi_oidc_provider-6.2.0-py3-none-any.whl.

File metadata

  • Download URL: endi_oidc_provider-6.2.0-py3-none-any.whl
  • Upload date:
  • Size: 40.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.1.3 requests-toolbelt/0.9.1 tqdm/4.56.1 CPython/3.9.7

File hashes

Hashes for endi_oidc_provider-6.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cc7576958441318ba0b981176cc72c5428f678c520d60eceec3b3409ceb2a757
MD5 853fa1f3b7040f698cbe5fe834e8d9b0
BLAKE2b-256 160b7fe983c953a22c06812f2c931090bfc5be47b6f56bd2dfd3994346c96857

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page