endi_oidc_provider

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tonthon21 from gravatar.com tonthon21

Unverified details

These details have not been verified by PyPI
Meta
  • Tags web, wsgi, bfg, pylons, pyramid
Classifiers

Project description

This is still a work in progress.

Open Id connect provider based on enDI (http://endi.coop).

Only Authorization Code Flow is supported

Getting Started

Install

Install oidc provider in the same virtual environment as endi.

$VENV/bin/pip install endi_oidc_provider

Configure your development.ini file

  • Ensure the paths to the session files :

    • session.data_dir : path on disk

    • session.lock_dir : path on disk

  • Set the connection uri for database access :

    • sqlalchemy.url : the mysql uri to access endi’s database

  • Configure oidc specific keys (unique salt and oidc endpoint url ):

    • oidc.salt : a unique salt used for encryption

    • oidc.issuer_url : url of the oidc endpoint (like https://myendi.coop/oidc)

Start the service

  • $VENV/bin/pserve development.ini

enDI integration

In your enDI’s ini file add the following :

pyramid.includes =
                    ...
                    endi_oidc_provider
                    ...

That’s for model registration so that the db startup initialize the tables.

And add the following :

endi.includes =
                    ...
                    endi_oidc_provider.plugin
                    ...

It adds an administration panel to manage the oidc consumers that access the API.

Authorization handling

Client’s key

You can generate a Client private key through command-line or through the administration panel https://myendi.coop/admin/oidc/

oidc-manage <config_uri> clientadd --client=<client> --uri=<redirect_uri> --scopes=<scopes> --cert_salt=<cert_salt> --logout_uri=<logout_uri> --admin_email=<admin_email>

  • config_uri : Your ini file

  • client: A label for your client

  • redirect_uri : The redirect uri has described in the openid connect specifications (The one passed in the Authorize step)

  • scopes : The scope the application is requesting (at least the openid scope should be provided) e.g: “openid profile”

  • cert_salt : A salt random key that will be used to encrypt the client secret in the database

  • logout_uri : The uri to call on global logout (will be called through iframes)

  • admin_email: The e-mail of the consumers administrator

After generating both client_id and client_secret. The client app is able to request authentication. The client secret and client id should be pased to the consumer’s admin, they are mandatory to allow the oidc authentication/authorization.

Authorize Endpoint

The client app can call the Authorization url :

https://myoidc_provider.com/oidc/authorize

It authenticates the user and returns an Authorization code in the response.

Token url

Called in the background, the Token endpoint is accessible at the following url :

https://myoidc_provider.com/oidc/token

The RFC : https://tools.ietf.org/html/rfc6749#section-2.3.1

Describes Client Password transmission methods.

Supported client auth method :

  • Through request headers : Basic auth tokens are supported

  • Through request POST params : client_id and client_secret keys are then expected

In the response you get :

  • An access token with mandatory informations

  • An id_token JWS encrypted as described in the spec

  • Since we use code flow, the id_token also returns the at_hash access_token identification key

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tonthon21 from gravatar.com tonthon21

Unverified details

These details have not been verified by PyPI
Meta
  • Tags web, wsgi, bfg, pylons, pyramid
Classifiers

Release history Release notifications | RSS feed

6.3.1

This version

6.3.0

6.3.0a1 pre-release

6.2.0

6.2.0a0 pre-release

6.0.1

5.0.1

5.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

endi_oidc_provider-6.3.0.tar.gz (33.1 kB view details)

Uploaded Source

Built Distribution

endi_oidc_provider-6.3.0-py3-none-any.whl (40.8 kB view details)

Uploaded Python 3

File details

Details for the file endi_oidc_provider-6.3.0.tar.gz.

File metadata

  • Download URL: endi_oidc_provider-6.3.0.tar.gz
  • Upload date:
  • Size: 33.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.1.3 requests-toolbelt/0.9.1 tqdm/4.56.1 CPython/3.9.7

File hashes

Hashes for endi_oidc_provider-6.3.0.tar.gz
Algorithm Hash digest
SHA256 48f84a4cd35e7d5fa2b1fcd33e7dcc886a31b9980a5069e5e3570d9e101a1773
MD5 b7f0430c39ac148732ec57cca7d83449
BLAKE2b-256 9312b244e273983e720936f3af1bdeaf9d927d1176f8d882ba1ed6d9f0669974

See more details on using hashes here.

File details

Details for the file endi_oidc_provider-6.3.0-py3-none-any.whl.

File metadata

  • Download URL: endi_oidc_provider-6.3.0-py3-none-any.whl
  • Upload date:
  • Size: 40.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.1.3 requests-toolbelt/0.9.1 tqdm/4.56.1 CPython/3.9.7

File hashes

Hashes for endi_oidc_provider-6.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a2e74b0bc3f57d794c003efe2dcaed601dab37b80dbfc03c54691d66756db3ff
MD5 40c9cc922b41facde8a5f906bb8a3808
BLAKE2b-256 918c1470a96b9f4c55ba7ab8df23c3785dc61384f0e0cc914f7c5b08e9bc630c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page