endi_oidc_provider

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tonthon21 from gravatar.com tonthon21

Unverified details

These details have not been verified by PyPI
Meta
  • Tags web, wsgi, bfg, pylons, pyramid
Classifiers

Project description

This is still a work in progress.

Open Id connect provider based on enDI (http://endi.coop).

Only Authorization Code Flow is supported

Getting Started

Install

Install oidc provider in the same virtual environment as endi.

$VENV/bin/pip install endi_oidc_provider

Configure your development.ini file

  • Ensure the paths to the session files :

    • session.data_dir : path on disk

    • session.lock_dir : path on disk

  • Set the connection uri for database access :

    • sqlalchemy.url : the mysql uri to access endi’s database

  • Configure oidc specific keys (unique salt and oidc endpoint url ):

    • oidc.salt : a unique salt used for encryption

    • oidc.issuer_url : url of the oidc endpoint (like https://myendi.coop/oidc)

Start the service

  • $VENV/bin/pserve development.ini

enDI integration

In your enDI’s ini file add the following :

pyramid.includes =
                    ...
                    endi_oidc_provider
                    ...

That’s for model registration so that the db startup initialize the tables.

And add the following :

endi.includes =
                    ...
                    endi_oidc_provider.plugin
                    ...

It adds an administration panel to manage the oidc consumers that access the API.

Authorization handling

Client’s key

You can generate a Client private key through command-line or through the administration panel https://myendi.coop/admin/oidc/

oidc-manage <config_uri> clientadd --client=<client> --uri=<redirect_uri> --scopes=<scopes> --cert_salt=<cert_salt> --logout_uri=<logout_uri> --admin_email=<admin_email>

  • config_uri : Your ini file

  • client: A label for your client

  • redirect_uri : The redirect uri has described in the openid connect specifications (The one passed in the Authorize step)

  • scopes : The scope the application is requesting (at least the openid scope should be provided) e.g: “openid profile”

  • cert_salt : A salt random key that will be used to encrypt the client secret in the database

  • logout_uri : The uri to call on global logout (will be called through iframes)

  • admin_email: The e-mail of the consumers administrator

After generating both client_id and client_secret. The client app is able to request authentication. The client secret and client id should be pased to the consumer’s admin, they are mandatory to allow the oidc authentication/authorization.

Authorize Endpoint

The client app can call the Authorization url :

https://myoidc_provider.com/oidc/authorize

It authenticates the user and returns an Authorization code in the response.

Token url

Called in the background, the Token endpoint is accessible at the following url :

https://myoidc_provider.com/oidc/token

The RFC : https://tools.ietf.org/html/rfc6749#section-2.3.1

Describes Client Password transmission methods.

Supported client auth method :

  • Through request headers : Basic auth tokens are supported

  • Through request POST params : client_id and client_secret keys are then expected

In the response you get :

  • An access token with mandatory informations

  • An id_token JWS encrypted as described in the spec

  • Since we use code flow, the id_token also returns the at_hash access_token identification key

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tonthon21 from gravatar.com tonthon21

Unverified details

These details have not been verified by PyPI
Meta
  • Tags web, wsgi, bfg, pylons, pyramid
Classifiers

Release history Release notifications | RSS feed

6.3.1

6.3.0

This version

6.3.0a1 pre-release

6.2.0

6.2.0a0 pre-release

6.0.1

5.0.1

5.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

endi_oidc_provider-6.3.0a1.tar.gz (33.1 kB view details)

Uploaded Source

Built Distribution

endi_oidc_provider-6.3.0a1-py3-none-any.whl (40.8 kB view details)

Uploaded Python 3

File details

Details for the file endi_oidc_provider-6.3.0a1.tar.gz.

File metadata

  • Download URL: endi_oidc_provider-6.3.0a1.tar.gz
  • Upload date:
  • Size: 33.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.1.3 requests-toolbelt/0.9.1 tqdm/4.56.1 CPython/3.9.7

File hashes

Hashes for endi_oidc_provider-6.3.0a1.tar.gz
Algorithm Hash digest
SHA256 f3fa3626239c35e18471458eaaa9db3f1c9b2f423c268465d38c3f688ff89f94
MD5 021f692946d04a1f1d8e6cee0c514911
BLAKE2b-256 9404e2bb2d93ec3a69c98d65140ab3bf537a134bece524a80d4dc3414a042cdb

See more details on using hashes here.

File details

Details for the file endi_oidc_provider-6.3.0a1-py3-none-any.whl.

File metadata

  • Download URL: endi_oidc_provider-6.3.0a1-py3-none-any.whl
  • Upload date:
  • Size: 40.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.1.3 requests-toolbelt/0.9.1 tqdm/4.56.1 CPython/3.9.7

File hashes

Hashes for endi_oidc_provider-6.3.0a1-py3-none-any.whl
Algorithm Hash digest
SHA256 e263ed7bde78fca151757c371d01bf71d68922acbf42a593b1073cfe08f4069d
MD5 9dc0b0af6b35d2c3cf90085412e52869
BLAKE2b-256 006e3f0cfc9e00b5ddad720c725f2706d504c271d83c473fbf955956e88f4bd0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page