Skip to main content

Simple and opinionated OpenID-Connect relying party and resource server implementation

Project description

Simple OpenID

Simple and opinionated OpenID-Connect relying party and resource server implementation

Documentation Status

Quick Links

Development philosophy

  • Keep the API as simple as possible

    No **kwargs parameters, no function arguments called request_args, http_args or something_else_args

  • Fully typed API

    Python has type hints now, let's use them.

  • Support commonly used OpenID features and flows

    Commonly used flows will be supported but obscure and legacy or experimental mechanisms not so much.

  • Be just an OpenID library

    Tell the user about function requirements clearly but don't try any fancy internal persistence or caching mechanisms that will only fail in different usage scenarios. Instead, abstract the underlying OpenID protocol into usable, clear functions but nothing more.

Framework Integrations

Name Package Feature Integration Docs Supported Versions
Django django Integration Docs v3.2, v4.2, v5.0
Django-Rest-Framework djangorestframework Integration Docs v3.13, v3.14

Supported OpenID Specs

The list of OpenID specifications can be found on the official website.

  • (✔️) Partial OpenID Connect Core 1.0

    Only the following flows and features are implemented:

    • ✔️ Authorization Code Flow
    • ✔️ Direct Access Grant (or Resource Owner Password Credentials Grant)
    • ✔️ client_secret_basic client authentication
    • ✔️ none client authentication
    • ✔️ Query String serialization and parsing
    • ✔️ ID Token handling (parsing + validation)
    • ✔️ Using refresh tokens
    • ✔️ Retrieving userinfo
    • ❌ Implicit Flow
    • ❌ Hybrid Flow
    • ❌ Handling third party initiated login
    • ❌ Passing requests as JWTs (neither by value nor by reference)
    • ❌ Self-Issued OpenID Provider
    • client_secret_post client authentication
    • client_secret_jwt client authentication
    • private_key_jwt client authentication
  • (✔️) Partial OpenID Connect Discovery 1.0. Provider Configuration Discovery is implemented, Provider Issuer Discovery is not.

    This means that a known issuer can be introspected for its supported algorithms, endpoint locations and so forth but discovering that issuer in the first hand is not possible.

  • ✔️ Full OAuth 2.0 Multiple Response Type Encoding Practices

    Only the following features are implemented and supported:

    • ✔️ Response modes (fragment based response parsing)
    • ✔️ Multiple-Valued Response Types
      No explicit support, but it is possible to supply one of the multivalued response_type values to an authentication request and then parse multiple responses from the resulting response.
  • ✔️ Full OpenID Connect RP-Initiated Logout 1.0

  • ✔️ Full OpenID Connect Front-Channel Logout 1.0

  • ✔️ Full OpenID Connect Back-Channel Logout 1.0

  • ✔️ Full OAuth 2.0 Token Introspection

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

simple_openid_connect-1.0.1.tar.gz (63.5 kB view details)

Uploaded Source

Built Distribution

simple_openid_connect-1.0.1-py3-none-any.whl (58.3 kB view details)

Uploaded Python 3

File details

Details for the file simple_openid_connect-1.0.1.tar.gz.

File metadata

File hashes

Hashes for simple_openid_connect-1.0.1.tar.gz
Algorithm Hash digest
SHA256 bd9444edee151bb7229d38aaaf7ab97924f66d1bd181fe00886c8422c1f1515a
MD5 069adbc8ad77b2d15ed8f2f62d525a51
BLAKE2b-256 0d621f67f02c5565b0e5d87137b3594dd7ddfae8564b0de5e7d253dbfd515257

See more details on using hashes here.

Provenance

File details

Details for the file simple_openid_connect-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for simple_openid_connect-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 89d6d651df027b1e9fc84b1b1cee63a1afeaf97d511a702ad6ce8acf0faf2a14
MD5 065e81d6e34ff25bd0e1c591974a8187
BLAKE2b-256 9e4dc9074c09159fedd8d4b898f3964fe298db2ba6c2b132e6fc3896732e2ed3

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page