Simple and opinionated OpenID-Connect relying party and resource server implementation
Project description
Simple OpenID
Simple and opinionated OpenID-Connect relying party and resource server implementation
Quick Links
Development philosophy
-
Keep the API as simple as possible
No
**kwargs
parameters, no function arguments calledrequest_args
,http_args
orsomething_else_args
-
Fully typed API
Python has type hints now, let's use them.
-
Support commonly used OpenID features and flows
Commonly used flows will be supported but obscure and legacy or experimental mechanisms not so much.
-
Be just an OpenID library
Tell the user about function requirements clearly but don't try any fancy internal persistence or caching mechanisms that will only fail in different usage scenarios. Instead, abstract the underlying OpenID protocol into usable, clear functions but nothing more.
Framework Integrations
Name | Package Feature | Integration Docs | Supported Versions |
---|---|---|---|
Django | django |
Integration Docs | v3.2 , v4.2 , v5.0 |
Django-Rest-Framework | djangorestframework |
Integration Docs | v3.13 , v3.14 |
Supported OpenID Specs
The list of OpenID specifications can be found on the official website.
-
(✔️) Partial OpenID Connect Core 1.0
Only the following flows and features are implemented:
- ✔️ Authorization Code Flow
- ✔️ Direct Access Grant (or Resource Owner Password Credentials Grant)
- ✔️
client_secret_basic
client authentication - ✔️
none
client authentication - ✔️ Query String serialization and parsing
- ✔️ ID Token handling (parsing + validation)
- ✔️ Using refresh tokens
- ✔️ Retrieving userinfo
- ❌ Implicit Flow
- ❌ Hybrid Flow
- ❌ Handling third party initiated login
- ❌ Passing requests as JWTs (neither by value nor by reference)
- ❌ Self-Issued OpenID Provider
- ❌
client_secret_post
client authentication - ❌
client_secret_jwt
client authentication - ❌
private_key_jwt
client authentication
-
(✔️) Partial OpenID Connect Discovery 1.0. Provider Configuration Discovery is implemented, Provider Issuer Discovery is not.
This means that a known issuer can be introspected for its supported algorithms, endpoint locations and so forth but discovering that issuer in the first hand is not possible.
-
✔️ Full OAuth 2.0 Multiple Response Type Encoding Practices
Only the following features are implemented and supported:
- ✔️ Response modes (fragment based response parsing)
- ✔️ Multiple-Valued Response Types
No explicit support, but it is possible to supply one of the multivaluedresponse_type
values to an authentication request and then parse multiple responses from the resulting response.
-
✔️ Full OAuth 2.0 Token Introspection
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file simple_openid_connect-1.0.1.tar.gz
.
File metadata
- Download URL: simple_openid_connect-1.0.1.tar.gz
- Upload date:
- Size: 63.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.31.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | bd9444edee151bb7229d38aaaf7ab97924f66d1bd181fe00886c8422c1f1515a |
|
MD5 | 069adbc8ad77b2d15ed8f2f62d525a51 |
|
BLAKE2b-256 | 0d621f67f02c5565b0e5d87137b3594dd7ddfae8564b0de5e7d253dbfd515257 |
File details
Details for the file simple_openid_connect-1.0.1-py3-none-any.whl
.
File metadata
- Download URL: simple_openid_connect-1.0.1-py3-none-any.whl
- Upload date:
- Size: 58.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.31.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 89d6d651df027b1e9fc84b1b1cee63a1afeaf97d511a702ad6ce8acf0faf2a14 |
|
MD5 | 065e81d6e34ff25bd0e1c591974a8187 |
|
BLAKE2b-256 | 9e4dc9074c09159fedd8d4b898f3964fe298db2ba6c2b132e6fc3896732e2ed3 |