ckanext-oidc-pkce


Nameckanext-oidc-pkce JSON
Version 0.3.1.post1 PyPI version JSON
download
home_pageNone
SummaryCKAN OIDC authenticator with PKCE flow
upload_time2024-10-17 14:33:07
maintainerNone
docs_urlNone
authorNone
requires_pythonNone
licenseAGPL
keywords ckan okta oidc pkce authentication
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage
            [![Tests](https://github.com/DataShades/ckanext-oidc-pkce/actions/workflows/test.yml/badge.svg)](https://github.com/DataShades/ckanext-oidc-pkce/actions/workflows/test.yml)

# ckanext-oidc-pkce

OpenID connect with PKCE flow authenticator for CKAN.

> **Warning**
> Developed for Okta and not tested with other providers.
> PRs or feature-requests are welcome

The plugin adds an extra route to CKAN allowing login through an external
application. This route available at `/user/login/oidc-pkce`(`oid_pkce.login`
endpoint). Original authentication system from CKAN is unchanged and it's up to
you(or another extension) to hide original login page if only SSO accounts are
allowed on the portal.

## Requirements

Compatibility with core CKAN versions:

| CKAN version | Compatible? |
|--------------|-------------|
| 2.9          | yes         |
| 2.10         | yes         |

## Installation

1. Install the package
   ```sh
   pip install ckanext-oidc-pkce
   ```

1. Add `oidc_pkce` to the `ckan.plugins` setting in your CKAN
   config file

1. Add SSO settings(refer [config settings](#config-settings) section for details)

## Config settings

```ini
# URL of SSO application
# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_BASE_URL
ckanext.oidc_pkce.base_url = https://12345.example.okta.com

# ClientID of SSO application
# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_CLIENT_ID
ckanext.oidc_pkce.client_id = clientid

# ClientSecret of SSO application
# (optional, only need id Client App defines a secret, default: "")
# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_CLIENT_SECRET
ckanext.oidc_pkce.client_secret = clientsecret

# Path to the authorization endpont inside SSO application
# (optional, default: /oauth2/default/v1/authorize)
ckanext.oidc_pkce.auth_path = /auth

# Path to the token endpont inside SSO application
# (optional, default: /oauth2/default/v1/token)
ckanext.oidc_pkce.token_path = /token

# Path to the userinfo endpont inside SSO application
# (optional, default: /oauth2/default/v1/userinfo)
ckanext.oidc_pkce.userinfo_path = /userinfo

# Path to the authentication response handler inside CKAN application
# (optional, default: /user/login/oidc-pkce/callback)
ckanext.oidc_pkce.redirect_path = /local/oidc/handler

# URL to redirect user in case of failed login attempt.  When empty(default)
# redirects to `came_from` URL parameter if availabe or to CKAN login page
# otherwise.
# (optional, default: )
ckanext.oidc_pkce.error_redirect = /user/register

# Scope of the authorization token. The plugin expects at least `sub`,
# `email` and `name` attributes.
# (optional, default: openid email profile)
ckanext.oidc_pkce.scope = email

# For newly created CKAN users use the same ID as one from SSO application
# (optional, default: false)
ckanext.oidc_pkce.use_same_id = true

# When connecting to an existing(non-sso) account, override user's password
# so that it becomes impossible to login using CKAN authentication system.
# Enable this flag if you want to force SSO-logins for all users that once
# used SSO-login.
# (optional, default: false)
ckanext.oidc_pkce.munge_password = true

```

## License

[AGPL](https://www.gnu.org/licenses/agpl-3.0.en.html)

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "ckanext-oidc-pkce",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": "DataShades <datashades@linkdigital.com.au>",
    "keywords": "CKAN, Okta, oidc, pkce, authentication",
    "author": null,
    "author_email": "DataShades <datashades@linkdigital.com.au>, Sergey Motornyuk <sergey.motornyuk@linkdigital.com.au>",
    "download_url": "https://files.pythonhosted.org/packages/c6/27/1564bcd56c6fdb870ee8da7c1ad028ab71f6199546ccf5c484a24fc3603c/ckanext_oidc_pkce-0.3.1.post1.tar.gz",
    "platform": null,
    "description": "[![Tests](https://github.com/DataShades/ckanext-oidc-pkce/actions/workflows/test.yml/badge.svg)](https://github.com/DataShades/ckanext-oidc-pkce/actions/workflows/test.yml)\n\n# ckanext-oidc-pkce\n\nOpenID connect with PKCE flow authenticator for CKAN.\n\n> **Warning**\n> Developed for Okta and not tested with other providers.\n> PRs or feature-requests are welcome\n\nThe plugin adds an extra route to CKAN allowing login through an external\napplication. This route available at `/user/login/oidc-pkce`(`oid_pkce.login`\nendpoint). Original authentication system from CKAN is unchanged and it's up to\nyou(or another extension) to hide original login page if only SSO accounts are\nallowed on the portal.\n\n## Requirements\n\nCompatibility with core CKAN versions:\n\n| CKAN version | Compatible? |\n|--------------|-------------|\n| 2.9          | yes         |\n| 2.10         | yes         |\n\n## Installation\n\n1. Install the package\n   ```sh\n   pip install ckanext-oidc-pkce\n   ```\n\n1. Add `oidc_pkce` to the `ckan.plugins` setting in your CKAN\n   config file\n\n1. Add SSO settings(refer [config settings](#config-settings) section for details)\n\n## Config settings\n\n```ini\n# URL of SSO application\n# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_BASE_URL\nckanext.oidc_pkce.base_url = https://12345.example.okta.com\n\n# ClientID of SSO application\n# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_CLIENT_ID\nckanext.oidc_pkce.client_id = clientid\n\n# ClientSecret of SSO application\n# (optional, only need id Client App defines a secret, default: \"\")\n# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_CLIENT_SECRET\nckanext.oidc_pkce.client_secret = clientsecret\n\n# Path to the authorization endpont inside SSO application\n# (optional, default: /oauth2/default/v1/authorize)\nckanext.oidc_pkce.auth_path = /auth\n\n# Path to the token endpont inside SSO application\n# (optional, default: /oauth2/default/v1/token)\nckanext.oidc_pkce.token_path = /token\n\n# Path to the userinfo endpont inside SSO application\n# (optional, default: /oauth2/default/v1/userinfo)\nckanext.oidc_pkce.userinfo_path = /userinfo\n\n# Path to the authentication response handler inside CKAN application\n# (optional, default: /user/login/oidc-pkce/callback)\nckanext.oidc_pkce.redirect_path = /local/oidc/handler\n\n# URL to redirect user in case of failed login attempt.  When empty(default)\n# redirects to `came_from` URL parameter if availabe or to CKAN login page\n# otherwise.\n# (optional, default: )\nckanext.oidc_pkce.error_redirect = /user/register\n\n# Scope of the authorization token. The plugin expects at least `sub`,\n# `email` and `name` attributes.\n# (optional, default: openid email profile)\nckanext.oidc_pkce.scope = email\n\n# For newly created CKAN users use the same ID as one from SSO application\n# (optional, default: false)\nckanext.oidc_pkce.use_same_id = true\n\n# When connecting to an existing(non-sso) account, override user's password\n# so that it becomes impossible to login using CKAN authentication system.\n# Enable this flag if you want to force SSO-logins for all users that once\n# used SSO-login.\n# (optional, default: false)\nckanext.oidc_pkce.munge_password = true\n\n```\n\n## License\n\n[AGPL](https://www.gnu.org/licenses/agpl-3.0.en.html)\n",
    "bugtrack_url": null,
    "license": "AGPL",
    "summary": "CKAN OIDC authenticator with PKCE flow",
    "version": "0.3.1.post1",
    "project_urls": {
        "Homepage": "https://github.com/DataShades/ckanext-oidc-pkce"
    },
    "split_keywords": [
        "ckan",
        " okta",
        " oidc",
        " pkce",
        " authentication"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "8c59ec13e5a46f4433c0a2b3d95e2ba1c11c21ad3d010c5e31083c4a271fcd08",
                "md5": "0a80df45ff730add25103966b92d37a0",
                "sha256": "b3dad70c90711e599e372c7965c98510119747053750bc567ab1c12c1776e050"
            },
            "downloads": -1,
            "filename": "ckanext_oidc_pkce-0.3.1.post1-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "0a80df45ff730add25103966b92d37a0",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 26316,
            "upload_time": "2024-10-17T14:33:05",
            "upload_time_iso_8601": "2024-10-17T14:33:05.796065Z",
            "url": "https://files.pythonhosted.org/packages/8c/59/ec13e5a46f4433c0a2b3d95e2ba1c11c21ad3d010c5e31083c4a271fcd08/ckanext_oidc_pkce-0.3.1.post1-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "c6271564bcd56c6fdb870ee8da7c1ad028ab71f6199546ccf5c484a24fc3603c",
                "md5": "9155c864cb9221ef7def9deaf58693d5",
                "sha256": "6f820688d9d037110cecea9b34a45a8704d7bad2ebf472f4817ec0172c9481c9"
            },
            "downloads": -1,
            "filename": "ckanext_oidc_pkce-0.3.1.post1.tar.gz",
            "has_sig": false,
            "md5_digest": "9155c864cb9221ef7def9deaf58693d5",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 25107,
            "upload_time": "2024-10-17T14:33:07",
            "upload_time_iso_8601": "2024-10-17T14:33:07.790728Z",
            "url": "https://files.pythonhosted.org/packages/c6/27/1564bcd56c6fdb870ee8da7c1ad028ab71f6199546ccf5c484a24fc3603c/ckanext_oidc_pkce-0.3.1.post1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-10-17 14:33:07",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "DataShades",
    "github_project": "ckanext-oidc-pkce",
    "travis_ci": false,
    "coveralls": true,
    "github_actions": true,
    "requirements": [],
    "lcname": "ckanext-oidc-pkce"
}
        
Elapsed time: 0.46779s