mlflow-oidc-auth


Namemlflow-oidc-auth JSON
Version 5.4.0 PyPI version JSON
download
home_pageNone
SummaryOIDC auth plugin for MLflow
upload_time2025-07-27 23:53:18
maintainerNone
docs_urlNone
authorNone
requires_python>=3.8
licenseNone
keywords mlflow oauth2 oidc
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage
            # mlflow-oidc-auth
Mlflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider


# Installation

To get full version (with entire MLFlow and all dependencies) run:
```bash
python3 -m pip install mlflow-oidc-auth[full]
```

To get skinny version run:
```bash
python3 -m pip install mlflow-oidc-auth
```

# Configuration
The plugin required the following environment variables but also supported `.env` file

## Application configuration
| Parameter | Description|
|---|---|
| OIDC_REDIRECT_URI      |  Application redirect/callback url (https://example.com/callback) |
| OIDC_DISCOVERY_URL     | OIDC Discovery URL |
| OIDC_CLIENT_SECRET     | OIDC Client Secret |
| OIDC_CLIENT_ID         |  OIDC Client ID |
| OIDC_GROUP_DETECTION_PLUGIN | OIDC plugin to detect groups |
| OIDC_PROVIDER_DISPLAY_NAME | any text to display |
| OIDC_SCOPE | OIDC scope |
| OIDC_GROUP_NAME | User group name to be allowed login to MLFlow, currently supported groups in OIDC claims and Microsoft Entra ID groups |
| OIDC_ADMIN_GROUP_NAME | User group name to be allowed login to MLFlow manage and define permissions, currently supported groups in OIDC claims and Microsoft Entra ID groups |
| OIDC_AUTHORIZATION_URL | OIDC Auth URL (if discovery URL is not defined) |
| OIDC_TOKEN_URL         | OIDC Token URL (if discovery URL is not defined) |
| OIDC_USER_URL          | OIDC User info URL (if discovery URL is not defined) |
| SECRET_KEY             | Key to perform cookie encryption |
| LOG_LEVEL                   | Application log level |
| OIDC_USERS_DB_URI | Database connection string |
| OIDC_ALEMBIC_VERSION_TABLE  | Name of the table to use for alembic versions (defaults to alembic_version if not provided)                                                          |

## Application session storage configuration
| Parameter | Description | Default |
|---|---|---|
| SESSION_TYPE | Flask session type (filesystem or redis supported) | filesystem |
| SESSION_FILE_DIR | The directory where session files are stored | flask_session |
| SESSION_PERMANENT | Whether use permanent session or not | False |
| PERMANENT_SESSION_LIFETIME | Server-side session expiration time (in seconds) | 86400 |
| SESSION_KEY_PREFIX | A prefix that is added before all session keys | mlflow_oidc: |
| REDIS_HOST | Redis hostname | localhost |
| REDIS_PORT | Redis port | 6379 |
| REDIS_DB | Redis DB number | 0 |
| REDIS_USERNAME | Redis username | None |
| REDIS_PASSWORD | Redis password | None |
| REDIS_SSL | Use SSL | false |

# Configuration examples

## Okta

```bash
OIDC_DISCOVERY_URL = 'https://<your_domain>.okta.com/.well-known/openid-configuration'
OIDC_CLIENT_SECRET ='<super_secret>'
OIDC_CLIENT_ID ='<client_id>'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Okta"
OIDC_SCOPE = "openid,profile,email,groups"
OIDC_GROUP_NAME = "mlflow-users-group-name"
OIDC_ADMIN_GROUP_NAME = "mlflow-admin-group-name"
```

## Microsoft Entra ID

```bash
OIDC_DISCOVERY_URL = 'https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration'
OIDC_CLIENT_SECRET = '<super_secret>'
OIDC_CLIENT_ID = '<client_id>'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Microsoft"
OIDC_GROUP_DETECTION_PLUGIN = 'mlflow_oidc_auth.plugins.group_detection_microsoft_entra_id'
OIDC_SCOPE = "openid,profile,email"
OIDC_GROUP_NAME = "mlflow_users_group_name"
OIDC_ADMIN_GROUP_NAME = "mlflow_admins_group_name"
```

> please note, that for getting group membership information, the application should have "GroupMember.Read.All" permission

# Development

Preconditions:

The following tools should be installed for local development:

* git
* nodejs
* Python

```shell
git clone https://github.com/mlflow-oidc/mlflow-oidc-auth
cd mlflow-oidc-auth
./scripts/run-dev-server.sh
```

# License
Apache 2 Licensed. For more information please see [LICENSE](./LICENSE)

### Based on MLFlow basic-auth plugin
https://github.com/mlflow/mlflow/tree/master/mlflow/server/auth

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "mlflow-oidc-auth",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": "Alexander Kharkevich <alexander_kharkevich@outlook.com>",
    "keywords": "mlflow, oauth2, oidc",
    "author": null,
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/fa/6d/5ae80a73f62fbe0fb6f46979c062e97a2802ca49b8893727b8a003a770d2/mlflow_oidc_auth-5.4.0.tar.gz",
    "platform": null,
    "description": "# mlflow-oidc-auth\nMlflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider\n\n\n# Installation\n\nTo get full version (with entire MLFlow and all dependencies) run:\n```bash\npython3 -m pip install mlflow-oidc-auth[full]\n```\n\nTo get skinny version run:\n```bash\npython3 -m pip install mlflow-oidc-auth\n```\n\n# Configuration\nThe plugin required the following environment variables but also supported `.env` file\n\n## Application configuration\n| Parameter | Description|\n|---|---|\n| OIDC_REDIRECT_URI      |  Application redirect/callback url (https://example.com/callback) |\n| OIDC_DISCOVERY_URL     | OIDC Discovery URL |\n| OIDC_CLIENT_SECRET     | OIDC Client Secret |\n| OIDC_CLIENT_ID         |  OIDC Client ID |\n| OIDC_GROUP_DETECTION_PLUGIN | OIDC plugin to detect groups |\n| OIDC_PROVIDER_DISPLAY_NAME | any text to display |\n| OIDC_SCOPE | OIDC scope |\n| OIDC_GROUP_NAME | User group name to be allowed login to MLFlow, currently supported groups in OIDC claims and Microsoft Entra ID groups |\n| OIDC_ADMIN_GROUP_NAME | User group name to be allowed login to MLFlow manage and define permissions, currently supported groups in OIDC claims and Microsoft Entra ID groups |\n| OIDC_AUTHORIZATION_URL | OIDC Auth URL (if discovery URL is not defined) |\n| OIDC_TOKEN_URL         | OIDC Token URL (if discovery URL is not defined) |\n| OIDC_USER_URL          | OIDC User info URL (if discovery URL is not defined) |\n| SECRET_KEY             | Key to perform cookie encryption |\n| LOG_LEVEL                   | Application log level |\n| OIDC_USERS_DB_URI | Database connection string |\n| OIDC_ALEMBIC_VERSION_TABLE  | Name of the table to use for alembic versions (defaults to alembic_version if not provided)                                                          |\n\n## Application session storage configuration\n| Parameter | Description | Default |\n|---|---|---|\n| SESSION_TYPE | Flask session type (filesystem or redis supported) | filesystem |\n| SESSION_FILE_DIR | The directory where session files are stored | flask_session |\n| SESSION_PERMANENT | Whether use permanent session or not | False |\n| PERMANENT_SESSION_LIFETIME | Server-side session expiration time (in seconds) | 86400 |\n| SESSION_KEY_PREFIX | A prefix that is added before all session keys | mlflow_oidc: |\n| REDIS_HOST | Redis hostname | localhost |\n| REDIS_PORT | Redis port | 6379 |\n| REDIS_DB | Redis DB number | 0 |\n| REDIS_USERNAME | Redis username | None |\n| REDIS_PASSWORD | Redis password | None |\n| REDIS_SSL | Use SSL | false |\n\n# Configuration examples\n\n## Okta\n\n```bash\nOIDC_DISCOVERY_URL = 'https://<your_domain>.okta.com/.well-known/openid-configuration'\nOIDC_CLIENT_SECRET ='<super_secret>'\nOIDC_CLIENT_ID ='<client_id>'\nOIDC_PROVIDER_DISPLAY_NAME = \"Login with Okta\"\nOIDC_SCOPE = \"openid,profile,email,groups\"\nOIDC_GROUP_NAME = \"mlflow-users-group-name\"\nOIDC_ADMIN_GROUP_NAME = \"mlflow-admin-group-name\"\n```\n\n## Microsoft Entra ID\n\n```bash\nOIDC_DISCOVERY_URL = 'https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration'\nOIDC_CLIENT_SECRET = '<super_secret>'\nOIDC_CLIENT_ID = '<client_id>'\nOIDC_PROVIDER_DISPLAY_NAME = \"Login with Microsoft\"\nOIDC_GROUP_DETECTION_PLUGIN = 'mlflow_oidc_auth.plugins.group_detection_microsoft_entra_id'\nOIDC_SCOPE = \"openid,profile,email\"\nOIDC_GROUP_NAME = \"mlflow_users_group_name\"\nOIDC_ADMIN_GROUP_NAME = \"mlflow_admins_group_name\"\n```\n\n> please note, that for getting group membership information, the application should have \"GroupMember.Read.All\" permission\n\n# Development\n\nPreconditions:\n\nThe following tools should be installed for local development:\n\n* git\n* nodejs\n* Python\n\n```shell\ngit clone https://github.com/mlflow-oidc/mlflow-oidc-auth\ncd mlflow-oidc-auth\n./scripts/run-dev-server.sh\n```\n\n# License\nApache 2 Licensed. For more information please see [LICENSE](./LICENSE)\n\n### Based on MLFlow basic-auth plugin\nhttps://github.com/mlflow/mlflow/tree/master/mlflow/server/auth\n",
    "bugtrack_url": null,
    "license": null,
    "summary": "OIDC auth plugin for MLflow",
    "version": "5.4.0",
    "project_urls": {
        "documentation": "https://github.com/mlflow-oidc/mlflow-oidc-auth/tree/main/docs/",
        "homepage": "https://github.com/mlflow-oidc/mlflow-oidc-auth",
        "issues": "https://github.com/mlflow-oidc/mlflow-oidc-auth/issues",
        "repository": "https://github.com/mlflow-oidc/mlflow-oidc-auth"
    },
    "split_keywords": [
        "mlflow",
        " oauth2",
        " oidc"
    ],
    "urls": [
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "f189e15bc99b9464b59399141c215a045fb47013493cb08c1ba315233de9bd4f",
                "md5": "08f929650a057b19ea47e5c07d6d808d",
                "sha256": "72c9e4959143997434582cc967894641ecdf6c95dbb2847abfa8df77cf82b124"
            },
            "downloads": -1,
            "filename": "mlflow_oidc_auth-5.4.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "08f929650a057b19ea47e5c07d6d808d",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 1104773,
            "upload_time": "2025-07-27T23:53:16",
            "upload_time_iso_8601": "2025-07-27T23:53:16.715375Z",
            "url": "https://files.pythonhosted.org/packages/f1/89/e15bc99b9464b59399141c215a045fb47013493cb08c1ba315233de9bd4f/mlflow_oidc_auth-5.4.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "fa6d5ae80a73f62fbe0fb6f46979c062e97a2802ca49b8893727b8a003a770d2",
                "md5": "77f5c697bd2c9675e6c16e7dcbad293a",
                "sha256": "c11b0f4acd22f87f2a460622b71fd97bc7250c506c77f90790e3ffd9e98dd452"
            },
            "downloads": -1,
            "filename": "mlflow_oidc_auth-5.4.0.tar.gz",
            "has_sig": false,
            "md5_digest": "77f5c697bd2c9675e6c16e7dcbad293a",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 1062960,
            "upload_time": "2025-07-27T23:53:18",
            "upload_time_iso_8601": "2025-07-27T23:53:18.177303Z",
            "url": "https://files.pythonhosted.org/packages/fa/6d/5ae80a73f62fbe0fb6f46979c062e97a2802ca49b8893727b8a003a770d2/mlflow_oidc_auth-5.4.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-07-27 23:53:18",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "mlflow-oidc",
    "github_project": "mlflow-oidc-auth",
    "travis_ci": false,
    "coveralls": true,
    "github_actions": true,
    "tox": true,
    "lcname": "mlflow-oidc-auth"
}
        
Elapsed time: 1.10722s