| Name | mlflow-oidc-auth JSON |
| Version |
5.4.0
JSON |
| download |
| home_page | None |
| Summary | OIDC auth plugin for MLflow |
| upload_time | 2025-07-27 23:53:18 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.8 |
| license | None |
| keywords |
mlflow
oauth2
oidc
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
|
# mlflow-oidc-auth
Mlflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider
# Installation
To get full version (with entire MLFlow and all dependencies) run:
```bash
python3 -m pip install mlflow-oidc-auth[full]
```
To get skinny version run:
```bash
python3 -m pip install mlflow-oidc-auth
```
# Configuration
The plugin required the following environment variables but also supported `.env` file
## Application configuration
| Parameter | Description|
|---|---|
| OIDC_REDIRECT_URI | Application redirect/callback url (https://example.com/callback) |
| OIDC_DISCOVERY_URL | OIDC Discovery URL |
| OIDC_CLIENT_SECRET | OIDC Client Secret |
| OIDC_CLIENT_ID | OIDC Client ID |
| OIDC_GROUP_DETECTION_PLUGIN | OIDC plugin to detect groups |
| OIDC_PROVIDER_DISPLAY_NAME | any text to display |
| OIDC_SCOPE | OIDC scope |
| OIDC_GROUP_NAME | User group name to be allowed login to MLFlow, currently supported groups in OIDC claims and Microsoft Entra ID groups |
| OIDC_ADMIN_GROUP_NAME | User group name to be allowed login to MLFlow manage and define permissions, currently supported groups in OIDC claims and Microsoft Entra ID groups |
| OIDC_AUTHORIZATION_URL | OIDC Auth URL (if discovery URL is not defined) |
| OIDC_TOKEN_URL | OIDC Token URL (if discovery URL is not defined) |
| OIDC_USER_URL | OIDC User info URL (if discovery URL is not defined) |
| SECRET_KEY | Key to perform cookie encryption |
| LOG_LEVEL | Application log level |
| OIDC_USERS_DB_URI | Database connection string |
| OIDC_ALEMBIC_VERSION_TABLE | Name of the table to use for alembic versions (defaults to alembic_version if not provided) |
## Application session storage configuration
| Parameter | Description | Default |
|---|---|---|
| SESSION_TYPE | Flask session type (filesystem or redis supported) | filesystem |
| SESSION_FILE_DIR | The directory where session files are stored | flask_session |
| SESSION_PERMANENT | Whether use permanent session or not | False |
| PERMANENT_SESSION_LIFETIME | Server-side session expiration time (in seconds) | 86400 |
| SESSION_KEY_PREFIX | A prefix that is added before all session keys | mlflow_oidc: |
| REDIS_HOST | Redis hostname | localhost |
| REDIS_PORT | Redis port | 6379 |
| REDIS_DB | Redis DB number | 0 |
| REDIS_USERNAME | Redis username | None |
| REDIS_PASSWORD | Redis password | None |
| REDIS_SSL | Use SSL | false |
# Configuration examples
## Okta
```bash
OIDC_DISCOVERY_URL = 'https://<your_domain>.okta.com/.well-known/openid-configuration'
OIDC_CLIENT_SECRET ='<super_secret>'
OIDC_CLIENT_ID ='<client_id>'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Okta"
OIDC_SCOPE = "openid,profile,email,groups"
OIDC_GROUP_NAME = "mlflow-users-group-name"
OIDC_ADMIN_GROUP_NAME = "mlflow-admin-group-name"
```
## Microsoft Entra ID
```bash
OIDC_DISCOVERY_URL = 'https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration'
OIDC_CLIENT_SECRET = '<super_secret>'
OIDC_CLIENT_ID = '<client_id>'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Microsoft"
OIDC_GROUP_DETECTION_PLUGIN = 'mlflow_oidc_auth.plugins.group_detection_microsoft_entra_id'
OIDC_SCOPE = "openid,profile,email"
OIDC_GROUP_NAME = "mlflow_users_group_name"
OIDC_ADMIN_GROUP_NAME = "mlflow_admins_group_name"
```
> please note, that for getting group membership information, the application should have "GroupMember.Read.All" permission
# Development
Preconditions:
The following tools should be installed for local development:
* git
* nodejs
* Python
```shell
git clone https://github.com/mlflow-oidc/mlflow-oidc-auth
cd mlflow-oidc-auth
./scripts/run-dev-server.sh
```
# License
Apache 2 Licensed. For more information please see [LICENSE](./LICENSE)
### Based on MLFlow basic-auth plugin
https://github.com/mlflow/mlflow/tree/master/mlflow/server/auth
Raw data
{
"_id": null,
"home_page": null,
"name": "mlflow-oidc-auth",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "Alexander Kharkevich <alexander_kharkevich@outlook.com>",
"keywords": "mlflow, oauth2, oidc",
"author": null,
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/fa/6d/5ae80a73f62fbe0fb6f46979c062e97a2802ca49b8893727b8a003a770d2/mlflow_oidc_auth-5.4.0.tar.gz",
"platform": null,
"description": "# mlflow-oidc-auth\nMlflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider\n\n\n# Installation\n\nTo get full version (with entire MLFlow and all dependencies) run:\n```bash\npython3 -m pip install mlflow-oidc-auth[full]\n```\n\nTo get skinny version run:\n```bash\npython3 -m pip install mlflow-oidc-auth\n```\n\n# Configuration\nThe plugin required the following environment variables but also supported `.env` file\n\n## Application configuration\n| Parameter | Description|\n|---|---|\n| OIDC_REDIRECT_URI | Application redirect/callback url (https://example.com/callback) |\n| OIDC_DISCOVERY_URL | OIDC Discovery URL |\n| OIDC_CLIENT_SECRET | OIDC Client Secret |\n| OIDC_CLIENT_ID | OIDC Client ID |\n| OIDC_GROUP_DETECTION_PLUGIN | OIDC plugin to detect groups |\n| OIDC_PROVIDER_DISPLAY_NAME | any text to display |\n| OIDC_SCOPE | OIDC scope |\n| OIDC_GROUP_NAME | User group name to be allowed login to MLFlow, currently supported groups in OIDC claims and Microsoft Entra ID groups |\n| OIDC_ADMIN_GROUP_NAME | User group name to be allowed login to MLFlow manage and define permissions, currently supported groups in OIDC claims and Microsoft Entra ID groups |\n| OIDC_AUTHORIZATION_URL | OIDC Auth URL (if discovery URL is not defined) |\n| OIDC_TOKEN_URL | OIDC Token URL (if discovery URL is not defined) |\n| OIDC_USER_URL | OIDC User info URL (if discovery URL is not defined) |\n| SECRET_KEY | Key to perform cookie encryption |\n| LOG_LEVEL | Application log level |\n| OIDC_USERS_DB_URI | Database connection string |\n| OIDC_ALEMBIC_VERSION_TABLE | Name of the table to use for alembic versions (defaults to alembic_version if not provided) |\n\n## Application session storage configuration\n| Parameter | Description | Default |\n|---|---|---|\n| SESSION_TYPE | Flask session type (filesystem or redis supported) | filesystem |\n| SESSION_FILE_DIR | The directory where session files are stored | flask_session |\n| SESSION_PERMANENT | Whether use permanent session or not | False |\n| PERMANENT_SESSION_LIFETIME | Server-side session expiration time (in seconds) | 86400 |\n| SESSION_KEY_PREFIX | A prefix that is added before all session keys | mlflow_oidc: |\n| REDIS_HOST | Redis hostname | localhost |\n| REDIS_PORT | Redis port | 6379 |\n| REDIS_DB | Redis DB number | 0 |\n| REDIS_USERNAME | Redis username | None |\n| REDIS_PASSWORD | Redis password | None |\n| REDIS_SSL | Use SSL | false |\n\n# Configuration examples\n\n## Okta\n\n```bash\nOIDC_DISCOVERY_URL = 'https://<your_domain>.okta.com/.well-known/openid-configuration'\nOIDC_CLIENT_SECRET ='<super_secret>'\nOIDC_CLIENT_ID ='<client_id>'\nOIDC_PROVIDER_DISPLAY_NAME = \"Login with Okta\"\nOIDC_SCOPE = \"openid,profile,email,groups\"\nOIDC_GROUP_NAME = \"mlflow-users-group-name\"\nOIDC_ADMIN_GROUP_NAME = \"mlflow-admin-group-name\"\n```\n\n## Microsoft Entra ID\n\n```bash\nOIDC_DISCOVERY_URL = 'https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration'\nOIDC_CLIENT_SECRET = '<super_secret>'\nOIDC_CLIENT_ID = '<client_id>'\nOIDC_PROVIDER_DISPLAY_NAME = \"Login with Microsoft\"\nOIDC_GROUP_DETECTION_PLUGIN = 'mlflow_oidc_auth.plugins.group_detection_microsoft_entra_id'\nOIDC_SCOPE = \"openid,profile,email\"\nOIDC_GROUP_NAME = \"mlflow_users_group_name\"\nOIDC_ADMIN_GROUP_NAME = \"mlflow_admins_group_name\"\n```\n\n> please note, that for getting group membership information, the application should have \"GroupMember.Read.All\" permission\n\n# Development\n\nPreconditions:\n\nThe following tools should be installed for local development:\n\n* git\n* nodejs\n* Python\n\n```shell\ngit clone https://github.com/mlflow-oidc/mlflow-oidc-auth\ncd mlflow-oidc-auth\n./scripts/run-dev-server.sh\n```\n\n# License\nApache 2 Licensed. For more information please see [LICENSE](./LICENSE)\n\n### Based on MLFlow basic-auth plugin\nhttps://github.com/mlflow/mlflow/tree/master/mlflow/server/auth\n",
"bugtrack_url": null,
"license": null,
"summary": "OIDC auth plugin for MLflow",
"version": "5.4.0",
"project_urls": {
"documentation": "https://github.com/mlflow-oidc/mlflow-oidc-auth/tree/main/docs/",
"homepage": "https://github.com/mlflow-oidc/mlflow-oidc-auth",
"issues": "https://github.com/mlflow-oidc/mlflow-oidc-auth/issues",
"repository": "https://github.com/mlflow-oidc/mlflow-oidc-auth"
},
"split_keywords": [
"mlflow",
" oauth2",
" oidc"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "f189e15bc99b9464b59399141c215a045fb47013493cb08c1ba315233de9bd4f",
"md5": "08f929650a057b19ea47e5c07d6d808d",
"sha256": "72c9e4959143997434582cc967894641ecdf6c95dbb2847abfa8df77cf82b124"
},
"downloads": -1,
"filename": "mlflow_oidc_auth-5.4.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "08f929650a057b19ea47e5c07d6d808d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 1104773,
"upload_time": "2025-07-27T23:53:16",
"upload_time_iso_8601": "2025-07-27T23:53:16.715375Z",
"url": "https://files.pythonhosted.org/packages/f1/89/e15bc99b9464b59399141c215a045fb47013493cb08c1ba315233de9bd4f/mlflow_oidc_auth-5.4.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "fa6d5ae80a73f62fbe0fb6f46979c062e97a2802ca49b8893727b8a003a770d2",
"md5": "77f5c697bd2c9675e6c16e7dcbad293a",
"sha256": "c11b0f4acd22f87f2a460622b71fd97bc7250c506c77f90790e3ffd9e98dd452"
},
"downloads": -1,
"filename": "mlflow_oidc_auth-5.4.0.tar.gz",
"has_sig": false,
"md5_digest": "77f5c697bd2c9675e6c16e7dcbad293a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 1062960,
"upload_time": "2025-07-27T23:53:18",
"upload_time_iso_8601": "2025-07-27T23:53:18.177303Z",
"url": "https://files.pythonhosted.org/packages/fa/6d/5ae80a73f62fbe0fb6f46979c062e97a2802ca49b8893727b8a003a770d2/mlflow_oidc_auth-5.4.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-27 23:53:18",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "mlflow-oidc",
"github_project": "mlflow-oidc-auth",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"tox": true,
"lcname": "mlflow-oidc-auth"
}
