mlflow-oidc-client


Namemlflow-oidc-client JSON
Version 0.2.4 PyPI version JSON
download
home_pagehttps://gitlab.com/lzinsou/mlflow-oidc-client
SummaryMLflow plugin adding OIDC/OAuth 2.1 client authorization
upload_time2023-06-06 13:47:54
maintainer
docs_urlNone
authorLoris Zinsou
requires_python>=3.10,<4.0
license
keywords mlflow plugin mlops oidc oauth oauth2
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            MLflow Client OIDC/OAuth 2.1 Plugin
===================================

MLflow plugin adding OIDC/OAuth 2.1 authorization support to the client, allowing the use of a tracking server secured behind a compatible proxy.

The plugin is built with [OIDC Client](https://gitlab.com/lzinsou/oidc-client) and supports the same OIDC/OAuth 2.1 authorization flows:
- the **authorization code** flow, for interactive user login;
- the **client credentials** flow, for confidential machine-to-machine communication.

This plugin supports reading authorization settings from `pyproject.toml`.


Requirements
------------

Python 3.10+  
MLflow or MLflow Skinny 2+


Installation
------------

```console
pip install mlflow-oidc-client
```


Getting Started
---------------

First, add the following to the project's `pyproject.toml` configuration file:
```toml
[[tool.mlflow-oidc-client.tracking-servers]]
uri = "http://mlflow.example.com/"            # URI of your MLflow Tracking Server
issuer = "https://auth.example.com/"          # URI of your OIDC provider
client-id = "<application ID>"                # Client ID of your project
```

You can now run MLflow client commands without any change. The plugin will match the `MLFLOW_TRACKING_URI` environment variable to the appropriate server configuration found in `pyproject.toml`.
```console
# To list logged experiments:
MLFLOW_TRACKING_URI=http://mlflow.example.com/ mlflow experiments search
```


Configuration
-------------

Options may be set with environment variables or in the `pyproject.toml` configuration file, with environment variables taking precedence.

Each tracking server has its own `[[tool.mlflow-oidc-client.tracking-servers]]` block, which can be given multiple times in the same `pyproject.toml`.

|Environment Variable|Config File|Default Value|Description|
|-|-|-|-|
|MLFLOW_TRACKING_URI|N/A|N/A|MLflow Tracking Server URI|
|MLFLOW_TRACKING_OIDC_ISSUER|issuer|`None` (required)|OIDC authorization issuer URI|
|MLFLOW_TRACKING_OIDC_CLIENT_ID|client-id|`None` (required)|OIDC client ID|
|MLFLOW_TRACKING_OIDC_CLIENT_SECRET|client-secret|`None`|OIDC client secret|
|MLFLOW_TRACKING_OIDC_REDIRECT_URI|redirect-uri|`"http://127.0.0.1:39303/oauth2/callback"`|OIDC redirect URI|
|MLFLOW_TRACKING_OIDC_SCOPE|scope|`"openid profile email"`|OIDC token scope|
|MLFLOW_TRACKING_OIDC_AUDIENCE|audience|Same as the client ID|OIDC token audience|
|MLFLOW_TRACKING_OIDC_INTERACTIVE|interactive|Interactive by default if the application is public (no client secret)|Require a user login in a browser|
|MLFLOW_TRACKING_OIDC_USE_ID_TOKEN|use-id-token|Use the ID token by default if the application is public (no client secret)|Use the ID token instead of the access token as `Bearer` token in the `Authorization` HTTP header|


Examples
--------

Basic configuration providing interactive login for users:
```toml
[[tool.mlflow-oidc-client.tracking-servers]]
uri = "http://mlflow.example.com/"
issuer = "https://auth.example.com/"
client-id = "<application ID>"
```

Basic configuration for a machine-to-machine scenario (no interactive login required):
```toml
[[tool.mlflow-oidc-client.tracking-servers]]
uri = "http://mlflow.example.com/"
issuer = "https://auth.example.com/"
client-id = "<application ID>"
client-secret = "<application ID>"
audience = "<audience>"  # Required by some providers (e.g. Auth0)
```

To avoid committing the client secret to git, you may pass it as the `MLFLOW_TRACKING_OIDC_CLIENT_SECRET` environment variable.


License
-------

This project is licensed under the terms of the MIT license.


A [yzr](https://www.yzr.ai/) Free and Open Source project.

            

Raw data

            {
    "_id": null,
    "home_page": "https://gitlab.com/lzinsou/mlflow-oidc-client",
    "name": "mlflow-oidc-client",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.10,<4.0",
    "maintainer_email": "",
    "keywords": "mlflow,plugin,mlops,oidc,oauth,oauth2",
    "author": "Loris Zinsou",
    "author_email": "lzinsou@protonmail.com",
    "download_url": "https://files.pythonhosted.org/packages/eb/fc/40a5f419d736c3ac426c07eb4e215c8c303b5482ef32f47279e80000ee4d/mlflow_oidc_client-0.2.4.tar.gz",
    "platform": null,
    "description": "MLflow Client OIDC/OAuth 2.1 Plugin\n===================================\n\nMLflow plugin adding OIDC/OAuth 2.1 authorization support to the client, allowing the use of a tracking server secured behind a compatible proxy.\n\nThe plugin is built with [OIDC Client](https://gitlab.com/lzinsou/oidc-client) and supports the same OIDC/OAuth 2.1 authorization flows:\n- the **authorization code** flow, for interactive user login;\n- the **client credentials** flow, for confidential machine-to-machine communication.\n\nThis plugin supports reading authorization settings from `pyproject.toml`.\n\n\nRequirements\n------------\n\nPython 3.10+  \nMLflow or MLflow Skinny 2+\n\n\nInstallation\n------------\n\n```console\npip install mlflow-oidc-client\n```\n\n\nGetting Started\n---------------\n\nFirst, add the following to the project's `pyproject.toml` configuration file:\n```toml\n[[tool.mlflow-oidc-client.tracking-servers]]\nuri = \"http://mlflow.example.com/\"            # URI of your MLflow Tracking Server\nissuer = \"https://auth.example.com/\"          # URI of your OIDC provider\nclient-id = \"<application ID>\"                # Client ID of your project\n```\n\nYou can now run MLflow client commands without any change. The plugin will match the `MLFLOW_TRACKING_URI` environment variable to the appropriate server configuration found in `pyproject.toml`.\n```console\n# To list logged experiments:\nMLFLOW_TRACKING_URI=http://mlflow.example.com/ mlflow experiments search\n```\n\n\nConfiguration\n-------------\n\nOptions may be set with environment variables or in the `pyproject.toml` configuration file, with environment variables taking precedence.\n\nEach tracking server has its own `[[tool.mlflow-oidc-client.tracking-servers]]` block, which can be given multiple times in the same `pyproject.toml`.\n\n|Environment Variable|Config File|Default Value|Description|\n|-|-|-|-|\n|MLFLOW_TRACKING_URI|N/A|N/A|MLflow Tracking Server URI|\n|MLFLOW_TRACKING_OIDC_ISSUER|issuer|`None` (required)|OIDC authorization issuer URI|\n|MLFLOW_TRACKING_OIDC_CLIENT_ID|client-id|`None` (required)|OIDC client ID|\n|MLFLOW_TRACKING_OIDC_CLIENT_SECRET|client-secret|`None`|OIDC client secret|\n|MLFLOW_TRACKING_OIDC_REDIRECT_URI|redirect-uri|`\"http://127.0.0.1:39303/oauth2/callback\"`|OIDC redirect URI|\n|MLFLOW_TRACKING_OIDC_SCOPE|scope|`\"openid profile email\"`|OIDC token scope|\n|MLFLOW_TRACKING_OIDC_AUDIENCE|audience|Same as the client ID|OIDC token audience|\n|MLFLOW_TRACKING_OIDC_INTERACTIVE|interactive|Interactive by default if the application is public (no client secret)|Require a user login in a browser|\n|MLFLOW_TRACKING_OIDC_USE_ID_TOKEN|use-id-token|Use the ID token by default if the application is public (no client secret)|Use the ID token instead of the access token as `Bearer` token in the `Authorization` HTTP header|\n\n\nExamples\n--------\n\nBasic configuration providing interactive login for users:\n```toml\n[[tool.mlflow-oidc-client.tracking-servers]]\nuri = \"http://mlflow.example.com/\"\nissuer = \"https://auth.example.com/\"\nclient-id = \"<application ID>\"\n```\n\nBasic configuration for a machine-to-machine scenario (no interactive login required):\n```toml\n[[tool.mlflow-oidc-client.tracking-servers]]\nuri = \"http://mlflow.example.com/\"\nissuer = \"https://auth.example.com/\"\nclient-id = \"<application ID>\"\nclient-secret = \"<application ID>\"\naudience = \"<audience>\"  # Required by some providers (e.g. Auth0)\n```\n\nTo avoid committing the client secret to git, you may pass it as the `MLFLOW_TRACKING_OIDC_CLIENT_SECRET` environment variable.\n\n\nLicense\n-------\n\nThis project is licensed under the terms of the MIT license.\n\n\nA [yzr](https://www.yzr.ai/) Free and Open Source project.\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "MLflow plugin adding OIDC/OAuth 2.1 client authorization",
    "version": "0.2.4",
    "project_urls": {
        "Homepage": "https://gitlab.com/lzinsou/mlflow-oidc-client",
        "Repository": "https://gitlab.com/lzinsou/mlflow-oidc-client"
    },
    "split_keywords": [
        "mlflow",
        "plugin",
        "mlops",
        "oidc",
        "oauth",
        "oauth2"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "40abbe256f9628a3e491b80bbdab96c57266a42be4bb9fba4cfa905d1022b83e",
                "md5": "4a92fa4d51f788007a832fe4ba724956",
                "sha256": "6c2b2b563fb11bef9536eb0282a424a21842b77ccc82ed65624a54dca9970f0c"
            },
            "downloads": -1,
            "filename": "mlflow_oidc_client-0.2.4-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "4a92fa4d51f788007a832fe4ba724956",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.10,<4.0",
            "size": 7747,
            "upload_time": "2023-06-06T13:47:53",
            "upload_time_iso_8601": "2023-06-06T13:47:53.109473Z",
            "url": "https://files.pythonhosted.org/packages/40/ab/be256f9628a3e491b80bbdab96c57266a42be4bb9fba4cfa905d1022b83e/mlflow_oidc_client-0.2.4-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "ebfc40a5f419d736c3ac426c07eb4e215c8c303b5482ef32f47279e80000ee4d",
                "md5": "fdb6404a9fd80e77ef65a20edd7a89a9",
                "sha256": "bf4044b951a391f9a1edae69ade6a29802d8640e7dce395735e6ea7a640ecef3"
            },
            "downloads": -1,
            "filename": "mlflow_oidc_client-0.2.4.tar.gz",
            "has_sig": false,
            "md5_digest": "fdb6404a9fd80e77ef65a20edd7a89a9",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.10,<4.0",
            "size": 5947,
            "upload_time": "2023-06-06T13:47:54",
            "upload_time_iso_8601": "2023-06-06T13:47:54.840154Z",
            "url": "https://files.pythonhosted.org/packages/eb/fc/40a5f419d736c3ac426c07eb4e215c8c303b5482ef32f47279e80000ee4d/mlflow_oidc_client-0.2.4.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-06-06 13:47:54",
    "github": false,
    "gitlab": true,
    "bitbucket": false,
    "codeberg": false,
    "gitlab_user": "lzinsou",
    "gitlab_project": "mlflow-oidc-client",
    "lcname": "mlflow-oidc-client"
}
        
Elapsed time: 0.10736s