MLflow Client OIDC/OAuth 2.1 Plugin
===================================
MLflow plugin adding OIDC/OAuth 2.1 authorization support to the client, allowing the use of a tracking server secured behind a compatible proxy.
The plugin is built with [OIDC Client](https://gitlab.com/lzinsou/oidc-client) and supports the same OIDC/OAuth 2.1 authorization flows:
- the **authorization code** flow, for interactive user login;
- the **client credentials** flow, for confidential machine-to-machine communication.
This plugin supports reading authorization settings from `pyproject.toml`.
Requirements
------------
Python 3.10+
MLflow or MLflow Skinny 2+
Installation
------------
```console
pip install mlflow-oidc-client
```
Getting Started
---------------
First, add the following to the project's `pyproject.toml` configuration file:
```toml
[[tool.mlflow-oidc-client.tracking-servers]]
uri = "http://mlflow.example.com/" # URI of your MLflow Tracking Server
issuer = "https://auth.example.com/" # URI of your OIDC provider
client-id = "<application ID>" # Client ID of your project
```
You can now run MLflow client commands without any change. The plugin will match the `MLFLOW_TRACKING_URI` environment variable to the appropriate server configuration found in `pyproject.toml`.
```console
# To list logged experiments:
MLFLOW_TRACKING_URI=http://mlflow.example.com/ mlflow experiments search
```
Configuration
-------------
Options may be set with environment variables or in the `pyproject.toml` configuration file, with environment variables taking precedence.
Each tracking server has its own `[[tool.mlflow-oidc-client.tracking-servers]]` block, which can be given multiple times in the same `pyproject.toml`.
|Environment Variable|Config File|Default Value|Description|
|-|-|-|-|
|MLFLOW_TRACKING_URI|N/A|N/A|MLflow Tracking Server URI|
|MLFLOW_TRACKING_OIDC_ISSUER|issuer|`None` (required)|OIDC authorization issuer URI|
|MLFLOW_TRACKING_OIDC_CLIENT_ID|client-id|`None` (required)|OIDC client ID|
|MLFLOW_TRACKING_OIDC_CLIENT_SECRET|client-secret|`None`|OIDC client secret|
|MLFLOW_TRACKING_OIDC_REDIRECT_URI|redirect-uri|`"http://127.0.0.1:39303/oauth2/callback"`|OIDC redirect URI|
|MLFLOW_TRACKING_OIDC_SCOPE|scope|`"openid profile email"`|OIDC token scope|
|MLFLOW_TRACKING_OIDC_AUDIENCE|audience|Same as the client ID|OIDC token audience|
|MLFLOW_TRACKING_OIDC_INTERACTIVE|interactive|Interactive by default if the application is public (no client secret)|Require a user login in a browser|
|MLFLOW_TRACKING_OIDC_USE_ID_TOKEN|use-id-token|Use the ID token by default if the application is public (no client secret)|Use the ID token instead of the access token as `Bearer` token in the `Authorization` HTTP header|
Examples
--------
Basic configuration providing interactive login for users:
```toml
[[tool.mlflow-oidc-client.tracking-servers]]
uri = "http://mlflow.example.com/"
issuer = "https://auth.example.com/"
client-id = "<application ID>"
```
Basic configuration for a machine-to-machine scenario (no interactive login required):
```toml
[[tool.mlflow-oidc-client.tracking-servers]]
uri = "http://mlflow.example.com/"
issuer = "https://auth.example.com/"
client-id = "<application ID>"
client-secret = "<application ID>"
audience = "<audience>" # Required by some providers (e.g. Auth0)
```
To avoid committing the client secret to git, you may pass it as the `MLFLOW_TRACKING_OIDC_CLIENT_SECRET` environment variable.
License
-------
This project is licensed under the terms of the MIT license.
A [yzr](https://www.yzr.ai/) Free and Open Source project.
Raw data
{
"_id": null,
"home_page": "https://gitlab.com/lzinsou/mlflow-oidc-client",
"name": "mlflow-oidc-client",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.10,<4.0",
"maintainer_email": "",
"keywords": "mlflow,plugin,mlops,oidc,oauth,oauth2",
"author": "Loris Zinsou",
"author_email": "lzinsou@protonmail.com",
"download_url": "https://files.pythonhosted.org/packages/eb/fc/40a5f419d736c3ac426c07eb4e215c8c303b5482ef32f47279e80000ee4d/mlflow_oidc_client-0.2.4.tar.gz",
"platform": null,
"description": "MLflow Client OIDC/OAuth 2.1 Plugin\n===================================\n\nMLflow plugin adding OIDC/OAuth 2.1 authorization support to the client, allowing the use of a tracking server secured behind a compatible proxy.\n\nThe plugin is built with [OIDC Client](https://gitlab.com/lzinsou/oidc-client) and supports the same OIDC/OAuth 2.1 authorization flows:\n- the **authorization code** flow, for interactive user login;\n- the **client credentials** flow, for confidential machine-to-machine communication.\n\nThis plugin supports reading authorization settings from `pyproject.toml`.\n\n\nRequirements\n------------\n\nPython 3.10+ \nMLflow or MLflow Skinny 2+\n\n\nInstallation\n------------\n\n```console\npip install mlflow-oidc-client\n```\n\n\nGetting Started\n---------------\n\nFirst, add the following to the project's `pyproject.toml` configuration file:\n```toml\n[[tool.mlflow-oidc-client.tracking-servers]]\nuri = \"http://mlflow.example.com/\" # URI of your MLflow Tracking Server\nissuer = \"https://auth.example.com/\" # URI of your OIDC provider\nclient-id = \"<application ID>\" # Client ID of your project\n```\n\nYou can now run MLflow client commands without any change. The plugin will match the `MLFLOW_TRACKING_URI` environment variable to the appropriate server configuration found in `pyproject.toml`.\n```console\n# To list logged experiments:\nMLFLOW_TRACKING_URI=http://mlflow.example.com/ mlflow experiments search\n```\n\n\nConfiguration\n-------------\n\nOptions may be set with environment variables or in the `pyproject.toml` configuration file, with environment variables taking precedence.\n\nEach tracking server has its own `[[tool.mlflow-oidc-client.tracking-servers]]` block, which can be given multiple times in the same `pyproject.toml`.\n\n|Environment Variable|Config File|Default Value|Description|\n|-|-|-|-|\n|MLFLOW_TRACKING_URI|N/A|N/A|MLflow Tracking Server URI|\n|MLFLOW_TRACKING_OIDC_ISSUER|issuer|`None` (required)|OIDC authorization issuer URI|\n|MLFLOW_TRACKING_OIDC_CLIENT_ID|client-id|`None` (required)|OIDC client ID|\n|MLFLOW_TRACKING_OIDC_CLIENT_SECRET|client-secret|`None`|OIDC client secret|\n|MLFLOW_TRACKING_OIDC_REDIRECT_URI|redirect-uri|`\"http://127.0.0.1:39303/oauth2/callback\"`|OIDC redirect URI|\n|MLFLOW_TRACKING_OIDC_SCOPE|scope|`\"openid profile email\"`|OIDC token scope|\n|MLFLOW_TRACKING_OIDC_AUDIENCE|audience|Same as the client ID|OIDC token audience|\n|MLFLOW_TRACKING_OIDC_INTERACTIVE|interactive|Interactive by default if the application is public (no client secret)|Require a user login in a browser|\n|MLFLOW_TRACKING_OIDC_USE_ID_TOKEN|use-id-token|Use the ID token by default if the application is public (no client secret)|Use the ID token instead of the access token as `Bearer` token in the `Authorization` HTTP header|\n\n\nExamples\n--------\n\nBasic configuration providing interactive login for users:\n```toml\n[[tool.mlflow-oidc-client.tracking-servers]]\nuri = \"http://mlflow.example.com/\"\nissuer = \"https://auth.example.com/\"\nclient-id = \"<application ID>\"\n```\n\nBasic configuration for a machine-to-machine scenario (no interactive login required):\n```toml\n[[tool.mlflow-oidc-client.tracking-servers]]\nuri = \"http://mlflow.example.com/\"\nissuer = \"https://auth.example.com/\"\nclient-id = \"<application ID>\"\nclient-secret = \"<application ID>\"\naudience = \"<audience>\" # Required by some providers (e.g. Auth0)\n```\n\nTo avoid committing the client secret to git, you may pass it as the `MLFLOW_TRACKING_OIDC_CLIENT_SECRET` environment variable.\n\n\nLicense\n-------\n\nThis project is licensed under the terms of the MIT license.\n\n\nA [yzr](https://www.yzr.ai/) Free and Open Source project.\n",
"bugtrack_url": null,
"license": "",
"summary": "MLflow plugin adding OIDC/OAuth 2.1 client authorization",
"version": "0.2.4",
"project_urls": {
"Homepage": "https://gitlab.com/lzinsou/mlflow-oidc-client",
"Repository": "https://gitlab.com/lzinsou/mlflow-oidc-client"
},
"split_keywords": [
"mlflow",
"plugin",
"mlops",
"oidc",
"oauth",
"oauth2"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "40abbe256f9628a3e491b80bbdab96c57266a42be4bb9fba4cfa905d1022b83e",
"md5": "4a92fa4d51f788007a832fe4ba724956",
"sha256": "6c2b2b563fb11bef9536eb0282a424a21842b77ccc82ed65624a54dca9970f0c"
},
"downloads": -1,
"filename": "mlflow_oidc_client-0.2.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4a92fa4d51f788007a832fe4ba724956",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10,<4.0",
"size": 7747,
"upload_time": "2023-06-06T13:47:53",
"upload_time_iso_8601": "2023-06-06T13:47:53.109473Z",
"url": "https://files.pythonhosted.org/packages/40/ab/be256f9628a3e491b80bbdab96c57266a42be4bb9fba4cfa905d1022b83e/mlflow_oidc_client-0.2.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "ebfc40a5f419d736c3ac426c07eb4e215c8c303b5482ef32f47279e80000ee4d",
"md5": "fdb6404a9fd80e77ef65a20edd7a89a9",
"sha256": "bf4044b951a391f9a1edae69ade6a29802d8640e7dce395735e6ea7a640ecef3"
},
"downloads": -1,
"filename": "mlflow_oidc_client-0.2.4.tar.gz",
"has_sig": false,
"md5_digest": "fdb6404a9fd80e77ef65a20edd7a89a9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10,<4.0",
"size": 5947,
"upload_time": "2023-06-06T13:47:54",
"upload_time_iso_8601": "2023-06-06T13:47:54.840154Z",
"url": "https://files.pythonhosted.org/packages/eb/fc/40a5f419d736c3ac426c07eb4e215c8c303b5482ef32f47279e80000ee4d/mlflow_oidc_client-0.2.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-06-06 13:47:54",
"github": false,
"gitlab": true,
"bitbucket": false,
"codeberg": false,
"gitlab_user": "lzinsou",
"gitlab_project": "mlflow-oidc-client",
"lcname": "mlflow-oidc-client"
}