MLflow Client OIDC/OAuth 2.1 Plugin
===================================
MLflow plugin adding OIDC/OAuth 2.1 authorization support to the client, allowing the use of a tracking server secured behind a compatible proxy.
The plugin is built with [OIDC Client](https://gitlab.com/lzinsou/oidc-client) and supports the same OIDC/OAuth 2.1 authorization flows:
- the **authorization code** flow, for interactive user login;
- the **client credentials** flow, for confidential machine-to-machine communication.
This plugin supports reading authorization settings from `pyproject.toml`.
Requirements
------------
Python 3.10+
MLflow or MLflow Skinny 2+
Installation
------------
```console
pip install mlflow-oidc-client-plugin
```
Getting Started
---------------
First, add the following to the project's `pyproject.toml` configuration file:
```toml
[[tool.mlflow-oidc-client-plugin.tracking-servers]]
uri = "http://mlflow.example.com/" # URI of your MLflow Tracking Server
issuer = "https://auth.example.com/" # URI of your OIDC provider
client-id = "<application ID>" # Client ID of your project
```
You can now run MLflow client commands without any change. The plugin will match the `MLFLOW_TRACKING_URI` environment variable to the appropriate server configuration found in `pyproject.toml`.
```console
# To list logged experiments:
MLFLOW_TRACKING_URI=http://mlflow.example.com/ mlflow experiments search
```
Configuration
-------------
Options may be set with environment variables or in the `pyproject.toml` configuration file, with environment variables taking precedence.
Each tracking server has its own `[[tool.mlflow-oidc-client-plugin.tracking-servers]]` block, which can be given multiple times in the same `pyproject.toml`.
|Environment Variable|Config File|Default Value|Description|
|-|-|-|-|
|MLFLOW_TRACKING_URI|N/A|N/A|MLflow Tracking Server URI|
|MLFLOW_TRACKING_OIDC_ISSUER|issuer|`None` (required)|OIDC authorization issuer URI|
|MLFLOW_TRACKING_OIDC_CLIENT_ID|client-id|`None` (required)|OIDC client ID|
|MLFLOW_TRACKING_OIDC_CLIENT_SECRET|client-secret|`None`|OIDC client secret|
|MLFLOW_TRACKING_OIDC_REDIRECT_URI|redirect-uri|`"http://127.0.0.1:39303/oauth2/callback"`|OIDC redirect URI|
|MLFLOW_TRACKING_OIDC_SCOPE|scope|`"openid profile email"`|OIDC token scope|
|MLFLOW_TRACKING_OIDC_AUDIENCE|scope|Same as the client ID|OIDC token audience|
|MLFLOW_TRACKING_OIDC_INTERACTIVE|interactive|Interactive by default if the application is public (no client secret)|Require a user login in a browser|
|MLFLOW_TRACKING_OIDC_USE_ID_TOKEN|use-id-token|Use the ID token by default if the application is public (no client secret)|Use the ID token instead of the access token as `Bearer` token in the `Authorization` HTTP header|
License
-------
This project is licensed under the terms of the MIT license.
A [yzr](https://www.yzr.ai/) Free and Open Source project.
Raw data
{
"_id": null,
"home_page": "https://gitlab.com/lzinsou/mlflow-oidc-client-plugin",
"name": "mlflow-oidc-client-plugin",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.10,<4.0",
"maintainer_email": "",
"keywords": "mlflow,plugin,mlops,oidc,oauth,oauth2",
"author": "Loris Zinsou",
"author_email": "lzinsou@protonmail.com",
"download_url": "https://files.pythonhosted.org/packages/3a/ba/cce95aeaf6fbd9560cd0a982d3c5e15839de546238ae3584cf08f69a6256/mlflow_oidc_client_plugin-0.1.3.tar.gz",
"platform": null,
"description": "MLflow Client OIDC/OAuth 2.1 Plugin\n===================================\n\nMLflow plugin adding OIDC/OAuth 2.1 authorization support to the client, allowing the use of a tracking server secured behind a compatible proxy.\n\nThe plugin is built with [OIDC Client](https://gitlab.com/lzinsou/oidc-client) and supports the same OIDC/OAuth 2.1 authorization flows:\n- the **authorization code** flow, for interactive user login;\n- the **client credentials** flow, for confidential machine-to-machine communication.\n\nThis plugin supports reading authorization settings from `pyproject.toml`.\n\n\nRequirements\n------------\n\nPython 3.10+\nMLflow or MLflow Skinny 2+\n\n\n\nInstallation\n------------\n\n```console\npip install mlflow-oidc-client-plugin\n```\n\n\nGetting Started\n---------------\n\nFirst, add the following to the project's `pyproject.toml` configuration file:\n```toml\n[[tool.mlflow-oidc-client-plugin.tracking-servers]]\nuri = \"http://mlflow.example.com/\" # URI of your MLflow Tracking Server\nissuer = \"https://auth.example.com/\" # URI of your OIDC provider\nclient-id = \"<application ID>\" # Client ID of your project\n```\n\nYou can now run MLflow client commands without any change. The plugin will match the `MLFLOW_TRACKING_URI` environment variable to the appropriate server configuration found in `pyproject.toml`.\n```console\n# To list logged experiments:\nMLFLOW_TRACKING_URI=http://mlflow.example.com/ mlflow experiments search\n```\n\n\nConfiguration\n-------------\n\nOptions may be set with environment variables or in the `pyproject.toml` configuration file, with environment variables taking precedence.\n\nEach tracking server has its own `[[tool.mlflow-oidc-client-plugin.tracking-servers]]` block, which can be given multiple times in the same `pyproject.toml`.\n\n|Environment Variable|Config File|Default Value|Description|\n|-|-|-|-|\n|MLFLOW_TRACKING_URI|N/A|N/A|MLflow Tracking Server URI|\n|MLFLOW_TRACKING_OIDC_ISSUER|issuer|`None` (required)|OIDC authorization issuer URI|\n|MLFLOW_TRACKING_OIDC_CLIENT_ID|client-id|`None` (required)|OIDC client ID|\n|MLFLOW_TRACKING_OIDC_CLIENT_SECRET|client-secret|`None`|OIDC client secret|\n|MLFLOW_TRACKING_OIDC_REDIRECT_URI|redirect-uri|`\"http://127.0.0.1:39303/oauth2/callback\"`|OIDC redirect URI|\n|MLFLOW_TRACKING_OIDC_SCOPE|scope|`\"openid profile email\"`|OIDC token scope|\n|MLFLOW_TRACKING_OIDC_AUDIENCE|scope|Same as the client ID|OIDC token audience|\n|MLFLOW_TRACKING_OIDC_INTERACTIVE|interactive|Interactive by default if the application is public (no client secret)|Require a user login in a browser|\n|MLFLOW_TRACKING_OIDC_USE_ID_TOKEN|use-id-token|Use the ID token by default if the application is public (no client secret)|Use the ID token instead of the access token as `Bearer` token in the `Authorization` HTTP header|\n\n\nLicense\n-------\n\nThis project is licensed under the terms of the MIT license.\n\n\nA [yzr](https://www.yzr.ai/) Free and Open Source project.\n",
"bugtrack_url": null,
"license": "",
"summary": "MLflow plugin adding OIDC/OAuth 2.1 client authorization",
"version": "0.1.3",
"split_keywords": [
"mlflow",
"plugin",
"mlops",
"oidc",
"oauth",
"oauth2"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "2bb5684b340e9b872815db079b0057a34aeaed69cbc2c32bb98c73bd8e5754b6",
"md5": "7d380020ff709dd19ef3787007fc62c9",
"sha256": "5a39635b5226de1eb4f609bac1ebef13648e6acd4ea297c869ad86d256803dcf"
},
"downloads": -1,
"filename": "mlflow_oidc_client_plugin-0.1.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7d380020ff709dd19ef3787007fc62c9",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10,<4.0",
"size": 7540,
"upload_time": "2023-04-27T00:48:57",
"upload_time_iso_8601": "2023-04-27T00:48:57.713072Z",
"url": "https://files.pythonhosted.org/packages/2b/b5/684b340e9b872815db079b0057a34aeaed69cbc2c32bb98c73bd8e5754b6/mlflow_oidc_client_plugin-0.1.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "3abacce95aeaf6fbd9560cd0a982d3c5e15839de546238ae3584cf08f69a6256",
"md5": "4b837e90dd4330499f8942aa5995f524",
"sha256": "8931f36dd34255f48f0496e1dbd26d50f71cf339582704b3e03b3e5eda8d814f"
},
"downloads": -1,
"filename": "mlflow_oidc_client_plugin-0.1.3.tar.gz",
"has_sig": false,
"md5_digest": "4b837e90dd4330499f8942aa5995f524",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10,<4.0",
"size": 5664,
"upload_time": "2023-04-27T00:48:59",
"upload_time_iso_8601": "2023-04-27T00:48:59.778454Z",
"url": "https://files.pythonhosted.org/packages/3a/ba/cce95aeaf6fbd9560cd0a982d3c5e15839de546238ae3584cf08f69a6256/mlflow_oidc_client_plugin-0.1.3.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-04-27 00:48:59",
"github": false,
"gitlab": true,
"bitbucket": false,
"gitlab_user": "lzinsou",
"gitlab_project": "mlflow-oidc-client-plugin",
"lcname": "mlflow-oidc-client-plugin"
}