pretix-oidc


Namepretix-oidc JSON
Version 2.2.1 PyPI version JSON
download
home_pageNone
SummaryOIDC authentication plugin for pretix
upload_time2025-02-01 21:09:03
maintainerNone
docs_urlNone
authorJaakko Rinta-Filppula
requires_pythonNone
licenseApache
keywords pretix oidc
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # pretix OIDC

This is a plugin for [pretix](https://github.com/pretix/pretix).

OIDC authentication plugin for pretix

## Installation

Activate the virtual environment for your pretix installation and run

    pip install git+https://gitlab.fachschaften.org/kif/pretix-oidc.git

To activate the OIDC authentication mechanism add
`pretix_oidc.auth.OIDCAuthBackend` to the list of `pretix.auth_backends` in
your `pretix.cfg`. Add the OIDC configuration to that same file in a new
`oidc` section, values without a default are mandatory:

    [oidc]
    # label on the login button,
    # default: Login with OpenID connect
    title=
    # OIDC URIs, can generally be found unter .well-known/openid-configuration
    # of your OIDC endpoint
    issuer=
    authorization_endpoint=
    token_endpoint=
    userinfo_endpoint=
    end_session_endpoint=
    jwks_uri=
    # OIDC client ID and secret
    client_id=
    client_secret=
    # comma-separated list of scopes to request
    # default: openid
    # recommended: openid,email,profile
    scopes=
    # what OIDC claim pretix should use to uniquely identify OIDC users
    # default: sub
    unique_attribute=

The callback URI on your pretix will be `/oidc/callback/`, enter this at the
appropriate place in your OIDC provider.

Please note that all users with the permission to change organizer settings
will have access to the team assignment rules. Those rules can add users to a
specific team based on an arbitrary OIDC claim when the users log in, this
means that users with the permission to change organizer settings might be
able to enumerate users with a certain OIDC claim when the users log in and
can lead to a data leak.

## Configuration

Users belonging to a team with the permission to change organizer settings can
add team assignment rules on the organizer page > team assignment rules. Users
can be added to a specific team of that organizer based on the value of
arbitrary OIDC attributes (claims). Team assignment rules will apply when
users log in, users matching newly created rules might need to log out and
back in for the assignment to take effect.

## Development setup

1. Make sure that you have a working [pretix development
   setup](https://docs.pretix.eu/en/latest/development/setup.html).
2. Clone this repository.
3. Activate the virtual environment you use for pretix development.
4. Execute `python setup.py develop` within this directory to register
   this application with pretix\'s plugin registry.
5. Execute `make` within this directory to compile translations.
6. Restart your local pretix server. You can now use the plugin from
   this repository for your events by enabling it in the \'plugins\'
   tab in the settings.

This plugin has CI set up to enforce a few code style rules. To check
locally, you need these packages installed:

    pip install flake8 isort black

To check your plugin for rule violations, run:

    black --check .
    isort -c .
    flake8 .

You can auto-fix some of these issues by running:

    isort .
    black .

To automatically check for these issues before you commit, you can run
`.install-hooks`.

## License

Copyright 2023 Jaakko Rinta-Filppula, Felix Schäfer

Released under the terms of the Apache License 2.0

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "pretix-oidc",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": "Felix Sch\u00e4fer <admin@kif.rocks>",
    "keywords": "pretix, oidc",
    "author": "Jaakko Rinta-Filppula",
    "author_email": "Felix Sch\u00e4fer <admin@kif.rocks>",
    "download_url": "https://files.pythonhosted.org/packages/03/7b/d69f747c7450b8ecd51cfcb9290051b99069b8fb0875d4b8f0ade5c433bf/pretix_oidc-2.2.1.tar.gz",
    "platform": null,
    "description": "# pretix OIDC\n\nThis is a plugin for [pretix](https://github.com/pretix/pretix).\n\nOIDC authentication plugin for pretix\n\n## Installation\n\nActivate the virtual environment for your pretix installation and run\n\n    pip install git+https://gitlab.fachschaften.org/kif/pretix-oidc.git\n\nTo activate the OIDC authentication mechanism add\n`pretix_oidc.auth.OIDCAuthBackend` to the list of `pretix.auth_backends` in\nyour `pretix.cfg`. Add the OIDC configuration to that same file in a new\n`oidc` section, values without a default are mandatory:\n\n    [oidc]\n    # label on the login button,\n    # default: Login with OpenID connect\n    title=\n    # OIDC URIs, can generally be found unter .well-known/openid-configuration\n    # of your OIDC endpoint\n    issuer=\n    authorization_endpoint=\n    token_endpoint=\n    userinfo_endpoint=\n    end_session_endpoint=\n    jwks_uri=\n    # OIDC client ID and secret\n    client_id=\n    client_secret=\n    # comma-separated list of scopes to request\n    # default: openid\n    # recommended: openid,email,profile\n    scopes=\n    # what OIDC claim pretix should use to uniquely identify OIDC users\n    # default: sub\n    unique_attribute=\n\nThe callback URI on your pretix will be `/oidc/callback/`, enter this at the\nappropriate place in your OIDC provider.\n\nPlease note that all users with the permission to change organizer settings\nwill have access to the team assignment rules. Those rules can add users to a\nspecific team based on an arbitrary OIDC claim when the users log in, this\nmeans that users with the permission to change organizer settings might be\nable to enumerate users with a certain OIDC claim when the users log in and\ncan lead to a data leak.\n\n## Configuration\n\nUsers belonging to a team with the permission to change organizer settings can\nadd team assignment rules on the organizer page > team assignment rules. Users\ncan be added to a specific team of that organizer based on the value of\narbitrary OIDC attributes (claims). Team assignment rules will apply when\nusers log in, users matching newly created rules might need to log out and\nback in for the assignment to take effect.\n\n## Development setup\n\n1. Make sure that you have a working [pretix development\n   setup](https://docs.pretix.eu/en/latest/development/setup.html).\n2. Clone this repository.\n3. Activate the virtual environment you use for pretix development.\n4. Execute `python setup.py develop` within this directory to register\n   this application with pretix\\'s plugin registry.\n5. Execute `make` within this directory to compile translations.\n6. Restart your local pretix server. You can now use the plugin from\n   this repository for your events by enabling it in the \\'plugins\\'\n   tab in the settings.\n\nThis plugin has CI set up to enforce a few code style rules. To check\nlocally, you need these packages installed:\n\n    pip install flake8 isort black\n\nTo check your plugin for rule violations, run:\n\n    black --check .\n    isort -c .\n    flake8 .\n\nYou can auto-fix some of these issues by running:\n\n    isort .\n    black .\n\nTo automatically check for these issues before you commit, you can run\n`.install-hooks`.\n\n## License\n\nCopyright 2023 Jaakko Rinta-Filppula, Felix Sch\u00e4fer\n\nReleased under the terms of the Apache License 2.0\n",
    "bugtrack_url": null,
    "license": "Apache",
    "summary": "OIDC authentication plugin for pretix",
    "version": "2.2.1",
    "project_urls": {
        "Homepage": "https://gitlab.fachschaften.org/kif/pretix-oidc",
        "Repository": "https://github.com/thegcat/pretix-oidc",
        "Tracker": "https://github.com/thegcat/pretix-oidc/issues",
        "pretix Marketplace": "https://marketplace.pretix.eu/products/oidc/"
    },
    "split_keywords": [
        "pretix",
        " oidc"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "a6c2dda8236cb7e36b9e1bc94296de9052b150bc00d11fc60478a6fe5740ff0f",
                "md5": "a089e350e431f581ddb5d2cbbc9945d8",
                "sha256": "7f9928ce7b45c5134901a856a7a8787a785bcd89c0d4d6057073150b871843f4"
            },
            "downloads": -1,
            "filename": "pretix_oidc-2.2.1-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "a089e350e431f581ddb5d2cbbc9945d8",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 16331,
            "upload_time": "2025-02-01T21:09:01",
            "upload_time_iso_8601": "2025-02-01T21:09:01.606701Z",
            "url": "https://files.pythonhosted.org/packages/a6/c2/dda8236cb7e36b9e1bc94296de9052b150bc00d11fc60478a6fe5740ff0f/pretix_oidc-2.2.1-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "037bd69f747c7450b8ecd51cfcb9290051b99069b8fb0875d4b8f0ade5c433bf",
                "md5": "cdd7befa8e0264932ebeb30a0830b867",
                "sha256": "f0c7e1db41d3571549c6e7dd29b1392cd43dca117cc5aeb9a3bdc13c30245c3e"
            },
            "downloads": -1,
            "filename": "pretix_oidc-2.2.1.tar.gz",
            "has_sig": false,
            "md5_digest": "cdd7befa8e0264932ebeb30a0830b867",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 12521,
            "upload_time": "2025-02-01T21:09:03",
            "upload_time_iso_8601": "2025-02-01T21:09:03.500491Z",
            "url": "https://files.pythonhosted.org/packages/03/7b/d69f747c7450b8ecd51cfcb9290051b99069b8fb0875d4b8f0ade5c433bf/pretix_oidc-2.2.1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-02-01 21:09:03",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "thegcat",
    "github_project": "pretix-oidc",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "pretix-oidc"
}
        
Elapsed time: 0.84937s