GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → verdan → flaskoidc

verdan / flaskoidc

Licence: Apache-2.0 license
A wrapper of Flask with pre-configured OIDC support

Programming Languages

python
139335 projects - #7 most used programming language

Labels

flaskoidcflask-wrapperflask-oidc

Projects that are alternatives of or similar to flaskoidc

gluu-gateway
Gluu API 🚀 and Web Gateway 🎯
Stars: ✭ 29 (-12.12%)
Mutual labels:  oidc
aws-cdk-github-oidc
CDK constructs to use OpenID Connect for authenticating your Github Action workflow with AWS IAM
Stars: ✭ 59 (+78.79%)
Mutual labels:  oidc
native-java-examples
Native Java Apps with Micronaut, Quarkus, and Spring Boot
Stars: ✭ 44 (+33.33%)
Mutual labels:  oidc
okta-jhipster-microservices-oauth-example
A microservices architecture built with JHipster, OAuth 2.0, and Okta
Stars: ✭ 29 (-12.12%)
Mutual labels:  oidc
account-sdk-browser
Schibsted Account SDK for browsers
Stars: ✭ 16 (-51.52%)
Mutual labels:  oidc
auth0-xamarin-oidc-samples
Auth0 OIDC Client with Xamarin applications
Stars: ✭ 26 (-21.21%)
Mutual labels:  oidc
k8s-pixy-auth
k8s plugin to authenticate against an OIDC compatible issuer using PKCE (pixy) flow
Stars: ✭ 24 (-27.27%)
Mutual labels:  oidc
cap
A collection of authentication Go packages related to OIDC, JWKs and Distributed Claims.
Stars: ✭ 328 (+893.94%)
Mutual labels:  oidc
okta-spring-boot-react-crud-example
Simple CRUD with React and Spring Boot 2.0
Stars: ✭ 214 (+548.48%)
Mutual labels:  oidc
schematics
Schematics for adding Okta Auth to your projects
Stars: ✭ 60 (+81.82%)
Mutual labels:  oidc
core
Enterprise Grade #NodeJS Platform implementing Industry Standards & Patterns in order to provide Connectivity, Stability, High-Availability and High-Performance
Stars: ✭ 54 (+63.64%)
Mutual labels:  oidc
bilrost
Kubernetes controller/operator to set up OAUTH2/OIDC security on any ingress based service
Stars: ✭ 17 (-48.48%)
Mutual labels:  oidc
okta-spring-boot-vue-crud-example
A Todo App that showcases Spring Boot, Vue.js, and Okta's support for both.
Stars: ✭ 33 (+0%)
Mutual labels:  oidc
casdoor
An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS, QQ group: 645200447
Stars: ✭ 4,147 (+12466.67%)
Mutual labels:  oidc
eks
AWS EKS - kubernetes project
Stars: ✭ 149 (+351.52%)
Mutual labels:  oidc
AspNetCoreMvcAngular
ASP.NET Core MVC with angular in MVC View OpenID Connect Hybrid Flow
Stars: ✭ 54 (+63.64%)
Mutual labels:  oidc
fastapi-azure-auth
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 B2C, single- and multi-tenant support.
Stars: ✭ 174 (+427.27%)
Mutual labels:  oidc
mock-oauth2-server
A scriptable/customizable web server for testing HTTP clients using OAuth2/OpenID Connect or applications with a dependency to a running OAuth2 server (i.e. APIs requiring signed JWTs from a known issuer)
Stars: ✭ 83 (+151.52%)
Mutual labels:  oidc
okta-spring-security-5-example
Authentication with Spring Security 5 and Okta OIDC
Stars: ✭ 16 (-51.52%)
Mutual labels:  oidc
IdentityServer4.PhoneNumberAuth
Sample passwordless phone number authentication using OAuth in ASP.NET Core 2.2
Stars: ✭ 83 (+151.52%)
Mutual labels:  oidc
View All Similar Projects ➔

FlaskOIDC

PyPI version License

This package relies purely on the Authlib package. Authlib

A wrapper of Flask with pre-configured OIDC support. Ideal for microservices architecture, each request will be authenticated using Flask's before_request middleware. Necassary endpoints can be whitelisted using an environment variable FLASK_OIDC_WHITELISTED_ENDPOINTS.

Installation:

pip3 install flaskoidc

Usage:

After simply installing the flaskoidc you can simply use it like below:

from flaskoidc import FlaskOIDC
app = FlaskOIDC(__name__)

Configurations:

Please make sure to extend your configurations from BaseConfig (only if you are sure what you are doing. Recommended way is to use the environment variables for the configuration.)

from flaskoidc import FlaskOIDC
from flaskoidc.config import BaseConfig

# Custom configuration class, a subclass of BaseConfig
CustomConfig(BaseConfig):
    DEBUG = True

app = FlaskOIDC(__name__)
app.config.from_object(CustomConfig)

Following ENVIRONMENT VARIABLES MUST be set to get the OIDC working.

FLASK_OIDC_PROVIDER_NAME

(default: 'google')

The name of the OIDC provider, like google, okta, keycloak etc. I have verified this package only for google, okta and keycloak. Please make sure to open a new issue if any of your OIDC provider is not working.

FLASK_OIDC_SCOPES

(default: 'openid email profile')

Scopes required to make your client works with the OIDC provider, separated by a space.

  • OKTA: make sure to add offline_access in your scopes in order to get the refresh_token.

FLASK_OIDC_USER_ID_FIELD

(default: 'email')

Different OIDC providers have different id field for the users. Make sure to adjust this according to what your provider returns in the user profile i.e., id_token.

FLASK_OIDC_CLIENT_ID

(default: '')

Client ID that you get once you create a new application on your OIDC provider.

FLASK_OIDC_CLIENT_SECRET

(default: '')

Client Secret that you get once you create a new application on your OIDC provider.

FLASK_OIDC_FORCE_SCHEME

(default: 'http')

Can be used to force a URL scheme when crafting a redirect_uri in '/login' route. Useful when Flask application is behind an ingress doing TLS termination.

FLASK_OIDC_REDIRECT_URI

(default: '/auth')

This is the endpoint that your OIDC provider hits to authenticate against your request. This is what you set as one of your REDIRECT URI in the OIDC provider client's settings.

FLASK_OIDC_CONFIG_URL

(default: '')

To simplify OIDC implementations and increase flexibility, OpenID Connect allows the use of a "Discovery document," a JSON document found at a well-known location containing key-value pairs which provide details about the OpenID Connect provider's configuration, including the URIs of the authorization, token, revocation, userinfo, and public-keys endpoints.

Discovery Documents may be retrieved from:

  • Google: https://accounts.google.com/.well-known/openid-configuration
  • OKTA
    • https://[YOUR_OKTA_DOMAIN]/.well-known/openid-configuration
    • https://[YOUR_OKTA_DOMAIN]/oauth2/[AUTH_SERVER_ID]/.well-known/openid-configuration
  • Auth0: https://[YOUR_DOMAIN]/.well-known/openid-configuration
  • Keycloak: http://[KEYCLOAK_HOST]:[KEYCLOAK_PORT]/auth/realms/[REALM]/.well-known/openid-configuration

FLASK_OIDC_OVERWRITE_REDIRECT_URI

(default: '/') In some cases you may need to redirect to a different endpoint after a successful login. This environment lets you set that endpoint. By default, this redirects to /.

FLASK_OIDC_PROVIDER_ADDITIONAL_PARAMETERS_FILE_PATH

(default: None)

The absolute path to a json file holding key value pairs of additional parameters ro be appended during client registration. This will overwrite any default parameters for a given OIDC provider.

....

A few other environment variables along with their default values are.

# Flask `SECRET_KEY` config value
FLASK_OIDC_SECRET_KEY: '!-flask-oidc-secret-key'

# Comma separated string of URLs which should be exposed without authentication, else all request will be authenticated.
FLASK_OIDC_WHITELISTED_ENDPOINTS: "status,healthcheck,health"

You can also set the config variables specific to Flask-SQLAlchemy using the same key as the environment variables.

# Details about this below in the "Session Management" section.
SQLALCHEMY_DATABASE_URI: 'sqlite:///sessions.db'

Known Issues:

  • Need to make sure it still works with the clients_secrets.json file or via env variables for each endpoint of a custom OIDC provider.
  • You may enter problems when installing cryptography, check its official document
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].