带有PKCE流程的CKAN OIDC认证器
项目描述
ckanext-oidc-pkce
CKAN的PKCE流程认证器OpenID连接。
警告:为Okta开发,未与其他提供商测试。欢迎提交PR或功能请求
该插件为CKAN添加了一个额外路由,允许通过外部应用程序登录。该路由位于 /user/login/oidc-pkce(oid_pkce.login 端点)。原始认证系统未更改,如果您只允许门户上的SSO帐户,则您(或另一个扩展)需要隐藏原始登录页面。
要求
与核心CKAN版本的兼容性
| CKAN版本 | 兼容? |
|---|---|
| 2.9 | 是 |
| 2.10 | 是 |
安装
-
安装软件包
pip install ckanext-oidc-pkce
-
将
oidc_pkce添加到您的CKAN配置文件中的ckan.plugins设置 -
添加SSO设置(有关详细信息,请参阅 配置设置 部分)
配置设置
# URL of SSO application
# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_BASE_URL
ckanext.oidc_pkce.base_url = https://12345.example.okta.com
# ClientID of SSO application
# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_CLIENT_ID
ckanext.oidc_pkce.client_id = clientid
# ClientSecret of SSO application
# (optional, only need id Client App defines a secret, default: "")
# Could be overriden at runtime with env var CKANEXT_OIDC_PKCE_CLIENT_SECRET
ckanext.oidc_pkce.client_secret = clientsecret
# Path to the authorization endpont inside SSO application
# (optional, default: /oauth2/default/v1/authorize)
ckanext.oidc_pkce.auth_path = /auth
# Path to the token endpont inside SSO application
# (optional, default: /oauth2/default/v1/token)
ckanext.oidc_pkce.token_path = /token
# Path to the userinfo endpont inside SSO application
# (optional, default: /oauth2/default/v1/userinfo)
ckanext.oidc_pkce.userinfo_path = /userinfo
# Path to the authentication response handler inside CKAN application
# (optional, default: /user/login/oidc-pkce/callback)
ckanext.oidc_pkce.redirect_path = /local/oidc/handler
# URL to redirect user in case of failed login attempt. When empty(default)
# redirects to `came_from` URL parameter if availabe or to CKAN login page
# otherwise.
# (optional, default: )
ckanext.oidc_pkce.error_redirect = /user/register
# Scope of the authorization token. The plugin expects at least `sub`,
# `email` and `name` attributes.
# (optional, default: openid email profile)
ckanext.oidc_pkce.scope = email
# For newly created CKAN users use the same ID as one from SSO application
# (optional, default: false)
ckanext.oidc_pkce.use_same_id = true
# When connecting to an existing(non-sso) account, override user's password
# so that it becomes impossible to login using CKAN authentication system.
# Enable this flag if you want to force SSO-logins for all users that once
# used SSO-login.
# (optional, default: false)
ckanext.oidc_pkce.munge_password = true
许可证
下载文件
下载适用于您平台的自定义文件。如果您不确定选择哪个,请了解更多关于 安装软件包 的信息。
源代码分发
ckanext-oidc-pkce-0.3.1.tar.gz (23.4 kB 查看哈希值)
构建分发
关闭
ckanext-oidc-pkce-0.3.1.tar.gz 的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | ac7cacd5bf4c0fb1f1fdc478d2536e8f1eacd7245440bec6bd37627449a83d6b |
|
| MD5 | 00a45f3e8308b5201b029d3fa1d1c8f5 |
|
| BLAKE2b-256 | da44dc3a3f38c6e7f018030178b8aabb82831fd2296f5e7f0af37a54b2f343ae |
关闭
ckanext_oidc_pkce-0.3.1-py3-none-any.whl 的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 710d05b66d5294df9119cd8e8b3a5f916c8051060944c160f28a5a141de3d624 |
|
| MD5 | 8ef41572f0283e0ad454b518ef5a41c2 |
|
| BLAKE2b-256 | 141f4d17eaed1da20f092f4d042c8ef2d8a778d118d0d81f27b555d5ec5077b1 |