2025 Python Packaging Survey is now live!  Take the survey now

A Flask app, wrapping a single OpenID Connect issuer with a Discourse SSO provider interface.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for consideRatio from gravatar.com consideRatio

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache License, Version 2.0)
  • Author: Erik Sundell
Classifiers
Report project as malware

Project description

Discourse SSO OIDC Bridge - A Python PyPI package

This Python package contains a Flask application that when deployed can be used as and endpoint for Discourse when setting up it's SSO. It will then be able to wrap a OIDC provider and avoid various limitations of not being setup as a Discourse SSO provider.

This repo was made standing on the shoulders giants who made most of the initial work. Thank you @fmarco76 and @stevenmirabito!

I also did some refinements thanks to @greut this Medium article.

Installation

Note that this is only a Flask application, you must use gunicorn or another WSGI compatible webserver to host it and setup TLS etc.

WARNING: Not yet tested with Discourse to function, but I'm working on it!

# NOTE: Currently onnly on PyPI's test servers
pip install --upgrade discourse-sso-oidc-bridge-consideratio

Bridge Configuration

This is the common configuration that, default.py.

Config / ENV name Description
SERVER_NAME The domain where you host this app, example: "discourse-sso.example.com". Note that https:// will be assumed.
SECRET_KEY A secret for Flask, just generate one with openssl rand -hex 32.
OIDC_ISSUER An URL to the OIDC issuer. To verify you get this right you can try appending /.well-known/openid-configuration to it and see if you get various JSON details rather than a 404.
OIDC_CLIENT_ID A preregistered client_id on your OIDC issuer.
OIDC_CLIENT_SECRET The provided secret for the the preregistered OIDC_CLIENT_ID.
OIDC_SCOPE Comma seperated OIDC scopes, defaults to "openid,profile".
DISCOURSE_URL The URL of your Discourse deployment, example "https://discourse.example.com".
DISCOURSE_SECRET_KEY A shared secret between the bridge and Discourse, generate one with openssl rand -hex 32.
USERINFO_SSO_MAP Valid JSON object in a string mapping OIDC userinfo attribute names to to Discourse SSO attribute names.
DEFAULT_SSO_ATTRIBUTES Valid JSON object in a string mapping Discourse SSO attributes to default values. By default sub is mapped to external_id and preferred_username to username.
CONFIG_LOCATION The path to a Python file to be loaded as config where OIDC_ISSUER etc. could be set.

OIDC Provider Configuration

You must have a client_id and client_secret from your OIDC issuer. The issuer must also accept redirecting back to <bridge_url>/redirect_uri, which for example could be https://discourse-sso.example.com/redirect_uri.

Development Notes

To make changes and test them

  1. Clone the repo

  2. Install pipenv using pip.

    pip install pipenv

  3. Setup and enter the virtual environment

    pipenv install --dev
pipenv shell

  4. Run the tests

    pytest

Build and upload a PyPI release

  1. Get the build tools

    # install things required for development
pip install --upgrade setuptools wheel
pip install --upgrade twine

  2. Build and upload the package

    pipenv install --dev
pipenv lock -r > requirements.txt
# git tag -a <package-version>
pipenv run python setup.py bdist_wheel
twine upload --skip-existing --username consideratio dist/*

  3. Test install the package

    pip install --upgrade discourse-sso-oidc-bridge-consideratio

  4. Build, run, and push a Docker image

    TAG=0.1.0
docker build -t consideratio/discourse-sso-oidc-bridge:$TAG
docker run --rm consideratio/discourse-sso-oidc-bridge:$TAG
docker push consideratio/discourse-sso-oidc-bridge:$TAG

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page