Skip to main content

Flask wrapper with pre-configured OAuth2 and OIDC support

Project description

FlaskOIDC

PyPI version License

This package relies purely on the Authlib package. Authlib

A wrapper of Flask with pre-configured OIDC support. Ideal for microservices architecture, each request will be authenticated using Flask's before_request middleware. Necassary endpoints can be whitelisted using an environment variable FLASK_OIDC_WHITELISTED_ENDPOINTS.

Installation:

pip3 install flaskoidc

Usage:

After simply installing the flaskoidc you can simply use it like below:

from flaskoidc import FlaskOIDC
app = FlaskOIDC(__name__)

Configurations:

Please make sure to extend your configurations from BaseConfig (only if you are sure what you are doing. Recommended way is to use the environment variables for the configuration.)

from flaskoidc import FlaskOIDC
from flaskoidc.config import BaseConfig

# Custom configuration class, a subclass of BaseConfig
CustomConfig(BaseConfig):
    DEBUG = True

app = FlaskOIDC(__name__)
app.config.from_object(CustomConfig)

Following ENVIRONMENT VARIABLES MUST be set to get the OIDC working.

FLASK_OIDC_PROVIDER_NAME

(default: 'google')

The name of the OIDC provider, like google, okta, keycloak etc. I have verified this package only for google, okta and keycloak. Please make sure to open a new issue if any of your OIDC provider is not working.

FLASK_OIDC_SCOPES

(default: 'openid email profile')

Scopes required to make your client works with the OIDC provider, separated by a space.

  • OKTA: make sure to add offline_access in your scopes in order to get the refresh_token.

FLASK_OIDC_USER_ID_FIELD

(default: 'email')

Different OIDC providers have different id field for the users. Make sure to adjust this according to what your provider returns in the user profile i.e., id_token.

FLASK_OIDC_CLIENT_ID

(default: '')

Client ID that you get once you create a new application on your OIDC provider.

FLASK_OIDC_CLIENT_SECRET

(default: '')

Client Secret that you get once you create a new application on your OIDC provider.

FLASK_OIDC_REDIRECT_URI

(default: '/auth')

This is the endpoint that your OIDC provider hits to authenticate against your request. This is what you set as one of your REDIRECT URI in the OIDC provider client's settings.

FLASK_OIDC_CONFIG_URL

(default: '')

To simplify OIDC implementations and increase flexibility, OpenID Connect allows the use of a "Discovery document," a JSON document found at a well-known location containing key-value pairs which provide details about the OpenID Connect provider's configuration, including the URIs of the authorization, token, revocation, userinfo, and public-keys endpoints.

Discovery Documents may be retrieved from:

  • Google: https://accounts.google.com/.well-known/openid-configuration
  • OKTA
    • https://[YOUR_OKTA_DOMAIN]/.well-known/openid-configuration
    • https://[YOUR_OKTA_DOMAIN]/oauth2/[AUTH_SERVER_ID]/.well-known/openid-configuration
  • Auth0: https://[YOUR_DOMAIN]/.well-known/openid-configuration
  • `Keycloak: http://[KEYCLOAK_HOST]:[KEYCLOAK_PORT]/auth/realms/[REALM]/.well-known/openid-configuration

A few other environment variables along with their default values are.

# Flask `SECRET_KEY` config value
FLASK_OIDC_SECRET_KEY: '!-flask-oidc-secret-key'

# Comma separated string of URLs which should be exposed without authentication, else all request will be authenticated.
FLASK_OIDC_WHITELISTED_ENDPOINTS: "status,healthcheck,health"

You can also set the config variables specific to Flask-SQLAlchemy using the same key as the environment variables.

# Details about this below in the "Session Management" section.
SQLALCHEMY_DATABASE_URI: 'sqlite:///sessions.db'

Known Issues:

  • Need to make sure it still works with the clients_secrets.json file or via env variables for each endpoint of a custom OIDC provider.
  • refresh_token is not yet working. I am still trying to figure out how to do this using Authlib.
  • You may enter problems when installing cryptography, check its official document

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

adsk-flaskoidc-1.0.4.tar.gz (6.8 kB view details)

Uploaded Source

Built Distribution

adsk_flaskoidc-1.0.4-py3-none-any.whl (11.7 kB view details)

Uploaded Python 3

File details

Details for the file adsk-flaskoidc-1.0.4.tar.gz.

File metadata

  • Download URL: adsk-flaskoidc-1.0.4.tar.gz
  • Upload date:
  • Size: 6.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.6.1 pkginfo/1.7.1 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.53.0 CPython/3.7.9

File hashes

Hashes for adsk-flaskoidc-1.0.4.tar.gz
Algorithm Hash digest
SHA256 6afa57173a53d0b002df4ef7a393c9c238a6939d03dba556d31378ab51233437
MD5 bb816686316a223e4e3f744152977203
BLAKE2b-256 e4624b1bc30dae4e4f5ef5689148f853bc6c8918546373232d5f906d7464f37b

See more details on using hashes here.

File details

Details for the file adsk_flaskoidc-1.0.4-py3-none-any.whl.

File metadata

  • Download URL: adsk_flaskoidc-1.0.4-py3-none-any.whl
  • Upload date:
  • Size: 11.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.6.1 pkginfo/1.7.1 requests/2.27.1 requests-toolbelt/0.9.1 tqdm/4.53.0 CPython/3.7.9

File hashes

Hashes for adsk_flaskoidc-1.0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 8aa4fa0bc86f90858ecf9803794c2ed24a396830a1128b8c73a9317f0af9cc57
MD5 a0d5f9a63a0461c25fdc08cfd8b4d1ed
BLAKE2b-256 1c402c20e81ce4dfdb8f5ad75240035d76e3e61b6256113b2f3b8801aca5db2a

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page