barrier

Serve static files safely behind OpenIDConnect-compatible authentication (i.e. Okta)

These details have not been verified by PyPI

Project links

Project description

Serve static files safely behind OpenIDConnect-compatible authentication (i.e. Okta)

OpenID Connect Provider Set-up

Okta

The following steps will get you the values necessary to integrate Okta with your Barrier-protected content.

Go to the Applications section of your Okta admin app. (hint: the url of the admin app is https://<your organization>>-admin.okta.com/dev/console)
Click Add Application
On the Create New Application page, choose Web and click Next
You will need to enter some details about the application:
- Name: <your barrier-protected site name>
- Base URIs: https://<your barrier-protected domain>/
  - or http://localhost:8000 during development)
- Login redirect URIs: https://<your barrier-protected domain>/oidc/callback
  - or http://localhost:8000/oidc/callback, & http://localhost:5000/oidc/callback during development
- Group Assigments: Everyone is fine, unless you have specific requirements.
- Grant Type Allowed:
  - Client acting on behalf of itself
    
    [ ] Client Credentials
  - Client acting on behalf of a user
    
    [x] Authorization Code
    
    [ ] Refresh Token
    
    [ ] Implicit (Hybrid)
Click Next again
You’re now at the General Settings for your new Okta integration, scroll to the bottom and copy the Client ID and Client secret values.
Visit the Dashboard page and copy the Org URL.
Use the following guide to set your environment variables [1] :
- BARRIER_CLIENT_ID = Client ID
- BARRIER_CLIENT_SECRET = Client secret
- BARRIER_AUTH_URI = <Org URL>/oauth2/default/v1/authorize
- BARRIER_TOKEN_URI = <Org URL>/oauth2/default/v1/token
- BARRIER_ISSUER = <Org URL>/oauth2/default
- BARRIER_USERINFO_URI = <Org URL>/oauth2/default/userinfo
Congratulations! You’re ready to install or deploy!

Installation

$ pip install (--user) https://github.com/gadventures/barrier

Commands

The following is a brief overview, but you can call any of these commands with --help for more information.

barrier-config: Generate “client-secrets.json”, required for running the other commands. See the help text for required options. Options passed on the command line will override any values set in the environment.
barrier-dev: Flask development server. Useful if extending this project to add more features.
barrier-wsgi: Gunicorn WSGI wrapper. Can be placed behind nginx, Apache, or whatever you like.

Environment

Required

Name	Description	Where to get it
BARRIER_USERINFO_URI	UserInfo URI. Part of OpenIDConnect secrets configuration.	OpenID Connect Provider
BARRIER_ISSUER	Issuer ID. Part of OpenIDConnect secrets configuration.	OpenID Connect Provider
BARRIER_TOKEN_URI	Token URI. Part of OpenIDConnect secrets configuration.	OpenID Connect Provider
BARRIER_AUTH_URI	Auth URI. Part of OpenIDConnect secrets configuration.	OpenID Connect Provider
BARRIER_CLIENT_SECRET	Client Secret Key. Part of OpenIDConnect secrets configuration.	OpenID Connect Provider
BARRIER_CLIENT_ID	Client ID. Part of OpenIDConnect secrets configuration.	OpenID Connect Provider
BARRIER_REDIRECT_URI	Redirect URI. Part of OpenIDConnect secrets configuration.	OpenID Connect Provider, The value to set is: https://{your-hostname}/oidc/callback
BARRIER_SECRET_KEY	Used for HMAC Authentication. Generate a long random string.	Any source of random information

Optional

Name	Description	Where to get it
BARRIER_RESOURCE_ROOT	Root path of static files to serve. (Default: ./build/html) \| Wherever you choose to add the static files in your custom layer, or add your files to the default location.
BARRIER_DEFAULT_RESOURCE	The file/path that users will be redirected to after login. (Default: index.html)	Probably not necessary to change this.
BARRIER_CLIENT_SECRETS	OpenIDConnect secrets configuration file location. If your provider allows automatic configuration download and has a different filename, override with that filename here. (Default: client-secrets.json)	OpenID Connect Provider

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

This version

0.2.2

Aug 6, 2019

0.2.1

Aug 5, 2019

0.2.0

Aug 5, 2019

0.1.2

Aug 5, 2019

0.1.1

Aug 5, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

barrier-0.2.2.tar.gz (7.5 kB view details)

Uploaded Aug 6, 2019 Source

Built Distribution

barrier-0.2.2-py3-none-any.whl (7.9 kB view details)

Uploaded Aug 6, 2019 Python 3

File details

Details for the file barrier-0.2.2.tar.gz.

File metadata

Download URL: barrier-0.2.2.tar.gz
Upload date: Aug 6, 2019
Size: 7.5 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: poetry/0.12.17 CPython/3.7.4 Darwin/18.6.0

File hashes

Hashes for barrier-0.2.2.tar.gz
Algorithm	Hash digest
SHA256	`1f9c586a6b8c79006a4500bc2d2270a699a9ebec603ece145dec418fe55e1902`
MD5	`6ab23d3ccc96dbec551924c85a29675a`
BLAKE2b-256	`eeef54c1714f8d32ba2dd8cddd3b3eaa26cec389ea0bf4ac75ccc71b69ba1a60`

See more details on using hashes here.

File details

Details for the file barrier-0.2.2-py3-none-any.whl.

File metadata

Download URL: barrier-0.2.2-py3-none-any.whl
Upload date: Aug 6, 2019
Size: 7.9 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: poetry/0.12.17 CPython/3.7.4 Darwin/18.6.0

File hashes

Hashes for barrier-0.2.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`58f407827a81216bdcbb2ec9b8072240ce86f24f541fc2f773b1fae524bf7578`
MD5	`12e0c3ed17d60118f1a6cf254c63c66e`
BLAKE2b-256	`9e0dffdc5d2dc5d3d68415ae3868f8271aa4a71519acd4e6c8bcb0a1c1d22cd0`