Serve static files safely behind OpenIDConnect-compatible authentication (i.e. Okta)
Project description
Serve static files safely behind OpenIDConnect-compatible authentication (i.e. Okta)
OpenID Connect Provider Set-up
Okta
The following steps will get you the values necessary to integrate Okta with your Barrier-protected content.
Go to the Applications section of your Okta admin app. (hint: the url of the admin app is https://<your organization>>-admin.okta.com/dev/console)
Click Add Application
On the Create New Application page, choose Web and click Next
You will need to enter some details about the application:
Name: <your barrier-protected site name>
- Base URIs: https://<your barrier-protected domain>/
or http://localhost:8000 during development)
- Login redirect URIs: https://<your barrier-protected domain>/oidc/callback
or http://localhost:8000/oidc/callback, & http://localhost:5000/oidc/callback during development
Group Assigments: Everyone is fine, unless you have specific requirements.
- Grant Type Allowed:
- Client acting on behalf of itself
[ ] Client Credentials
- Client acting on behalf of a user
[x] Authorization Code
[ ] Refresh Token
[ ] Implicit (Hybrid)
Click Next again
You’re now at the General Settings for your new Okta integration, scroll to the bottom and copy the Client ID and Client secret values.
Visit the Dashboard page and copy the Org URL.
Use the following guide to set your environment variables [1] :
BARRIER_CLIENT_ID = Client ID
BARRIER_CLIENT_SECRET = Client secret
BARRIER_AUTH_URI = <Org URL>/oauth2/default/v1/authorize
BARRIER_TOKEN_URI = <Org URL>/oauth2/default/v1/token
BARRIER_ISSUER = <Org URL>/oauth2/default
BARRIER_USERINFO_URI = <Org URL>/oauth2/default/userinfo
Congratulations! You’re ready to install or deploy!
Installation
$ pip install (--user) https://github.com/gadventures/barrierCommands
The following is a brief overview, but you can call any of these commands with --help for more information.
- barrier-config
Generate “client-secrets.json”, required for running the other commands. See the help text for required options. Options passed on the command line will override any values set in the environment.
- barrier-dev
Flask development server. Useful if extending this project to add more features.
- barrier-wsgi
Gunicorn WSGI wrapper. Can be placed behind nginx, Apache, or whatever you like.
Environment
Required
Name |
Description |
Where to get it |
|---|---|---|
BARRIER_USERINFO_URI |
UserInfo URI. Part of OpenIDConnect secrets configuration. |
OpenID Connect Provider |
BARRIER_ISSUER |
Issuer ID. Part of OpenIDConnect secrets configuration. |
OpenID Connect Provider |
BARRIER_TOKEN_URI |
Token URI. Part of OpenIDConnect secrets configuration. |
OpenID Connect Provider |
BARRIER_AUTH_URI |
Auth URI. Part of OpenIDConnect secrets configuration. |
OpenID Connect Provider |
BARRIER_CLIENT_SECRET |
Client Secret Key. Part of OpenIDConnect secrets configuration. |
OpenID Connect Provider |
BARRIER_CLIENT_ID |
Client ID. Part of OpenIDConnect secrets configuration. |
OpenID Connect Provider |
BARRIER_REDIRECT_URI |
Redirect URI. Part of OpenIDConnect secrets configuration. |
OpenID Connect Provider, The value to set is: https://{your-hostname}/oidc/callback |
BARRIER_SECRET_KEY |
Used for HMAC Authentication. Generate a long random string. |
Any source of random information |
Optional
Name |
Description |
Where to get it |
|---|---|---|
BARRIER_RESOURCE_ROOT |
Root path of static files to serve. (Default: ./build/html) | Wherever you choose to add the static files in your custom layer, or add your files to the default location. |
|
BARRIER_DEFAULT_RESOURCE |
The file/path that users will be redirected to after login. (Default: index.html) |
Probably not necessary to change this. |
BARRIER_CLIENT_SECRETS |
OpenIDConnect secrets configuration file location. If your provider allows automatic configuration download and has a different filename, override with that filename here. (Default: client-secrets.json) |
OpenID Connect Provider |
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file barrier-0.2.1.tar.gz.
File metadata
- Download URL: barrier-0.2.1.tar.gz
- Upload date:
- Size: 7.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/0.12.17 CPython/3.7.4 Darwin/18.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
950b96cb52b788e65f309bf420ef2d7690ee8e881ba30fb2a896a0999815e1d9
|
|
| MD5 |
d85ff926d613b784245d0171188f915e
|
|
| BLAKE2b-256 |
acf6c0ba38dd4a0a2f736f93e054d3250138168e0c13499bbdc443e17a055f86
|
File details
Details for the file barrier-0.2.1-py3-none-any.whl.
File metadata
- Download URL: barrier-0.2.1-py3-none-any.whl
- Upload date:
- Size: 7.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/0.12.17 CPython/3.7.4 Darwin/18.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6190726424b6fd698fa0bdfbb3f96abb16beb4eb0fe8d55e3111463a20d30611
|
|
| MD5 |
66d24db3a746b98fb17c58c89c83d5d6
|
|
| BLAKE2b-256 |
182e869eec7691e0004345533db1ec858caf1d1409b43572052ffbf4647da7c3
|
