Skip to main content

Serve static files safely behind OpenIDConnect-compatible authentication (i.e. Okta)

Project description

Serve static files safely behind OpenIDConnect-compatible authentication (i.e. Okta)

OpenID Connect Provider Set-up

Okta

The following steps will get you the values necessary to integrate Okta with your Barrier-protected content.

  1. Go to the Applications section of your Okta admin app. (hint: the url of the admin app is https://<your organization>>-admin.okta.com/dev/console)

  2. Click Add Application

  3. On the Create New Application page, choose Web and click Next

  4. You will need to enter some details about the application:

    • Name: <your barrier-protected site name>

    • Base URIs: https://<your barrier-protected domain>/
      • or http://localhost:8000 during development)

    • Login redirect URIs: https://<your barrier-protected domain>/oidc/callback
      • or http://localhost:8000/oidc/callback, & http://localhost:5000/oidc/callback during development

    • Group Assigments: Everyone is fine, unless you have specific requirements.

    • Grant Type Allowed:
      • Client acting on behalf of itself
        • [ ] Client Credentials

      • Client acting on behalf of a user
        • [x] Authorization Code

        • [ ] Refresh Token

        • [ ] Implicit (Hybrid)

  5. Click Next again

  6. You’re now at the General Settings for your new Okta integration, scroll to the bottom and copy the Client ID and Client secret values.

  7. Visit the Dashboard page and copy the Org URL.

  8. Use the following guide to set your environment variables [1] :

    • BARRIER_CLIENT_ID = Client ID

    • BARRIER_CLIENT_SECRET = Client secret

    • BARRIER_AUTH_URI = <Org URL>/oauth2/default/v1/authorize

    • BARRIER_TOKEN_URI = <Org URL>/oauth2/default/v1/token

    • BARRIER_ISSUER = <Org URL>/oauth2/default

    • BARRIER_USERINFO_URI = <Org URL>/oauth2/default/userinfo

  9. Congratulations! You’re ready to install or deploy!

Installation

$ pip install (--user) https://github.com/gadventures/barrier

Commands

The following is a brief overview, but you can call any of these commands with --help for more information.

barrier-config

Generate “client-secrets.json”, required for running the other commands. See the help text for required options. Options passed on the command line will override any values set in the environment.

barrier-dev

Flask development server. Useful if extending this project to add more features.

barrier-wsgi

Gunicorn WSGI wrapper. Can be placed behind nginx, Apache, or whatever you like.

Environment

Required

Name

Description

Where to get it

BARRIER_USERINFO_URI

UserInfo URI. Part of OpenIDConnect secrets configuration.

OpenID Connect Provider

BARRIER_ISSUER

Issuer ID. Part of OpenIDConnect secrets configuration.

OpenID Connect Provider

BARRIER_TOKEN_URI

Token URI. Part of OpenIDConnect secrets configuration.

OpenID Connect Provider

BARRIER_AUTH_URI

Auth URI. Part of OpenIDConnect secrets configuration.

OpenID Connect Provider

BARRIER_CLIENT_SECRET

Client Secret Key. Part of OpenIDConnect secrets configuration.

OpenID Connect Provider

BARRIER_CLIENT_ID

Client ID. Part of OpenIDConnect secrets configuration.

OpenID Connect Provider

BARRIER_REDIRECT_URI

Redirect URI. Part of OpenIDConnect secrets configuration.

OpenID Connect Provider, The value to set is: https://{your-hostname}/oidc/callback

BARRIER_SECRET_KEY

Used for HMAC Authentication. Generate a long random string.

Any source of random information

Optional

Name

Description

Where to get it

BARRIER_RESOURCE_ROOT

Root path of static files to serve. (Default: ./build/html) | Wherever you choose to add the static files in your custom layer, or add your files to the default location.

BARRIER_DEFAULT_RESOURCE

The file/path that users will be redirected to after login. (Default: index.html)

Probably not necessary to change this.

BARRIER_CLIENT_SECRETS

OpenIDConnect secrets configuration file location. If your provider allows automatic configuration download and has a different filename, override with that filename here. (Default: client-secrets.json)

OpenID Connect Provider

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

barrier-0.2.1.tar.gz (7.3 kB view details)

Uploaded Source

Built Distribution

barrier-0.2.1-py3-none-any.whl (7.6 kB view details)

Uploaded Python 3

File details

Details for the file barrier-0.2.1.tar.gz.

File metadata

  • Download URL: barrier-0.2.1.tar.gz
  • Upload date:
  • Size: 7.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/0.12.17 CPython/3.7.4 Darwin/18.6.0

File hashes

Hashes for barrier-0.2.1.tar.gz
Algorithm Hash digest
SHA256 950b96cb52b788e65f309bf420ef2d7690ee8e881ba30fb2a896a0999815e1d9
MD5 d85ff926d613b784245d0171188f915e
BLAKE2b-256 acf6c0ba38dd4a0a2f736f93e054d3250138168e0c13499bbdc443e17a055f86

See more details on using hashes here.

File details

Details for the file barrier-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: barrier-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 7.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/0.12.17 CPython/3.7.4 Darwin/18.6.0

File hashes

Hashes for barrier-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 6190726424b6fd698fa0bdfbb3f96abb16beb4eb0fe8d55e3111463a20d30611
MD5 66d24db3a746b98fb17c58c89c83d5d6
BLAKE2b-256 182e869eec7691e0004345533db1ec858caf1d1409b43572052ffbf4647da7c3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page