Login to CKAN using The Microsoft Authentication Library (MSAL)
Project description
ckanext-msal
This extension allows you to sign in users with Microsoft identities (Azure AD, Microsoft Accounts and Azure AD B2C accounts). It uses Microsoft MSAL library.
It works with Microsoft 365 accounts. But in future, the situation could change.
Requirements
Compatibility with core CKAN versions:
CKAN version | Compatible? |
---|---|
2.7 and earlier | no |
2.8 | no |
2.9 | no |
2.10.0+ | yes |
Installation
To install ckanext-msal:
-
Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate
-
Clone the source and install it on the virtualenv
git clone https://github.com/mutantsan/ckanext-msal.git cd ckanext-msal pip install -e . pip install -r requirements.txt
-
Add
msal
to theckan.plugins
setting in your CKAN config file (by default the config file is located at/etc/ckan/default/ckan.ini
). -
Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
Config settings
# The application client id. Mandatory option.
ckanext.msal.client_id = 000000-0000-0000-0000-00000000000
# The client secret. Mandatory option.
ckanext.msal.client_secret = 000000-0000-0000-0000-00000000000
# The tenant ID. If it's not provided, the common one for multi-tenant app will be used.
# In this case, the application is not guaranteed to work properly.
# (optional, default: 'common').
ckanext.msal.tenant_id = 000000-0000-0000-0000-00000000000
# The redirect path should be setted up in Azure AD web app config.
# It handles the response from Microsoft.
# (optional, default: "/get_msal_token").
ckanext.msal.redirect_path
# While the session lifespan could be manage only in Azure AD conditional policies panel,
# this option actually implies how often do we send a test request for the Microsoft Graph API
# to check if our Access token is still alive.
# (optional, default: 3600, in seconds).
ckanext.msal.session_lifetime = 3600
# The list of restricted email domains. User won't be able to login under
# an email with those domains (optional, default: None)
ckanext.msal.restrict.domain_list = gmail.com, onmicrosoft.com
# The list of allowed email domains. User won't be able to login under
# any other emails (optional, default: None)
ckanext.msal.restrict.allowed_domain_list = protonmail.com, orgname.onmicrosoft.com
# A message that will be shown to users with a restricted domain
# (optional, default: "Your email domain is restricted. Please, contact site admin.")
ckanext.msal.restrict.error_message
Developer installation
To install ckanext-msal for development, activate your CKAN virtualenv and do:
git clone https://github.com/mutantsan/ckanext-msal.git
cd ckanext-msal
python setup.py develop
pip install -r dev-requirements.txt
Tests
If you changed something - be sure to run tests before merging your changes. To run tests, do:
pytest --ckan-ini=test.ini
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file ckanext_msal-1.5.1.tar.gz
.
File metadata
- Download URL: ckanext_msal-1.5.1.tar.gz
- Upload date:
- Size: 25.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.8.10
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7fff83dbc12f42e3766fb15025a8086ff911cced33d62316bba213762deeba31 |
|
MD5 | eb25f6addda2459c248a16fce2a74e36 |
|
BLAKE2b-256 | 101bc13bc7abda66f82a62a705639b8095bd82b084d723021f7798d0dceb0d13 |
File details
Details for the file ckanext_msal-1.5.1-py3-none-any.whl
.
File metadata
- Download URL: ckanext_msal-1.5.1-py3-none-any.whl
- Upload date:
- Size: 25.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.8.10
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | fe661c56f2963698d4d9ca2a131ed15de6b477248d26a6c1d83b18531f5e3cfd |
|
MD5 | e28fb61f0f81127207b1729f8ddf0c71 |
|
BLAKE2b-256 | b9bd2e5fc9860136dc0d571158082b357dd2d095ea6926af58963a101129d333 |