Skip to main content

Datasette plugin that authenticates users against GitHub

Project description

datasette-auth-github

PyPI CircleCI License

Datasette plugin that authenticates users against GitHub.

This requires datasette master - it uses unreleased plugin hooks.

Setup instructions

  • Install the plugin - pip install datasette-auth-github
  • Create a GitHub OAuth app: https://github.com/settings/applications/new
  • Set the Authorization callback URL to http://127.0.0.1:8001/-/auth-callback
  • Create a metadata.json file with the following structure:
{
    "title": "datasette-auth-github demo",
    "plugins": {
        "datasette-auth-github": {
            "client_id": {"$env": "GITHUB_CLIENT_ID"},
            "client_secret": {"$env": "GITHUB_CLIENT_SECRET"}
        }
    }
}

Now you can start Datasette like this, passing in the secrets as environment variables:

$ GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=YYY datasette \
    fixtures.db -m metadata.json

Note that hard-coding secrets in metadata.json is a bad idea as they will be visible to anyone who can navigate to /-/metadata. Instead, we use a new mechanism for adding secret plugin configuration options.

By default, the plugin will redirect signed-out users directly to GitHub.

If you would rather they saw a "You are logged out" screen with a button first, you can change this behaviour by adding the "disable_auto_login" setting to your configuration:

{
    "plugins": {
        "datasette-auth-github": {
            "client_id": "...",
            "client_secret": "...",
            "disable_auto_login": true
        }
    }
}

Restricting access to specific users

By default the plugin will allow any GitHub user to log in. You can restrict allowed users to a specific list using the allow_users configuration option:

{
    "plugins": {
        "datasette-auth-github": {
            "client_id": "...",
            "client_secret": "...",
            "allow_users": ["simonw"]
        }
    }
}

You can list one or more GitHub usernames here.

Restricting access to specific GitHub organizations

You can also restrict access to users who are members of a specific GitHub organization:

{
    "plugins": {
        "datasette-auth-github": {
            "client_id": "...",
            "client_secret": "...",
            "allow_orgs": ["datasette-project"]
        }
    }
}

allow_orgs and allow_users can both be single strings rather than lists. This means you can publish a new datasette and configure the plugin entirely from the command-line like so:

$ datasette publish nowv1 fixtures.db \
    --alias datasette-auth-demo \
    --install=datasette-auth-github \
    --plugin-secret datasette-auth-github client_id 86e397f7fd7a54d26a3a \
    --plugin-secret datasette-auth-github client_secret ... \
    --plugin-secret datasette-auth-github allow_user simonw

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for datasette-auth-github, version 0.4
Filename, size File type Python version Upload date Hashes
Filename, size datasette_auth_github-0.4-py3-none-any.whl (10.5 kB) File type Wheel Python version py3 Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page