Datasette authentication using IndieAuth and RelMeAuth
Project description
datasette-indieauth
Datasette authentication using IndieAuth.
Demo
You can try out the latest version of this plugin at datasette-indieauth-demo.datasette.io
Installation
Install this plugin in the same environment as Datasette.
$ datasette install datasette-indieauth
Usage
Ensure you have a website with a domain that supports IndieAuth or RelMeAuth. The easiest way to do that is to add the following HTML to your homepage, linking to your personal GitHub profile:
<link href="https://github.com/simonw" rel="me">
<link rel="authorization_endpoint" href="https://indieauth.com/auth">
Your GitHub profile needs to link back to your website, to prove that your GitHub account should be a valid identifier for that page.
Now visit /-/indieauth
on your Datasette instance to begin the sign-in progress.
Actor
When a user signs in using IndieAuth they will be recieve a signed ds_actor
cookie identifying them as an actor that looks like this:
{
"me": "https://simonwillison.net/",
"display": "simonwillison.net"
}
If the IndieAuth server returned additional "profile"
fields those will be merged into the actor. You can visit /-/actor
on your Datasette instance to see the full actor you are currently signed in as.
Restricting access with the restrict_access plugin configuration
You can use Datasette's permissions system to control permissions of authenticated users - by default, an authenticated user will be able to perform the same actions as an unauthenticated user.
As a shortcut if you want to lock down access to your instance entirely to just specific users, you can use the restrict_access
plugin configuration option like this:
{
"plugins": {
"datasette-indieauth": {
"restrict_access": "https://simonwillison.net/"
}
}
}
This can be a string or a list of user identifiers. It can also be a space separated list, which means you can use it with the datasette publish --plugin-secret
configuration option to set permissions as part of a deployment, like this:
datasette publish vercel mydb.db --project my-secret-db \
--install datasette-indieauth \
--plugin-secret datasette-indieauth restrict_access https://simonwillison.net/
Development
To set up this plugin locally, first checkout the code. Then create a new virtual environment:
cd datasette-indieauth
python3 -mvenv venv
source venv/bin/activate
Or if you are using pipenv
:
pipenv shell
Now install the dependencies and tests:
pip install -e '.[test]'
To run the tests:
pytest
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for datasette-indieauth-1.2.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9e12803cf5ccda49441b59e4e3732221fec2a6ef4f98fb0233ef9ed4a4ec802c |
|
MD5 | a1d0fa45ee5865403ce6cb999b30308b |
|
BLAKE2b-256 | 34413106cfe6586f927e1baf803ebf305b902aa92d2b153b30ee5dfa5239531b |
Hashes for datasette_indieauth-1.2.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7e7ccd1acc2baaff694e1054c44e7f5dea2b5f430de1872f3798e4fce430ab27 |
|
MD5 | ecd4d693f6ec71c235269b3d04a38517 |
|
BLAKE2b-256 | f284d3ad936ff94f0d716e71423b23685a63a07617e7c3b0c973aa538d81ad97 |