FLAsk support for oidc Access Tokens
Project description
# FLAsk support for handling Access Tokens - FLAAT
Tested OIDC Providers are
- IAM of the [Deep Hybrid Datacloud](https://deep-hybrid-datacloud.eu) project.
- Unity / B2Access as used in the Helmholtz-Data-Federation
- KIT's Shibboleth installation
- Google
For using the API you will need a valid OIDC access token. For the
commandline you might want to use
[oidc-agent](https://github.com/indigo-dc/oidc-agent) for that .
# License
FLAAT is provided under the [MIT License](https://opensource.org/licenses/MIT)
# Installation
Actually the code should just run straight from github. Python
dependencies include requests, flask, json and functools. Most of which
are pretty standard.
Just *source* install.sh to get a pyve with the dependencies installed:
` . install.sh`
# Documentation
First off there's a pretty neat example.py that you can find all the
examples inside. example.py provides an API via flask that is protected
with `flaat` (FLAsk support for Access Tokens).
`flaat` allows protecting REST interfaces with simple decorators like:
```
@flaat.login_required()
```
`flaat` also supports complex group membership checking. To match two of
the given groups, use:
```
@flaat.group_required(group=['admins@kit.edu', 'employee@kit.edu', 'member@kit.edu'],
claim='eduperson_scoped_affiliation', match=2)
```
The claim parameter allows selecting the OIDC claim in which to look for
group membership.
Once started you can test calls to the example like this:
```
curl http://localhost:8080/valid_user -H "Authorization: Bearer `oidc-token deep`"
```
or
```
http localhost:8080/group_test_hdf "Authorization: Bearer `oidc-token unity`"
```
or
Please find details for usage in example.py and in the respective
docstrings.
Your Bearer token can be any OIDC Access Token.
# Tested OPs:
- https://iam.deep-hybrid-datacloud.eu/
- https://unity.helmholtz-data-federation.de/oauth2/
- https://accounts.google.com/
- https://oidc.scc.kit.edu/auth/realms/kit/
# Open Issues / Roadmap:
- Caching: Don't send the same token twice for verification to the same OP
- Offline verification: Check the signature, in case token is a jwt
- Fix aarc-g002 handling
Tested OIDC Providers are
- IAM of the [Deep Hybrid Datacloud](https://deep-hybrid-datacloud.eu) project.
- Unity / B2Access as used in the Helmholtz-Data-Federation
- KIT's Shibboleth installation
For using the API you will need a valid OIDC access token. For the
commandline you might want to use
[oidc-agent](https://github.com/indigo-dc/oidc-agent) for that .
# License
FLAAT is provided under the [MIT License](https://opensource.org/licenses/MIT)
# Installation
Actually the code should just run straight from github. Python
dependencies include requests, flask, json and functools. Most of which
are pretty standard.
Just *source* install.sh to get a pyve with the dependencies installed:
` . install.sh`
# Documentation
First off there's a pretty neat example.py that you can find all the
examples inside. example.py provides an API via flask that is protected
with `flaat` (FLAsk support for Access Tokens).
`flaat` allows protecting REST interfaces with simple decorators like:
```
@flaat.login_required()
```
`flaat` also supports complex group membership checking. To match two of
the given groups, use:
```
@flaat.group_required(group=['admins@kit.edu', 'employee@kit.edu', 'member@kit.edu'],
claim='eduperson_scoped_affiliation', match=2)
```
The claim parameter allows selecting the OIDC claim in which to look for
group membership.
Once started you can test calls to the example like this:
```
curl http://localhost:8080/valid_user -H "Authorization: Bearer `oidc-token deep`"
```
or
```
http localhost:8080/group_test_hdf "Authorization: Bearer `oidc-token unity`"
```
or
Please find details for usage in example.py and in the respective
docstrings.
Your Bearer token can be any OIDC Access Token.
# Tested OPs:
- https://iam.deep-hybrid-datacloud.eu/
- https://unity.helmholtz-data-federation.de/oauth2/
- https://accounts.google.com/
- https://oidc.scc.kit.edu/auth/realms/kit/
# Open Issues / Roadmap:
- Caching: Don't send the same token twice for verification to the same OP
- Offline verification: Check the signature, in case token is a jwt
- Fix aarc-g002 handling
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
flaat-0.2.0.dev68.tar.gz
(14.8 kB
view hashes)
Built Distribution
Close
Hashes for flaat-0.2.0.dev68-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ba4852e5442b2c30472a75b6c9eb016c84e1ce9d766839e5fc5108a64f110632 |
|
| MD5 | 546c6366dbb7c1d4b06d34d6f7d26e7b |
|
| BLAKE2b-256 | 951c5010664ff0b699f6f5a3518eb2765fba2e419696a49314c097567886f665 |
