OIDC auth plugin for MLflow

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alex-kh from gravatar.com alex-kh

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR U...)
  • Maintainer: Data Platform folks
  • Tags mlflow, oauth2, oidc
  • Requires: Python >=3.8
Classifiers

Project description

mlflow-oidc-auth

Mlflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider

To get it just do pip install mlflow-oidc-auth (mlflow will come as a dependency)

Configuration

The plugin required the following environment variables but also supported .env file

Parameter Description
OIDC_REDIRECT_URI Application redirect/callback url (https://example.com/callback)
OIDC_DISCOVERY_URL OIDC Discovery URL
OIDC_CLIENT_SECRET OIDC Client Secret
OIDC_CLIENT_ID OIDC Client ID
OIDC_PROVIDER_TYPE can be 'oidc' or 'microsoft'
OIDC_PROVIDER_DISPLAY_NAME any text to display
OIDC_SCOPE OIDC scope
OIDC_GROUP_NAME User group name to be allowed login to MLFlow, currently supported groups in OIDC claims and Microsoft Entra ID groups
OIDC_ADMIN_GROUP_NAME User group name to be allowed login to MLFlow manage and define permissions, currently supported groups in OIDC claims and Microsoft Entra ID groups
OIDC_AUTHORIZATION_URL OIDC Auth URL (if discovery URL is not defined)
OIDC_TOKEN_URL OIDC Token URL (if discovery URL is not defined)
OIDC_USER_URL OIDC User info URL (if discovery URL is not defined)
SECRET_KEY Key to perform cookie encryption
OAUTHLIB_INSECURE_TRANSPORT Development only. Allow to use insecure endpoints for OIDC
LOG_LEVEL Application log level
OIDC_USERS_DB_URI Database connection string
MLFLOW_TRACKING_USERNAME Credentials for internal communications via API
MLFLOW_TRACKING_PASSWORD Credentials for internal communications via API
MLFLOW_TRACKING_URI URI for internal communications via API

Configuration examples

Okta

OIDC_DISCOVERY_URL = 'https://<your_domain>.okta.com/.well-known/openid-configuration'
OIDC_CLIENT_SECRET ='<super_secret>'
OIDC_CLIENT_ID ='<client_id>'
OIDC_PROVIDER_TYPE = 'oidc'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Okta"
OIDC_SCOPE = "openid,profile,email,groups"
OIDC_GROUP_NAME = "mlflow-users-group-name"
OIDC_ADMIN_GROUP_NAME = "mlflow-admin-group-name"

Microsoft Entra ID

OIDC_DISCOVERY_URL = 'https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration'
OIDC_CLIENT_SECRET = '<super_secret>'
OIDC_CLIENT_ID = '<client_id>'
OIDC_PROVIDER_TYPE = 'microsoft'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Microsoft"
OIDC_SCOPE = "openid,profile,email"
OIDC_GROUP_NAME = "mlflow_users_group_name"
OIDC_ADMIN_GROUP_NAME = "mlflow_admins_group_name"

please note, that for getting group membership information, the application should have "GroupMember.Read.All" permission

Development

Preconditions:

The following tools should be installed for local development:

  • git
  • nodejs
  • python
git clone https://github.com/data-platform-hq/mlflow-oidc-auth
cd mlflow-oidc-auth
./scripts/run-dev-server.sh

License

Apache 2 Licensed. For more information please see LICENSE

Based on MLFlow basic-auth plugin

https://github.com/mlflow/mlflow/tree/master/mlflow/server/auth

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alex-kh from gravatar.com alex-kh

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR U...)
  • Maintainer: Data Platform folks
  • Tags mlflow, oauth2, oidc
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

2.1.0

2.0.2

2.0.1

2.0.0

1.5.0

1.4.0

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

This version

1.1.2

1.1.1

1.1.0

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mlflow-oidc-auth-1.1.2.tar.gz (296.8 kB view details)

Uploaded Source

Built Distribution

mlflow_oidc_auth-1.1.2-py3-none-any.whl (300.7 kB view details)

Uploaded Python 3

File details

Details for the file mlflow-oidc-auth-1.1.2.tar.gz.

File metadata

  • Download URL: mlflow-oidc-auth-1.1.2.tar.gz
  • Upload date:
  • Size: 296.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.3

File hashes

Hashes for mlflow-oidc-auth-1.1.2.tar.gz
Algorithm Hash digest
SHA256 3805afb5cc12b7cf8496a41dbc4e5f47c707837f3e24afa160f2b1df528d8120
MD5 5be12811751ad0510c29626971481921
BLAKE2b-256 42af60728b164dbc32bc8005dbac2f859554c18f0bbd156d9c5a1bade6f799c5

See more details on using hashes here.

File details

Details for the file mlflow_oidc_auth-1.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for mlflow_oidc_auth-1.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 9792b62a17149be0899bf208a700ba798a909dc6c54cf6802e79777fc0dae937
MD5 7c93239ef919345c84c7cb4feed3641c
BLAKE2b-256 6b91ca5dc670887b934bfe37cbdedfb7cf56d2e97fc0436daeedf3c39ef26d2d

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page