OIDC auth plugin for MLflow

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alex-kh from gravatar.com alex-kh

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR U...)
  • Maintainer: Data Platform folks
  • Tags mlflow , oauth2 , oidc
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

mlflow-oidc-auth

Mlflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider

To get it just do pip install mlflow-oidc-auth (mlflow will come as a dependency)

Configuration

The plugin required the following environment variables but also supported .env file

Parameter Description
OIDC_REDIRECT_URI Application redirect/callback url (https://example.com/callback)
OIDC_DISCOVERY_URL OIDC Discovery URL
OIDC_CLIENT_SECRET OIDC Client Secret
OIDC_CLIENT_ID OIDC Client ID
OIDC_PROVIDER_TYPE can be 'oidc' or 'microsoft'
OIDC_PROVIDER_DISPLAY_NAME any text to display
OIDC_SCOPE OIDC scope
OIDC_GROUP_NAME User group name to be allowed login to MLFlow, currently supported groups in OIDC claims and Microsoft Entra ID groups
OIDC_ADMIN_GROUP_NAME User group name to be allowed login to MLFlow manage and define permissions, currently supported groups in OIDC claims and Microsoft Entra ID groups
OIDC_AUTHORIZATION_URL OIDC Auth URL (if discovery URL is not defined)
OIDC_TOKEN_URL OIDC Token URL (if discovery URL is not defined)
OIDC_USER_URL OIDC User info URL (if discovery URL is not defined)
SECRET_KEY Key to perform cookie encryption
OAUTHLIB_INSECURE_TRANSPORT Development only. Allow to use insecure endpoints for OIDC
LOG_LEVEL Application log level
OIDC_USERS_DB_URI Database connection string

Configuration examples

Okta

OIDC_DISCOVERY_URL = 'https://<your_domain>.okta.com/.well-known/openid-configuration'
OIDC_CLIENT_SECRET ='<super_secret>'
OIDC_CLIENT_ID ='<client_id>'
OIDC_PROVIDER_TYPE = 'oidc'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Okta"
OIDC_SCOPE = "openid,profile,email,groups"
OIDC_GROUP_NAME = "mlflow-users-group-name"
OIDC_ADMIN_GROUP_NAME = "mlflow-admin-group-name"

Microsoft Entra ID

OIDC_DISCOVERY_URL = 'https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration'
OIDC_CLIENT_SECRET = '<super_secret>'
OIDC_CLIENT_ID = '<client_id>'
OIDC_PROVIDER_TYPE = 'microsoft'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Microsoft"
OIDC_SCOPE = "openid,profile,email"
OIDC_GROUP_NAME = "mlflow_users_group_name"
OIDC_ADMIN_GROUP_NAME = "mlflow_admins_group_name"

please note, that for getting group membership information, the application should have "GroupMember.Read.All" permission

Development

Preconditions:

The following tools should be installed for local development:

  • git
  • nodejs
  • python
git clone https://github.com/data-platform-hq/mlflow-oidc-auth
cd mlflow-oidc-auth
./scripts/run-dev-server.sh

License

Apache 2 Licensed. For more information please see LICENSE

Based on MLFlow basic-auth plugin

https://github.com/mlflow/mlflow/tree/master/mlflow/server/auth

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alex-kh from gravatar.com alex-kh

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR U...)
  • Maintainer: Data Platform folks
  • Tags mlflow , oauth2 , oidc
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

6.7.1

6.7.0

6.6.5

6.6.4

6.6.3

6.6.2

6.6.1

6.6.0

6.5.0

6.4.0

6.3.0

6.2.0

6.1.2

6.1.1

6.1.0

6.0.0

5.7.0

5.6.1

5.6.0

5.5.2

5.5.1

5.5.0

5.4.0

5.3.1

5.3.0

5.2.0

5.1.2

5.1.1

5.1.0

5.0.1

5.0.0

4.2.1

4.2.0

4.1.0

4.0.0

3.7.0

3.6.1

3.6.0

3.5.0

3.4.0

3.3.0

3.2.0

3.1.1

3.1.0

3.0.0

2.1.0

2.0.2

2.0.1

2.0.0

1.5.0

This version

1.4.0

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.2

1.1.1

1.1.0

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mlflow_oidc_auth-1.4.0.tar.gz (303.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mlflow_oidc_auth-1.4.0-py3-none-any.whl (307.5 kB view details)

Uploaded Python 3

File details

Details for the file mlflow_oidc_auth-1.4.0.tar.gz.

File metadata

  • Download URL: mlflow_oidc_auth-1.4.0.tar.gz
  • Upload date:
  • Size: 303.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.3

File hashes

Hashes for mlflow_oidc_auth-1.4.0.tar.gz
Algorithm Hash digest
SHA256 8a99c29462335ff7192e2d9fdedcb3d981d1afa3acf5d7e77fa98f238ab9d115
MD5 f47a3f063a944f5c60dabeb87e6e0c62
BLAKE2b-256 46d63df10e69c8ae5c49a54839db5cf2195adbc2295d865cbffb975d11cbaf18

See more details on using hashes here.

File details

Details for the file mlflow_oidc_auth-1.4.0-py3-none-any.whl.

File metadata

File hashes

Hashes for mlflow_oidc_auth-1.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 bf18905ee593659201dc7378defc5716b9de34f9a05f503483581920afb0d6fe
MD5 37d1524c65d1e1332c189d99ec4b8b92
BLAKE2b-256 e26c45ea297b2e4bc7e96532f34e85e85e5559d22adc18360fe26aa9f3cba30a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page