OIDC auth plugin for MLflow

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for alex-kh from gravatar.com alex-kh

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR U...)
  • Maintainer: Data Platform folks
  • Tags mlflow, oauth2, oidc
  • Requires: Python >=3.8
  • Provides-Extra: dev, full
Classifiers

Project description

mlflow-oidc-auth

Mlflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider

Installation

To get full version (with entire MLFlow and all dependencies) run:

python3 -m pip install mlflow-oidc-auth[full]

To get skinny version run:

python3 -m pip install mlflow-oidc-auth

Configuration

The plugin required the following environment variables but also supported .env file

Parameter Description
OIDC_REDIRECT_URI Application redirect/callback url (https://example.com/callback)
OIDC_DISCOVERY_URL OIDC Discovery URL
OIDC_CLIENT_SECRET OIDC Client Secret
OIDC_CLIENT_ID OIDC Client ID
OIDC_GROUP_DETECTION_PLUGIN OIDC plugin to detect groups
OIDC_PROVIDER_DISPLAY_NAME any text to display
OIDC_SCOPE OIDC scope
OIDC_GROUP_NAME User group name to be allowed login to MLFlow, currently supported groups in OIDC claims and Microsoft Entra ID groups
OIDC_ADMIN_GROUP_NAME User group name to be allowed login to MLFlow manage and define permissions, currently supported groups in OIDC claims and Microsoft Entra ID groups
OIDC_AUTHORIZATION_URL OIDC Auth URL (if discovery URL is not defined)
OIDC_TOKEN_URL OIDC Token URL (if discovery URL is not defined)
OIDC_USER_URL OIDC User info URL (if discovery URL is not defined)
SECRET_KEY Key to perform cookie encryption
OAUTHLIB_INSECURE_TRANSPORT Development only. Allow to use insecure endpoints for OIDC
LOG_LEVEL Application log level
OIDC_USERS_DB_URI Database connection string

Configuration examples

Okta

OIDC_DISCOVERY_URL = 'https://<your_domain>.okta.com/.well-known/openid-configuration'
OIDC_CLIENT_SECRET ='<super_secret>'
OIDC_CLIENT_ID ='<client_id>'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Okta"
OIDC_SCOPE = "openid,profile,email,groups"
OIDC_GROUP_NAME = "mlflow-users-group-name"
OIDC_ADMIN_GROUP_NAME = "mlflow-admin-group-name"

Microsoft Entra ID

OIDC_DISCOVERY_URL = 'https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration'
OIDC_CLIENT_SECRET = '<super_secret>'
OIDC_CLIENT_ID = '<client_id>'
OIDC_PROVIDER_DISPLAY_NAME = "Login with Microsoft"
OIDC_GROUP_DETECTION_PLUGIN = 'mlflow_oidc_auth.plugins.group_detection_microsoft_entra_id'
OIDC_SCOPE = "openid,profile,email"
OIDC_GROUP_NAME = "mlflow_users_group_name"
OIDC_ADMIN_GROUP_NAME = "mlflow_admins_group_name"

please note, that for getting group membership information, the application should have "GroupMember.Read.All" permission

Development

Preconditions:

The following tools should be installed for local development:

  • git
  • nodejs
  • Python
git clone https://github.com/data-platform-hq/mlflow-oidc-auth
cd mlflow-oidc-auth
./scripts/run-dev-server.sh

License

Apache 2 Licensed. For more information please see LICENSE

Based on MLFlow basic-auth plugin

https://github.com/mlflow/mlflow/tree/master/mlflow/server/auth

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for alex-kh from gravatar.com alex-kh

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR U...)
  • Maintainer: Data Platform folks
  • Tags mlflow, oauth2, oidc
  • Requires: Python >=3.8
  • Provides-Extra: dev, full
Classifiers

Release history Release notifications | RSS feed

2.1.0

2.0.2

This version

2.0.1

2.0.0

1.5.0

1.4.0

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.2

1.1.1

1.1.0

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mlflow_oidc_auth-2.0.1.tar.gz (302.4 kB view details)

Uploaded Source

Built Distribution

mlflow_oidc_auth-2.0.1-py3-none-any.whl (308.3 kB view details)

Uploaded Python 3

File details

Details for the file mlflow_oidc_auth-2.0.1.tar.gz.

File metadata

  • Download URL: mlflow_oidc_auth-2.0.1.tar.gz
  • Upload date:
  • Size: 302.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for mlflow_oidc_auth-2.0.1.tar.gz
Algorithm Hash digest
SHA256 8e99756a87d223632f048667757327ef8d58b7d150378a5ad882961673f39230
MD5 ff510b35d3dc004a211e442d069d82c1
BLAKE2b-256 a165ad94ffcf7b7335cbb95f22c916862ec95d5bcb834cb491bce8dcc889196e

See more details on using hashes here.

File details

Details for the file mlflow_oidc_auth-2.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for mlflow_oidc_auth-2.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d9ad674aa4b04c31bc9984fa944db9c9ab0e040651a425566f9b539c0aca2af7
MD5 9c82ebd517fb769a733200d659718691
BLAKE2b-256 eedee11df4023318b6b92b3e0c824349ccc7819b17a6e318ad8d735312c6f4d9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page