Helpers to integrate Single Sign-On in nameko-based applications using Keycloak.
Project description
docs |
|
|---|---|
tests |
  |
package |
     |
This package is still work in progress.
Helpers to integrate Single Sign-On in nameko-based applications using Keycloak.
Features
nameko service mixin
database and model-agnostic user management
authentication service
fake Keycloak client for use in tests
Installation
pip install nameko-keycloak
You can also install the in-development version with:
pip install https://github.com/emplocity/nameko-keycloak/archive/master.zip
Usage
To set up SSO with Keycloak in your nameko service, follow these steps.
Get Keycloak configuration from realm -> Clients -> Installation, download as Keycloak OIDC JSON.
Save this configuration in a .json file.
Add the mixin and dependency provider to your service and point to OIDC JSON config:
from nameko_keycloak.dependencies import KeycloakProvider from nameko_keycloak.service import KeycloakSsoServiceMixin class MyService(KeycloakSsoServiceMixin): keycloak = KeycloakProvider("/tmp/keycloak.json")Set up URLs for HTTP endpoints. The mixin exposes five methods prefixed with keycloak_, which you should use in your HTTP service. Delegate from your entrypoints like this:
@http("GET", "/login") def login_sso(self, request): return self.keycloak_login_sso(request)This way it is up to you to control the URL routes and any middleware or extra request handling (such as CORS headers).
Implement a fetch_user() method on your service that takes user’s email address as a single argument and returns a user instance for that email (or None if no such user exists in whatever storage you’re using).
For example:
def fetch_user(self, email: str) -> Optional[User]: user_manager = UserManager(self.db.session) return user_manager.get_by_email(email)This method is used to ensure that there is a local application user who matches the global identity stored in Keycloak.
(Optionally) Implement success and failure hook methods on your service.
If you provide keycloak_success() method, the mixin will call it after successful login and redirect from Keycloak back to your application. The method will receive currently logged user as its argument. Similarly the mixin will call keycloak_failure() upon Keycloak errors.
Example:
def keycloak_success(self, user: User) -> None: logger.info(f"Successful login: {user=}") def keycloak_failure(self) -> None: logger.error("Failed to log in")
Documentation
License
This work is released under the Apache 2.0 license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file nameko-keycloak-0.6.1.tar.gz.
File metadata
- Download URL: nameko-keycloak-0.6.1.tar.gz
- Upload date:
- Size: 20.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6a0d70f0f68114e1a6b6afd246ee18982978e44750e4a25509a937f11d982b38 |
|
| MD5 | a6ece01cf40d92f5fb21013fb411937f |
|
| BLAKE2b-256 | 46b78b0bc9e1d061ac543f1ecf152c9302caf5f0e0e776ddc86505aaeedc41cd |
File details
Details for the file nameko_keycloak-0.6.1-py3-none-any.whl.
File metadata
- Download URL: nameko_keycloak-0.6.1-py3-none-any.whl
- Upload date:
- Size: 13.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9ea619fe6d794d08477f6752f4bf82a767257be3ca46d8035f7ddf8da68c0af1 |
|
| MD5 | f549e07e24d3205fc8a25b3af5224ea6 |
|
| BLAKE2b-256 | 12b975324f9dbcfe51baf42d5f4ee2d4009c1f83226359fab91769a086251b0e |
