Skip to main content

Helpers to integrate Single Sign-On in nameko-based applications using Keycloak.

Project description

docs

Documentation Status

tests

Github Actions Build Status
Coverage Status

package

PyPI Package latest release PyPI Wheel Supported versions Supported implementations
Commits since latest release

This package is still work in progress.

Helpers to integrate Single Sign-On in nameko-based applications using Keycloak.

Features

  • nameko service mixin

  • database and model-agnostic user management

  • authentication service

  • fake Keycloak client for use in tests

Installation

pip install nameko-keycloak

You can also install the in-development version with:

pip install https://github.com/emplocity/nameko-keycloak/archive/master.zip

Usage

To set up SSO with Keycloak in your nameko service, follow these steps.

  1. Get Keycloak configuration from realm -> Clients -> Installation, download as Keycloak OIDC JSON.

    Save this configuration in a .json file.

  2. Add the mixin and dependency provider to your service and point to OIDC JSON config:

    from nameko_keycloak.dependencies import KeycloakProvider
    from nameko_keycloak.service import KeycloakSsoServiceMixin
    
    class MyService(KeycloakSsoServiceMixin):
        keycloak = KeycloakProvider("/tmp/keycloak.json")
  3. Set up URLs for HTTP endpoints. The mixin exposes five methods prefixed with keycloak_, which you should use in your HTTP service. Delegate from your entrypoints like this:

    @http("GET", "/login")
    def login_sso(self, request):
        return self.keycloak_login_sso(request)

    This way it is up to you to control the URL routes and any middleware or extra request handling (such as CORS headers).

  4. Implement a fetch_user() method on your service that takes user’s email address as a single argument and returns a user instance for that email (or None if no such user exists in whatever storage you’re using).

    For example:

    def fetch_user(self, email: str) -> Optional[User]:
        user_manager = UserManager(self.db.session)
        return user_manager.get_by_email(email)

    This method is used to ensure that there is a local application user who matches the global identity stored in Keycloak.

  5. (Optionally) Implement success and failure hook methods on your service.

    If you provide keycloak_success() method, the mixin will call it after successful login and redirect from Keycloak back to your application. The method will receive currently logged user as its argument. Similarly the mixin will call keycloak_failure() upon Keycloak errors.

    Example:

    def keycloak_success(self, user: User) -> None:
        logger.info(f"Successful login: {user=}")
    
    def keycloak_failure(self) -> None:
        logger.error("Failed to log in")

Documentation

https://nameko-keycloak.readthedocs.io/

Authors

nameko-keycloak is developed and maintained by Emplocity.

License

This work is released under the Apache 2.0 license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nameko-keycloak-1.0.0.tar.gz (24.2 kB view details)

Uploaded Source

Built Distribution

nameko_keycloak-1.0.0-py3-none-any.whl (13.2 kB view details)

Uploaded Python 3

File details

Details for the file nameko-keycloak-1.0.0.tar.gz.

File metadata

  • Download URL: nameko-keycloak-1.0.0.tar.gz
  • Upload date:
  • Size: 24.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.6

File hashes

Hashes for nameko-keycloak-1.0.0.tar.gz
Algorithm Hash digest
SHA256 76a7a83887300dff8b65b573fec3c46b4cba8623bd8b6683e9b33beef019a55a
MD5 640db0452c450c16acad99cac43aa8f8
BLAKE2b-256 ac82f07d785e4248eb3d2ca36688f90cbe60d7ebc450454668f65abc18c3eec4

See more details on using hashes here.

File details

Details for the file nameko_keycloak-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for nameko_keycloak-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d913e46521b7a5d3b682075447a89daec31bb8551bb7607f95104ad7e8e810dd
MD5 f75d1272a3a5abefed4d0db50adad394
BLAKE2b-256 c7d30c28e470dd1c2b7fd9d467db33ab97121865f136393583732b82e9445ba8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page