Skip to main content

A lightweight, configurable Identity Provider for development and testing

Project description

NanoIDP

NanoIDP

Tests

A lightweight, configurable Identity Provider for development and testing.
Supports OAuth2/OIDC and SAML 2.0 protocols with a full-featured web UI for configuration.

📖 Documentation

Design principles, non-goals and medium-term direction live in VISION.md.

Features

  • OAuth2 / OIDC - OAuth2/OIDC support for development and integration testing: Authorization Code, Password, Client Credentials, Refresh Token, and Device Authorization grants
  • PKCE Support - Proof Key for Code Exchange (RFC 7636) with S256 and plain methods
  • Security Profiles - stricter-dev (runtime hardening) and oauth21 (draft OAuth 2.1 protocol strictness: PKCE-only S256, rotation, no password grant, registered redirect URIs)
  • Token Management - Introspection (RFC 7662) and Revocation (RFC 7009) endpoints
  • OIDC Logout - End Session endpoint for RP-initiated logout
  • Device Flow - Device Authorization Grant (RFC 8628) for CLI/IoT applications
  • SAML 2.0 - SSO and AttributeQuery endpoints with configurable signed assertions and opt-in verification of signed AuthnRequests
  • MCP Server - Model Context Protocol integration for Claude Code
  • Web UI - Full configuration interface for users, clients, settings, and more
  • YAML Configuration - File-based configuration, no database required
  • Attribute-based Access Control - Flexible authority prefixes and claims mapping
  • Audit Logging - Track all authentication events
  • Docker Support - Ready to deploy with Docker/Docker Compose

Quick Start

pip install nanoidp

python -m nanoidp init    # create ./config (users, settings, keys)
python -m nanoidp         # serve on http://localhost:8000

Get a first token:

curl -X POST 'http://localhost:8000/token' \
  -u 'demo-client:demo-secret' \
  -d 'grant_type=password&username=admin&password=admin&scope=openid'

The admin UI runs at http://localhost:8000. Prefer Docker?

docker run --rm -p 8000:8000 \
  -v $(pwd)/config:/app/config \
  ghcr.io/cdelmonte-zg/nanoidp:latest

Full walkthrough (wizard, custom config paths, docker-compose): Install and Quickstart.

Documentation

The full documentation lives at https://cdelmonte-zg.github.io/nanoidp/:

Security

NanoIDP is a development/testing tool and must NOT be used in production. Defaults favor convenience (plaintext passwords in config, permissive CORS, open redirects); hardening is opt-in via the stricter-dev (runtime) and oauth21 (draft OAuth 2.1 protocol strictness) profiles and explicit settings. The Security guide draws the line precisely.

Development

pip install -e ".[dev]"
pytest

See CONTRIBUTING.md for the development setup, the end-to-end test agent, code quality tooling, and the release process.

License

MIT License - see LICENSE for details.

❤️ Support NanoIDP

NanoIDP is maintained as an open-source project.

If it helps you test OAuth2, OpenID Connect, or SAML flows, you can support its development here:

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nanoidp-2.3.0.tar.gz (94.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nanoidp-2.3.0-py3-none-any.whl (118.6 kB view details)

Uploaded Python 3

File details

Details for the file nanoidp-2.3.0.tar.gz.

File metadata

  • Download URL: nanoidp-2.3.0.tar.gz
  • Upload date:
  • Size: 94.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for nanoidp-2.3.0.tar.gz
Algorithm Hash digest
SHA256 d64d8c06113b7a7be58e4d997767e990f94d015a85b2b3aec4ef34600a45bff6
MD5 9ed27920d444567d0c01655c0c837e15
BLAKE2b-256 728d3f70cb2e799911ae0b127e003586cada26b047e2ad77946e122723035270

See more details on using hashes here.

Provenance

The following attestation bundles were made for nanoidp-2.3.0.tar.gz:

Publisher: publish.yml on cdelmonte-zg/nanoidp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file nanoidp-2.3.0-py3-none-any.whl.

File metadata

  • Download URL: nanoidp-2.3.0-py3-none-any.whl
  • Upload date:
  • Size: 118.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for nanoidp-2.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9188b5196f0494f43be5cae7bc11798a37f15e6d87f59476243f8d6c84d8bfa2
MD5 ce9b5aa3e996575cd2f9d452c4c4092a
BLAKE2b-256 49681f616592b43294d0a48fd89a6878299371962affa9b0b59a1a25fdf42330

See more details on using hashes here.

Provenance

The following attestation bundles were made for nanoidp-2.3.0-py3-none-any.whl:

Publisher: publish.yml on cdelmonte-zg/nanoidp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page