Skip to main content

OpenID Provider framework for sanic

Project description

https://img.shields.io/pypi/v/sanic_openid_connect_provider.svg https://img.shields.io/travis/terrycain/sanic-openid-provider.svg Updates

It’s a work-in-progress, Alpha stage I would say. If anyone finds this useful / wants to use it, drop an issue I’d be more than happy to fix it up so its actually helpful to someone other than myself.

Last time I checked it passed around 82 / 93 of the OpenID Connect Provider Certification tests that appear when you tick webfinger, dynamic info discovery, dynamic client registration and select code response type.

It’s pretty usable for the authorization code flow. Still needs a fair amount of re-architecting and cleaning up but I’m trying to make it so you can plug it into various backends like DynamoDB/Redis for token/client storage.

Docs and examples will be coming soon.

Preconditions

The package expects sanic_jinja2 and sanic_session to be in use and configured.

Testing

As said above it passes most of the OpenID tests I’ve ran against it. Below are the ones I haven’t passed yet

Signature + Encryption

Haven’t figured out why the userinfo enc/sig doesnt work yet.

  • OP-IDToken-SigEnc

  • OP-UserInfo-SigEnc

  • OP-request_uri-SigEnc

Claims

Haven’t got around to this bit yet

  • OP-claims-acr-essential

  • OP-claims-acr-voluntary

  • OP-claims-acr=1

Misc Request Parameters

Haven’t dealt with this yet.

  • OP-Req-acr_values

Key Rotation

Need some methods to rotate keys

  • OP-Rotation-OP-Enc

  • OP-Rotation-OP-Sig

  • OP-Rotation-RP-Enc

  • OP-Rotation-RP-Sig

Key creation

RSA Key

openssl genrsa -nodes -out rsa.pem 4096

ECDSA Key

openssl ecparam -name prime256v1 -genkey -noout -out ec.pem
openssl ec -in ec.pem -pubout -out ec.pub

OpenID Connect Node Example

app.js

const express = require('express')
const session = require('express-session');
const OICStrategy = require('passport-openid-connect').Strategy;
const app = express()
const passport = require('passport');

const port = 3000

app.use(session({
    secret: 'words',
    resave: true,
    saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());

const oic = new OICStrategy({
  "issuerHost": "http://9765fb31.ngrok.io",
  "client_id": "kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
  "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
  "redirect_uri": "http://127.0.0.1:3000/callback",
  "scope": "openid email profile"
});

passport.use(oic);
passport.serializeUser(OICStrategy.serializeUser);
passport.deserializeUser(OICStrategy.deserializeUser);

app.get('/login', passport.authenticate('passport-openid-connect', {"successReturnToOrRedirect": "/"}))
app.get('/callback', passport.authenticate('passport-openid-connect', {"callback": true, "successReturnToOrRedirect": "/"}))

app.get('/', (req, res) => {
    console.log(req.user)
    res.json({
        "hello": "world",
        "user": req.user
    })
})

app.listen(port, () => console.log(`Example OpenID Connect app listening on port ${port}!`))

package.json

{
  "name": "openidtest",
  "version": "1.0.0",
  "description": "",
  "main": "app.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "^4.16.4",
    "express-session": "^1.15.6",
    "passport": "^0.4.0",
    "passport-openid-connect": "^0.1.0"
  }
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sanic_openid_connect_provider-0.2.1.tar.gz (34.0 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file sanic_openid_connect_provider-0.2.1.tar.gz.

File metadata

  • Download URL: sanic_openid_connect_provider-0.2.1.tar.gz
  • Upload date:
  • Size: 34.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.20.1 setuptools/40.6.2 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.6.3

File hashes

Hashes for sanic_openid_connect_provider-0.2.1.tar.gz
Algorithm Hash digest
SHA256 bc982b69bce15b2c6e3b382e0850c7e52098920d40c5f556d1fc6ad591b57e0e
MD5 dd066f51643b78c8ddaf32702f7a6dd3
BLAKE2b-256 26fbfefe73bec40687f3b9850a7658f147de138fb562de53fd5e41291a62ff1d

See more details on using hashes here.

Provenance

File details

Details for the file sanic_openid_connect_provider-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: sanic_openid_connect_provider-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 33.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.20.1 setuptools/40.6.2 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.6.3

File hashes

Hashes for sanic_openid_connect_provider-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 4ace8665f56be7e546ff4a8248adc91abdee90dd1390f50ee8e979db92948348
MD5 fcd4ce9c02762bbba2a4ba03ff5df437
BLAKE2b-256 c38d1835283290b01e231e49a74052ba66e927e2059be31d129bc1684a61b468

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page