Skip to main content

OpenID Provider framework for sanic

Project description

https://img.shields.io/pypi/v/sanic_openid_connect_provider.svg https://img.shields.io/travis/terrycain/sanic-openid-provider.svg Updates

It’s a work-in-progress, Alpha stage I would say. If anyone finds this useful / wants to use it, drop an issue I’d be more than happy to fix it up so its actually helpful to someone other than myself.

Last time I checked it passed around 82 / 93 of the OpenID Connect Provider Certification tests that appear when you tick webfinger, dynamic info discovery, dynamic client registration and select code response type.

It’s pretty usable for the authorization code flow. Still needs a fair amount of re-architecting and cleaning up but I’m trying to make it so you can plug it into various backends like DynamoDB/Redis for token/client storage.

Docs and examples will be coming soon.

Preconditions

The package expects sanic_jinja2 and sanic_session to be in use and configured.

Testing

As said above it passes most of the OpenID tests I’ve ran against it. Below are the ones I haven’t passed yet

Signature + Encryption

Haven’t figured out why the userinfo enc/sig doesnt work yet.

  • OP-IDToken-SigEnc

  • OP-UserInfo-SigEnc

  • OP-request_uri-SigEnc

Claims

Haven’t got around to this bit yet

  • OP-claims-acr-essential

  • OP-claims-acr-voluntary

  • OP-claims-acr=1

Misc Request Parameters

Haven’t dealt with this yet.

  • OP-Req-acr_values

Key Rotation

Need some methods to rotate keys

  • OP-Rotation-OP-Enc

  • OP-Rotation-OP-Sig

  • OP-Rotation-RP-Enc

  • OP-Rotation-RP-Sig

Key creation

RSA Key

openssl genrsa -nodes -out rsa.pem 4096

ECDSA Key

openssl ecparam -name prime256v1 -genkey -noout -out ec.pem
openssl ec -in ec.pem -pubout -out ec.pub

OpenID Connect Node Example

app.js

const express = require('express')
const session = require('express-session');
const OICStrategy = require('passport-openid-connect').Strategy;
const app = express()
const passport = require('passport');

const port = 3000

app.use(session({
    secret: 'words',
    resave: true,
    saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());

const oic = new OICStrategy({
  "issuerHost": "http://9765fb31.ngrok.io",
  "client_id": "kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
  "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
  "redirect_uri": "http://127.0.0.1:3000/callback",
  "scope": "openid email profile"
});

passport.use(oic);
passport.serializeUser(OICStrategy.serializeUser);
passport.deserializeUser(OICStrategy.deserializeUser);

app.get('/login', passport.authenticate('passport-openid-connect', {"successReturnToOrRedirect": "/"}))
app.get('/callback', passport.authenticate('passport-openid-connect', {"callback": true, "successReturnToOrRedirect": "/"}))

app.get('/', (req, res) => {
    console.log(req.user)
    res.json({
        "hello": "world",
        "user": req.user
    })
})

app.listen(port, () => console.log(`Example OpenID Connect app listening on port ${port}!`))

package.json

{
  "name": "openidtest",
  "version": "1.0.0",
  "description": "",
  "main": "app.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "^4.16.4",
    "express-session": "^1.15.6",
    "passport": "^0.4.0",
    "passport-openid-connect": "^0.1.0"
  }
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sanic_openid_connect_provider-0.2.4.tar.gz (34.0 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file sanic_openid_connect_provider-0.2.4.tar.gz.

File metadata

  • Download URL: sanic_openid_connect_provider-0.2.4.tar.gz
  • Upload date:
  • Size: 34.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.20.1 setuptools/40.6.2 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.6.3

File hashes

Hashes for sanic_openid_connect_provider-0.2.4.tar.gz
Algorithm Hash digest
SHA256 9949af50f15be0706e31aac1a9b6d708de65852db12615cd7c9f3416c1d7c079
MD5 50bf8eafd237f4dd0cd4db9c8e714a9e
BLAKE2b-256 f39ec85484608ba217b6e1ca80f2fe84170f85f131ccef2bd563133d5037146f

See more details on using hashes here.

Provenance

File details

Details for the file sanic_openid_connect_provider-0.2.4-py3-none-any.whl.

File metadata

  • Download URL: sanic_openid_connect_provider-0.2.4-py3-none-any.whl
  • Upload date:
  • Size: 33.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.20.1 setuptools/40.6.2 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.6.3

File hashes

Hashes for sanic_openid_connect_provider-0.2.4-py3-none-any.whl
Algorithm Hash digest
SHA256 338312f2fa9aea3ddef67abcee018827bcaf5c161ed80d564797778550ab7e60
MD5 baa2678259e6617395aa449bf449ba5c
BLAKE2b-256 e6df78bb59e1388f20785fb53b3fba70410eac2c950b302ca6fd82976b98c54b

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page