区块链扩展技术>> invenio-openid-connect>> 返回
项目作者: oarepo

项目描述 :
OpenID Connect Auth Backend for Invenio
高级语言: Python
项目地址: git://github.com/oarepo/invenio-openid-connect.git
创建时间: 2019-02-01T16:37:32Z
项目社区:https://github.com/oarepo/invenio-openid-connect
开源协议:MIT License
下载


Invenio OpenID Connect

image
image
image

Installation

Invenio OpenID Connect is on PyPI so all you need is:

  1. $ pip install invenio-openid-connect

Configuration

At first add this client to your openid server and get key and secret.
Do not forget to set the allowed redirect url to:

https://localhost:5000/api/oauth/authorized/openid/

Then configure the backend handler in invenio.cfg

  1. from invenio_openid_connect import InvenioAuthOpenIdRemote
  3. OPENIDC_CONFIG = dict(
  4.     base_url='https://<openid-server>/openid/',
  5.     consumer_key='<key from openid server>',
  6.     consumer_secret='<secret from openid server>',
  7.     # request_token_url = base_url
  8.     # access_token_url = f'${base_url}/token'
  9.     # access_token_method = 'POST'
  10.     # authorize_url = f'${base_url}/authorize'
  11.     # userinfo_url = f'${base_url}/userinfo'
  12.     # scope = 'openid email profile'
  13.     # signature_method = 'HMAC-SHA1'
  14.     # # fields that will be used as a source of username (in this order, first field with value wins)
  15.     # username_fields = ['username', 'preferred_username', 'sub', 'email']
  16. )
  18. OAUTHCLIENT_REST_REMOTE_APPS = dict(
  19.     # the class from above, the auth method will be called "openid"
  20.     openid=InvenioAuthOpenIdRemote().remote_app(),
  21. )

Note that the redirect uri above ends with openid - this is the same key as in OAUTHCLIENT_REST_REMOTE_APPS.

Usage

After local configuration and allowing access at your , head in your browser to https://localhost:5000/api/oauth/login/openid?next=/api/oauth/state
(openid is the key in OAUTHCLIENT_REST_REMOTE_APPS). You should log in with your openid provider and be redirected to state
API which accesses your userinfo data.

OpenID backend

To extend the functionality of the backend (for example, to add a custom UserInfo class) you might want to write your own backend.

  1. from invenio_openid_connect import InvenioAuthOpenIdRemote
  3. class CISLoginAuthRemote(InvenioAuthOpenIdRemote):
  4.     # the name of the config settings in invenio.cfg . Default is OPENIDC_CONFIG
  5.     CONFIG_OPENID = 'CIS_LOGIN_CONFIG'
  7.     # human stuff
  8.     name = 'CIS Login Server'
  9.     description = 'Login server at CIS UCT Prague'
  10.     icon = ''
  12.     # userinfo class
  13.     userinfo_cls = CISLoginUserInfoClass

Note that if your userinfo class does not inherit from dict it must implement to_dict method that is used
by the state endpoint.

  1. class CISLoginUserInfoClass:
  2.     sub: str = None
  3.     name: str = None
  4.     preferred_username: str = None
  5.     given_name: str = None
  6.     family_name: str = None
  7.     zoneinfo: str = None
  8.     locale: str = None
  9.     email: str = None
  10.     roles: dict = {}
  12.     def __init__(self, userinfo: dict):
  13.         for k, v in userinfo.items():
  14.             setattr(self, k, v)
  15.         self.roles = userinfo.get('http://cis.vscht.cz/openid#roles', {})
  17.     def to_dict(self):
  18.         return self.__dict__
  20.     @property
  21.     def username(self):
  22.         if self.preferred_username:
  23.             return self.preferred_username
  24.         elif self.email:
  25.             return self.email
  26.         return self.sub

Then configure the remote as above.