Skip to content

Latest commit

 

History

History
59 lines (39 loc) · 3.19 KB

README.md

File metadata and controls

59 lines (39 loc) · 3.19 KB
Raw

Flask-pyoidc

PyPI codecov.io

This repository contains an example of how to use the pyoidc library to provide simple OpenID Connect authentication (using the "Code Flow").

Usage

The extension support both static and dynamic provider configuration discovery as well as static and dynamic client registration. The different modes of provider configuration can be combined in any way with the different client registration modes.

  • Static provider configuration: OIDCAuthentication(provider_configuration_info=provider_config), where provider_config is a dictionary containing the provider metadata.
  • Dynamic provider configuration: OIDCAuthentication(issuer=issuer_url), where issuer_url is the issuer URL of the provider.
  • Static client registration: OIDCAuthentication(client_registration_info=client_info), where client_info is all the registered metadata about the client. The redirect_uris registered with the provider MUST include <flask_url>/redirect_uri, where <flask_url> is the URL for the Flask application.

Configuration

The application using this extension MUST set the following builtin configuration values of Flask:

  • SERVER_NAME (MUST be the same as <flask_url> if using static client registration)
  • SECRET_KEY (this extension relies on Flask sessions, which requires SECRET_KEY)

You may also configure the way Flask sessions handles the user session:

  • PERMANENT_SESSION (added by this extension; makes the session cookie expire after a configurable length of time instead of being tied to the browser session)
  • PERMANENT_SESSION_LIFETIME (the lifetime of a permanent session)

See the Flask documentation for an exhaustive list of configuration options.

Example

Have a look at the example Flask app in app.py for an idea of how to use it.

Specify the error view

If an OAuth error response is received, either in the authentication or token response, it will be passed along to the specified error view. An error view is specified by using the error_view decorator:

from flask import jsonify

@auth.error_view
def error(error=None, error_description=None):
    return jsonify({'error': error, 'message': error_description})

The function specified as the error view MUST accept two parameters, error and error_description, which corresponds to the OIDC/OAuth error parameters.

If no error view is specified a generic error message will be displayed to the user.