This flask app can help setup Discourse SSO through OIDC.
Project description
Discourse SSO OIDC Bridge - A Python PyPI package
This Python package contains a Flask application that when deployed can be used as and endpoint for Discourse when setting up it's SSO. It will then be able to wrap a OIDC provider and avoid various limitations of not being setup as a Discourse SSO provider.
This repo was made standing on the shoulders giants who made most of the initial work. Thank you @fmarco76 and @stevenmirabito!
Installation
Note that this is only a Flask application, you must use gunicorn
or another
WSGI compatible webserver to host it and setup TLS etc.
WARNING: Not yet tested with Discourse to function, but I'm working on it!
# NOTE: Currently onnly on PyPI's test servers
pip install --upgrade --index-url https://test.pypi.org/simple/ discourse-sso-oidc-bridge-consideratio
Bridge Configuration
This is the common configuration that, default.py.
Config / ENV name | Description |
---|---|
SERVER_NAME |
The domain where you host this app, example: "discourse-sso.example.com" . Note that https:// will be assumed. |
SECRET_KEY |
A secret for Flask, just generate one with openssl rand -hex 32 . |
OIDC_ISSUER |
An URL to the OIDC issuer. To verify you get this right you can try appending /.well-known/openid-configuration to it and see if you get various JSON details rather than a 404. |
OIDC_CLIENT_ID |
A preregistered client_id on your OIDC issuer. |
OIDC_CLIENT_SECRET |
The provided secret for the the preregistered OIDC_CLIENT_ID . |
OIDC_SCOPE |
Comma seperated OIDC scopes, defaults to "openid,profile" . |
DISCOURSE_URL |
The URL of your Discourse deployment, example "https://discourse.example.com" . |
DISCOURSE_SECRET_KEY |
A shared secret between the bridge and Discourse, generate one with openssl rand -hex 32 . |
USERINFO_SSO_MAP |
Valid JSON object in a string mapping OIDC userinfo attribute names to to Discourse SSO attribute names. |
DEFAULT_SSO_ATTRIBUTES |
Valid JSON object in a string mapping Discourse SSO attributes to default values. By default sub is mapped to external_id and preferred_username to username . |
CONFIG_LOCATION |
The path to a Python file to be loaded as config where OIDC_ISSUER etc. could be set. |
OIDC Provider Configuration
You must have a client_id
and client_secret
from your OIDC issuer. The
issuer must also accept redirecting to <bridge_url>/redirect_uri
, which for
example could be https://discourse-sso.example.com/redirect_uri
.
Development Notes
To make changes and test them
-
Clone the repo
-
Install
pipenv
usingpip
.pip install pipenv
-
Enter the virtual environment
pipenv install --dev pipenv shell
-
Run the tests
pytest
Build and upload a PyPI release
-
Update the version in setup.py
-
Get the build tools
# install things required for development pip install --upgrade setuptools wheel pip install --upgrade twine
-
Build the package
./setup.py sdist bdist_wheel
-
Upload the package
twine upload --skip-existing --repository-url https://test.pypi.org/legacy/ dist/*
-
Test install the package
pip install --upgrade --index-url https://test.pypi.org/simple/ discourse-sso-oidc-bridge-consideratio
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for discourse-sso-oidc-bridge-consideratio-0.0.6.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | c08d5308526f9d7207b15aecf3cde6825603c95fed8580958398d4d23e8c9b98 |
|
MD5 | 63b79f23d9d75b80fbeba7603f39f8a3 |
|
BLAKE2b-256 | 4fcffa290d93601293ab49cb56eb7c4ec7d85f9533f6e44f075e096c0eef715a |
Hashes for discourse_sso_oidc_bridge_consideratio-0.0.6-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c94f33bf8df16c1577bb10f77853b2ef8103cc21d32673b5faec9aadcd673d46 |
|
MD5 | a4d2a09f33e16a6dcf9c2430d84c1c25 |
|
BLAKE2b-256 | 8f0c86013ee15c5b6888855b812a2c1978d584a122bdf57f194345a9067f035e |