OpenID Provider framework for sanic
Project description
It’s a work-in-progress, Alpha stage I would say. If anyone finds this useful / wants to use it, drop an issue I’d be more than happy to fix it up so its actually helpful to someone other than myself.
Last time I checked it passed around 82 / 93 of the OpenID Connect Provider Certification tests that appear when you tick webfinger, dynamic info discovery, dynamic client registration and select code response type.
It’s pretty usable for the authorization code flow. Still needs a fair amount of re-architecting and cleaning up but I’m trying to make it so you can plug it into various backends like DynamoDB/Redis for token/client storage.
Docs and examples will be coming soon.
Preconditions
The package expects sanic_jinja2 and sanic_session to be in use and configured.
Testing
As said above it passes most of the OpenID tests I’ve ran against it. Below are the ones I haven’t passed yet
Signature + Encryption
Haven’t figured out why the userinfo enc/sig doesnt work yet.
OP-IDToken-SigEnc
OP-UserInfo-SigEnc
OP-request_uri-SigEnc
Claims
Haven’t got around to this bit yet
OP-claims-acr-essential
OP-claims-acr-voluntary
OP-claims-acr=1
Popup
Doesnt display in a popup box
OP-display-popup
Misc Request Parameters
Haven’t dealt with this yet.
OP-Req-acr_values
Key Rotation
Need some methods to rotate keys
OP-Rotation-OP-Enc
OP-Rotation-OP-Sig
OP-Rotation-RP-Enc
OP-Rotation-RP-Sig
Key creation
RSA Key
openssl genrsa -nodes -out rsa.pem 4096ECDSA Key
openssl ecparam -name prime256v1 -genkey -noout -out ec.pem
openssl ec -in ec.pem -pubout -out ec.pubOpenID Connect Node Example
app.js
const express = require('express')
const session = require('express-session');
const OICStrategy = require('passport-openid-connect').Strategy;
const app = express()
const passport = require('passport');
const port = 3000
app.use(session({
secret: 'words',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
const oic = new OICStrategy({
"issuerHost": "http://9765fb31.ngrok.io",
"client_id": "kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
"client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
"redirect_uri": "http://127.0.0.1:3000/callback",
"scope": "openid email profile"
});
passport.use(oic);
passport.serializeUser(OICStrategy.serializeUser);
passport.deserializeUser(OICStrategy.deserializeUser);
app.get('/login', passport.authenticate('passport-openid-connect', {"successReturnToOrRedirect": "/"}))
app.get('/callback', passport.authenticate('passport-openid-connect', {"callback": true, "successReturnToOrRedirect": "/"}))
app.get('/', (req, res) => {
console.log(req.user)
res.json({
"hello": "world",
"user": req.user
})
})
app.listen(port, () => console.log(`Example OpenID Connect app listening on port ${port}!`))package.json
{
"name": "openidtest",
"version": "1.0.0",
"description": "",
"main": "app.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"express": "^4.16.4",
"express-session": "^1.15.6",
"passport": "^0.4.0",
"passport-openid-connect": "^0.1.0"
}
}Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for sanic_openid_connect_provider-0.1.3.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9e198e302fa3bf50033e6b4632893a1efd77bf044b8d6d070f603ff992568987 |
|
| MD5 | 6c6ea3aaca84107d0f55eb11bb2b2663 |
|
| BLAKE2b-256 | 83a32cdef130eb59293ce4d08919faad77ccae59da7b57b7c79f6677171b1d38 |
Hashes for sanic_openid_connect_provider-0.1.3-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | af037dbb33bf182122a5082f20363650865c0faaff6b2399c5723502d0df0c8c |
|
| MD5 | 4b4b230348a894d5a33ff72a8357d1c4 |
|
| BLAKE2b-256 | bbd96ef53bd9e4af2359aa92fb9e74091274c0a4bac49fce0a6ea122b46f0e57 |
