Closed omizrahi99 closed 3 years ago
c00kiemon5ter
commented
3 years ago Hello! What you are building is an OIDC Provider (aka OP). PyOP is a library that helps you with that, but this particular library is not properly maintained. I would suggest to look at oidcendpoint that is building on top of what was learned when working on pyop.
(I'm pinging @rohe that is leading the oidcendpoint library.)
rohe
commented
3 years ago Hi!
Yes, as Ivan says you should look at oidcendpoint and possibly also oidc-op which gives you an example of an Flask based OP built using oidcendpoint.
I'm a bit occupied right now but hopefully I'll have time later today to give a more complete answer.
omizrahi99
commented
3 years ago Thank you for the responses!
I'll be sure to look at both oidcendpoint and oidc-op.
Last thing, I am currently going through the OpenID Connect Core specification and implementing the main functionality from scratch for learning purposes. Do you guys know of any online community centered on OAuth/OpenID where we can ask/answer questions about the specification?
Thank you again!
rohe
commented
3 years ago Since you're using Python you could connect to the IndentityPython slack (identity-python.slack.com). If I had your email I could have sent you an invite :-)
rohe
commented
3 years ago Regarding what you have to do to connect your authentication module to oidcendpoint have a look at the class UserPassJinja2 in https://github.com/IdentityPython/oidcendpoint/blob/develop/src/oidcendpoint/user_authn/user.py together with how this method is hooked in as defined in https://github.com/IdentityPython/oidc-op/blob/93a995fb761ceaaff97a82de33d2ab7b4e013a7f/flask_op/config.yaml#L195
The configuration specifies an acr (authentication context class reference, tells you what type of authentication this is), the class that implements the authentication method and keyword arguments that are used when the class is initiated.
The class instance is then called using the call method where you can do whatever you want but that must end with the user being redirect to a website that calls the verify method.
The UserPassJinja2 class for instance constructs a web page that contains a form (with username and password boxes) that when activated sends the user to the verify method using this part of views.py . https://github.com/IdentityPython/oidc-op/blob/93a995fb761ceaaff97a82de33d2ab7b4e013a7f/flask_op/views.py#L147
If you need more info don't hesitate to ask.
omizrahi99
commented
3 years ago Since you're using Python you could connect to the IndentityPython slack (identity-python.slack.com). If I had your email I could have sent you an invite :-)
That would be awesome! My email is ori@allthenticate.net. Thank you!
peppelinux
commented
3 years ago See also django-oidc-op, It have a pure oidcendpoint in a Django environment (with template)
It comes with an example project
Hello!
I currently work at a company that has built an authentication API using Python/Flask and we are looking to make it a federated SSO such as Google+ and Facebook.
Would this be possible to implement using this library? If so, how can would I go about hooking in this library into our API so our authentication endpoints can support the OpenID protocol?
Thank you so much!