Document how to implement a persistent credential store

puiterwijk / flask-oidc

OpenID Connect support for Flask

BSD 2-Clause "Simplified" License

157 stars 219 forks source link

Document how to implement a persistent credential store #78

Open jasper9 opened 5 years ago

jasper9 commented 5 years ago

I see in the code that a memory based credential store is used by default and the existing docs mention in passing what to do but this is not clear to me. Could you document how to implement this via OIDC_CREDENTIALS_STORE?

"Note that you should probably provide the library with a place to store the credentials it has retrieved for the user. These need to be stored in a place where the user themselves or an attacker can not get to them. To provide this, give an object that has setitem and getitem dict APIs implemented as second argument to the init() call. Without this, the library will only work on a single thread, and only retain sessions until the server is restarted." https://flask-oidc.readthedocs.io/en/latest/#flask_oidc.OpenIDConnect.init_app

jasper9 commented 5 years ago

Oh I see - I just wasn't familiar with user created data structures. Seems like something like this works:

class DBCredStore(dict):

def __setitem__(self, sub, item):
      Do something with sub and item.  Sub == Token Subject, item == json blob

def __getitem__(self, sub):
       Retrieve item from where ever you pushed it to

myCreds = DBCredStore()

...snippet...

app.config.update({ ...snippet... 'OIDC_CREDENTIALS_STORE': myCreds, ...snippet... })

hariyerramsetty commented 5 years ago

@jasper9 : Do you have a working example of how this is implemented in real flask app?

panos-stavrianos commented 4 years ago

Hey, you can use SqliteDict

from sqlitedict import SqliteDict

oidc = OpenIDConnect(app, credentials_store=SqliteDict('users.db', autocommit=True))

zloyded commented 3 years ago

have any example how to store credentials with mongoengine?

zloyded commented 3 years ago

project is dead?

rahul-singh-bv commented 2 years ago

Here's what I used to use Firestore as a credentials store in Google Cloud GCP

from google.cloud import firestore
db = firestore.Client()

class CredentialsStore:
    def __getitem__(self, item):
        doc = db.collection("credentials_store").document(item).get()
        if doc.exists:
            return json.dumps(doc.to_dict())
        return ""

    def __setitem__(self, k, v):
        db.collection("credentials_store").document(k).set(json.loads(v))

oidc = OpenIDConnect(app, credentials_store=CredentialsStore())