{"id":20915980,"url":"https://github.com/indico/flask-multipass-cern","last_synced_at":"2025-05-13T10:33:55.392Z","repository":{"id":37822839,"uuid":"273178709","full_name":"indico/flask-multipass-cern","owner":"indico","description":"Flask-Multipass provider for the CERN infrastructure","archived":false,"fork":false,"pushed_at":"2024-11-11T14:04:47.000Z","size":78,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-11T15:19:30.732Z","etag":null,"topics":["hacktoberfest"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/indico.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-18T08:06:39.000Z","updated_at":"2024-11-11T14:04:49.000Z","dependencies_parsed_at":"2022-08-19T15:40:13.428Z","dependency_job_id":"64718e3d-130a-4daf-8b7a-9ec98b68f944","html_url":"https://github.com/indico/flask-multipass-cern","commit_stats":{"total_commits":48,"total_committers":3,"mean_commits":16.0,"dds":0.125,"last_synced_commit":"5455f590b6e41cde21d8519420f7b9f09644b34f"},"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indico%2Fflask-multipass-cern","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indico%2Fflask-multipass-cern/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indico%2Fflask-multipass-cern/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/indico%2Fflask-multipass-cern/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/indico","download_url":"https://codeload.github.com/indico/flask-multipass-cern/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225206883,"owners_count":17438200,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest"],"created_at":"2024-11-18T16:19:13.235Z","updated_at":"2024-11-18T16:19:13.950Z","avatar_url":"https://github.com/indico.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Flask-Multipass-CERN\n\nThis package provides the `cern` auth and identity providers for [Flask-Multipass][multipass].\n\nThese providers are only useful if you are at CERN and intend to use Flask-Multipass\nwith the new Keycloak-based CERN authentication infrastructure.\n\nIn its current state it also overkill if all you want to do is logging in via OIDC. If that's your\ngoal use the `authlib` multipass provider since Keycloak works perfectly fine with it.\n\nIn case you need access to arbitrary group membership information (e.g. for user-managed ACLs) and\nthe ability to search for CERN users, then this is a good choice for you.\n\n## CERN usage details\n\nThe following permissions (requested through the application portal) are needed:\n\n- Token exchange with `authorization-service-api` for basic login functionality\n- Group membership in `authorization-service-groups-readers` for group functionality\n- Group membership in `authorization-service-identity-readers` for user search functionality\n- Tokens with group membership information (optional) - this needs to be requested directly from\n  the authorization service team\n\nRequesting them will most likely require you to have a professional justification.\n\n## Performance\n\nWhen using group membership or user search, the library need to get an \"API access\" token from\nkeycloak which typically takes 200-300ms. Set the `cache` key of the multipass identity\nprovider configuration to the import path of a Flask-Caching instance or a function returning such\nan instance, or the instance itself to enable caching of tokens (until they expire) and group\ndata (30 minutes).\n\nIf group membership information is included in tokens, it will be cached during login so the extra\nAPI call when checking whether a user is in a group won't be needed unless the cached data already\nexpired.\n\n## Note\n\nIn applying the MIT license, CERN does not waive the privileges and immunities granted to it\nby virtue of its status as an Intergovernmental Organization or submit itself to any jurisdiction.\n\n\n[multipass]: https://github.com/indico/flask-multipass\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Findico%2Fflask-multipass-cern","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Findico%2Fflask-multipass-cern","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Findico%2Fflask-multipass-cern/lists"}