{"id":43238814,"url":"https://github.com/libris/xl_auth","last_synced_at":"2026-02-01T11:14:34.048Z","repository":{"id":24746343,"uuid":"102331882","full_name":"libris/xl_auth","owner":"libris","description":"Authorization and OAuth2 provider for Libris XL","archived":false,"fork":false,"pushed_at":"2025-12-02T13:38:18.000Z","size":1745,"stargazers_count":4,"open_issues_count":7,"forks_count":2,"subscribers_count":14,"default_branch":"develop","last_synced_at":"2025-12-05T11:24:51.868Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://login.libris.kb.se","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/libris.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-09-04T07:28:35.000Z","updated_at":"2025-12-02T13:38:20.000Z","dependencies_parsed_at":"2024-03-25T11:51:05.795Z","dependency_job_id":"04b65e4a-e727-42ff-be25-d0661b4608f8","html_url":"https://github.com/libris/xl_auth","commit_stats":null,"previous_names":[],"tags_count":54,"template":false,"template_full_name":null,"purl":"pkg:github/libris/xl_auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libris%2Fxl_auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libris%2Fxl_auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libris%2Fxl_auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libris%2Fxl_auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/libris","download_url":"https://codeload.github.com/libris/xl_auth/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libris%2Fxl_auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28977317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T09:57:52.632Z","status":"ssl_error","status_checked_at":"2026-02-01T09:57:49.143Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-01T11:14:33.341Z","updated_at":"2026-02-01T11:14:34.040Z","avatar_url":"https://github.com/libris.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# xl_auth\n\nAuthorization and OAuth2 provider for LibrisXL.\n\n## Quickstart\n\nFirst, set your app's secret key as an environment variable. For\nexample, add the following to `.bashrc` or `.bash_profile`.\n\n``` bash\nexport XL_AUTH_SECRET='something-really-secret'\n```\n\nMake sure https://github.com/astral-sh/uv is installed.\n\nRun the following commands to bootstrap your environment:\n\n    git clone https://github.com/libris/xl_auth\n    cd xl_auth\n    npm install\n    export FLASK_APP=$(pwd)/autoapp.py\n    export FLASK_DEBUG=1\n    npm run build\n    uv run flask db upgrade\n    flask create-user --email me@example.com -p password --is-admin --is-active\n    npm start  # run webpack dev server and flask server using concurrently\n\nYou will see a pretty welcome screen.\n\nIn general, before running flask shell commands, set the `FLASK_APP` and\n`FLASK_DEBUG` environment variables:\n\n    export FLASK_APP=/path/to/autoapp.py\n    export FLASK_DEBUG=1\n\nSetting FLASK_DEBUG=1 will tell the application to use `DevConfig` as\nspecified in ./xl_auth/settings.py. This configuration sets up a SQLite\ndb for development and points the SQLALCHEMY_DATABASE_URI environment\nvariable to this db.\n\n## Shell\n\nTo open the interactive shell, run:\n\n    uv run flask shell\n\nBy default, you will have access to the flask `app`.\n\n## Localization\n\nTo compile Swedish localization support using Babel, run:\n\n    uv run flask translate\n\n_Note_: Might fail with a `RuntimeError` if your shell env is set to\nuse ASCII. Solve it like so:\n\n    export LC_ALL=sv_SE.UTF-8\n    export LANG=sv_SE.UTF-8\n\n## Running Tests\n\nTo run all tests, run:\n\n    uv run flask test\n\n## Migrations\n\nWhenever a database migration needs to be made. Run the following commands:\n\n    uv run flask db migrate\n\nThis will generate a new migration script. Then run:\n\n    uv run flask db upgrade\n\nTo apply the migration.\n\nFor a full migration command reference, run `uv run flask db --help`.\n\n## Asset Management\n\nFiles placed inside the `assets` directory and its subdirectories\n(excluding `js` and `css`) will be copied by webpack's Asset Modules\ninto the `static/build` directory, with hashes of their contents\nappended to their names.\n\nFor instance, if you have a file `assets/img/favicon.ico`, this will get\ncopied into something like\n`static/build/img/favicon.fec40b1d14528bf9179da3b6b78079ad.ico`.\n\nYou can then put this line into your header:\n\n    \u003clink rel=\"shortcut icon\" href=\"{{ static_url_for('static', 'filename=img/favicon.ico') }}\"\u003e\n\nto refer to it inside your HTML page. If all of your static files are\nmanaged this way, then their filenames will change whenever their\ncontents do, and you can ask Flask to tell web browsers that they should\ncache all your assets forever by including the following line in your\n`settings.py`:\n\n    SEND_FILE_MAX_AGE_DEFAULT = 31556926  # one year\n\n## Project Notes\n\nTechnology choices:\n\n-   `libsodium` and [Argon2](https://en.wikipedia.org/wiki/Argon2) for\n    hashing?\n-   Early-on Docker integration for easy testing during ahead of first\n    stable release\n-   Solution implemented as Gunicorn-Flask application, intended to run\n    behind Nginx reverse-proxying in production and utilizing\n    [Flask-OAuthlib](https://flask-oauthlib.readthedocs.io/en/latest/)\n    for OAuth2 support\n-   Python 3.8+\n-   The production database of choice is Postgres, using SQLAlchemy\n    PostgreSQL Engine\n\n## DB Models\n\n![DB model](https://user-images.githubusercontent.com/51744858/60274493-6bd5dd00-98f8-11e9-889f-e7527add8745.png)\n\n## Changelog\n\n### v. 1.11.0\n\n- Bump various dependencies, notably Gunicorn to 22.0.0\n\n### v. 1.10.0\n\n- Bump dependencies to make xl_auth work with newer (3.9+) versions of Python\n- Make Dockerfile work again\n- Update README; remove outdated things\n- Remove old, unused Ansible files\n- Remove old, unused docker-compose file\n- Convert README from rst to Markdown\n- Upgrade to Flask 2.2.x\n- Bump various Python and Node.js dependencies\n\n### v. 1.9.0\n\n-   Include user id in [/verify]{.title-ref} response\n\n### v. 1.8.3\n\nBump dependencies\n\n### v. 1.8.2\n\n-   CSS fixes\n\n### v. 1.8.1\n\n-   Bump version number\n\n### v. 1.8.0\n\n-   Soft-delete users in web interface and using [flask\n    soft-delete-user]{.title-ref}; support changing user email address\n\n### v. 1.7.1\n\n-   Make locally stored token lifetime explicit\n\n### v. 1.7.0\n\n-   Adaptions to run with Python 3 and Postgres 13\n-   Bump dependencies and fix security warnings\n\n### v. 1.6.0\n\n-   Update/remove links related to GDPR/Libris info and support\n\n### v. 1.5.0\n\n-   Add \\'Global Registrant\\' permission type\n\n### v. 1.4.0\n\n-   Clarify copy\n\n### v. 1.3.0\n\n-   Add support for OAuth2 Backend Application FLow\n\n### v. 1.2.0\n\n-   Update ToS page\n\n### v. 1.1.0\n\n-   Add GDPR information\n\n### v. 1.0.0\n\n-   Allow cataloging admins to create and edit cataloging admin\n    permissions\n-   Save scope authorization in user session\n-   Allow CORS requests\n\n### v. 0.8.0\n\n-   Add support for OAuth2 implicit flow\n\n### v. 0.7.8\n\n-   Add CLI tool for purging a user from the system\n    ([#148](https://github.com/libris/xl_auth/issues/148))\n-   Clean up Jenkinsfile\n\n### v. 0.7.7\n\n-   Replace Docker container runtimes with local installs of xl_auth and\n    Postgres ([#178](https://github.com/libris/xl_auth/issues/178))\n-   Copy improvements / UX\n    ([#176](https://github.com/libris/xl_auth/issues/176),\n    [#173](https://github.com/libris/xl_auth/issues/173))\n\n### v. 0.7.6\n\n-   Production hardening\n    ([#179](https://github.com/libris/xl_auth/issues/179),\n    [#175](https://github.com/libris/xl_auth/issues/175),\n    [#174](https://github.com/libris/xl_auth/issues/174))\n\n### v. 0.7.5\n\n-   Security improvements\n    ([#154](https://github.com/libris/xl_auth/issues/154),\n    [#155](https://github.com/libris/xl_auth/issues/155))\n-   UX enhancements\n    ([#114](https://github.com/libris/xl_auth/issues/114))\n-   Monitoring of Nginx logs\n    ([#157](https://github.com/libris/xl_auth/issues/157))\n\n### v. 0.7.4\n\n-   UX enhancements\n    ([#128](https://github.com/libris/xl_auth/issues/128),\n    [#151](https://github.com/libris/xl_auth/issues/151))\n\n### v. 0.7.3\n\n-   UX enhancements\n    ([#149](https://github.com/libris/xl_auth/issues/149),\n    [#146](https://github.com/libris/xl_auth/issues/146))\n\n### v. 0.7.2\n\n-   Added support for creating new users directly from register/edit\n    permission views\n    ([#140](https://github.com/libris/xl_auth/issues/140))\n-   UX enhancements\n    ([#142](https://github.com/libris/xl_auth/issues/142),\n    [#133](https://github.com/libris/xl_auth/issues/133))\n-   Link to Permissions\\' overview removed from navbar\n-   Ignoring/discarding permissions on inactive collections\n\n### v. 0.7.1\n\n-   Revised API endpoints for registering/editing permissions; now\n    allowing cataloging admins to register new and edit existing\n    permissions on their collections\n    ([#126](https://github.com/libris/xl_auth/issues/126))\n-   UX enhancements\n    ([#129](https://github.com/libris/xl_auth/issues/129),\n    [#134](https://github.com/libris/xl_auth/issues/134),\n    [#131](https://github.com/libris/xl_auth/issues/131),\n    [#130](https://github.com/libris/xl_auth/issues/130))\n\n### v. 0.7.0\n\n-   Preserve permissions created by others than \u003clibris@kb.se\u003e superuser\n-   Revised API endpoint for deleting permissions; now allowing\n    cataloging admins to delete permissions on their collections\n    ([#123](https://github.com/libris/xl_auth/issues/123))\n\n### v. 0.6.4\n\n-   Provisioning and stability updates\n    ([#121](https://github.com/libris/xl_auth/issues/121),\n    [#122](https://github.com/libris/xl_auth/issues/122))\n\n### v. 0.6.3\n\n-   Added \\\"view collection\\\" link to user profile page\n-   *Terms of Service* view added, requesting the user to approve\n    ([#112](https://github.com/libris/xl_auth/issues/112))\n-   Bug fix for loading Voyager permissions on SEK\n    ([#113](https://github.com/libris/xl_auth/issues/113))\n-   Bug fix for permissions exchange with LibrisXL\n    ([#110](https://github.com/libris/xl_auth/issues/110))\n\n### v. 0.6.2\n\n-   Secret usability improvements for admin interface\n\n### v. 0.6.1\n\n-   Under-the-hood traceability updates\n    ([#78](https://github.com/libris/xl_auth/issues/78))\n\n### v. 0.6.0\n\n-   Added support for resetting forgotten user account passwords\n    ([#41](https://github.com/libris/xl_auth/issues/41))\n-   When registering new user accounts, opting in for a password reset\n    email is the preferred way of enabling them to login\n    ([#102](https://github.com/libris/xl_auth/issues/102))\n\n### v. 0.5.8\n\n-   Update internal links to reference users by ID instead of email\n    ([#25](https://github.com/libris/xl_auth/issues/25))\n-   Refactored OAuth2 (internal) paths\n\n### v. 0.5.7\n\n-   Reuse existing OAuth2 tokens on refresh\n\n### v. 0.5.6\n\n-   Fix broken 0.5.5 build\n\n### v. 0.5.5\n\n-   Bug fix for OAuth2 token handling\n\n### v. 0.5.4\n\n-   UI fixes for OAuth2 authorization view\n-   Bug fix for `/oauth/token` API endpoint\n\n### v. 0.5.3\n\n-   Add collection name to `/oauth/verify` response\n-   Fix broken database migration\n    ([#68](https://github.com/libris/xl_auth/issues/68))\n\n### v. 0.5.2\n\n-   Add `app_version` property to response from OAuth2 API endpoints\n-   Bug fixes for OAuth2 data model; fully re-created on\n    `flask db upgrade`\n    ([#68](https://github.com/libris/xl_auth/issues/68))\n-   Updated Voyager/SysAdmin data import\n    ([#38](https://github.com/libris/xl_auth/issues/38))\n\n### v. 0.5.1\n\n-   Update `/oauth/verify` API response format\n    ([#68](https://github.com/libris/xl_auth/issues/68))\n-   Fix bug where collections would read the wrong active/inactive state\n    from bibdb.libris.kb.se\n\n### v. 0.5.0\n\n-   Introduced buggy and limited OAuth2 provider\n    ([#68](https://github.com/libris/xl_auth/issues/68))\n-   Updated Voyager/SysAdmin data import\n    ([#38](https://github.com/libris/xl_auth/issues/38))\n\n### v. 0.4.6\n\n-   Minor traceability improvements\n    ([#78](https://github.com/libris/xl_auth/issues/78))\n\n### v. 0.4.5\n\n-   Bug fixes ([#75](https://github.com/libris/xl_auth/issues/75),\n    [#76](https://github.com/libris/xl_auth/issues/76))\n\n### v. 0.4.4\n\n-   Data import updates\n    ([#44](https://github.com/libris/xl_auth/issues/44))\n-   UI adjustments; irrelevant permissions no longer shown to cataloging\n    admins, using term \\\"sigel\\\" instead of \\\"kod\\\"\n-   Ansible provisioning updated to use Nginx reverse proxy and SSL\n    ([#39](https://github.com/libris/xl_auth/issues/39))\n\n### v. 0.4.3\n\n-   Personalized user icons (Gravatar,\n    [#70](https://github.com/libris/xl_auth/issues/70))\n-   Updated `/about/` page with current version number + links\n    ([#71](https://github.com/libris/xl_auth/issues/71))\n-   Only list permissions on active collections on `/users/profile/`\n    page\n\n### v. 0.4.2\n\n-   UI improvements ([#61](https://github.com/libris/xl_auth/issues/61))\n-   Updated data import\n    ([#38](https://github.com/libris/xl_auth/issues/38))\n\n### v. 0.4.1\n\n-   Event stricter restrictions on non-admin users\n    ([#48](https://github.com/libris/xl_auth/issues/48))\n-   Improved Ansible deployment logic for login.libris.kb.se\n    ([#39](https://github.com/libris/xl_auth/issues/39))\n-   UI and help text improvements\n\n### v. 0.4.0\n\n-   Added `flask import-data` CLI tool for pulling data from legacy\n    systems ([#38](https://github.com/libris/xl_auth/issues/38),\n    [#43](https://github.com/libris/xl_auth/issues/43))\n-   Styling and usability improvements\n    ([#6](https://github.com/libris/xl_auth/issues/6),\n    [#22](https://github.com/libris/xl_auth/issues/22))\n-   Applied restrictions on anonymous users and non-admins\n    ([#48](https://github.com/libris/xl_auth/issues/48))\n-   Added new type of permission, \\\"being the cataloging admin for a\n    collection\\\" ([#40](https://github.com/libris/xl_auth/issues/40))\n-   Support for dev deployment on login.libris.kb.se\n    ([#39](https://github.com/libris/xl_auth/issues/39))\n\n### v. 0.3.0\n\n-   Added the concept of users having permissions on zero or more\n    collections ([#27](https://github.com/libris/xl_auth/issues/27))\n\n### v. 0.2.2\n\n-   Bug fix for uniqueness checks on email addresses and collection\n    codes ([#30](https://github.com/libris/xl_auth/issues/30))\n\n### v. 0.2.1\n\n-   Added localization for Swedish and set it as the default\n    `BABEL_DEFAULT_LOCALE`\n    ([#17](https://github.com/libris/xl_auth/issues/17))\n-   Added support for editing users\n    ([#19](https://github.com/libris/xl_auth/issues/19))\n\n### v. 0.2.0\n\n-   Replaced project template with\n    \u003chttps://github.com/sloria/cookiecutter-flask\u003e\n-   Basic functionality of registering a user by email address and\n    logging in\n-   A simple form of \\\"collections\\\" can be added and edited\n-   Dockerfile added for testing purposes (running Flask in debug mode\n    with a ephemeral SQLite db)\n-   Jenkinsfile (multibranch pipeline) added for\n    testing/linting/building on any code changes\n\n### v. 0.1.0\n\n-   Establishing initial project requirements, with none of the intended\n    functionality in place\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibris%2Fxl_auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flibris%2Fxl_auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibris%2Fxl_auth/lists"}