{"id":26711502,"url":"https://github.com/trac-hacks/trac-oidc","last_synced_at":"2025-09-09T14:17:00.904Z","repository":{"id":33918185,"uuid":"37637591","full_name":"trac-hacks/trac-oidc","owner":"trac-hacks","description":"OpenID Connect authentication for Trac","archived":false,"fork":false,"pushed_at":"2015-07-16T23:23:57.000Z","size":256,"stargazers_count":6,"open_issues_count":2,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-08-27T12:14:23.693Z","etag":null,"topics":["trac-plugin"],"latest_commit_sha":null,"homepage":"https://pypi.python.org/pypi/trac-oidc","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trac-hacks.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGES.rst","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-18T04:43:02.000Z","updated_at":"2022-11-16T14:43:29.000Z","dependencies_parsed_at":"2022-09-24T09:34:08.470Z","dependency_job_id":null,"html_url":"https://github.com/trac-hacks/trac-oidc","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/trac-hacks/trac-oidc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trac-hacks%2Ftrac-oidc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trac-hacks%2Ftrac-oidc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trac-hacks%2Ftrac-oidc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trac-hacks%2Ftrac-oidc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trac-hacks","download_url":"https://codeload.github.com/trac-hacks/trac-oidc/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trac-hacks%2Ftrac-oidc/sbom","scorecard":{"id":896366,"data":{"date":"2025-08-11","repo":{"name":"github.com/trac-hacks/trac-oidc","commit":"c276c17bcbb12da4301c4de9c57b980d95c8e190"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-24T13:51:54.009Z","repository_id":33918185,"created_at":"2025-08-24T13:51:54.009Z","updated_at":"2025-08-24T13:51:54.009Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274309208,"owners_count":25261424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["trac-plugin"],"created_at":"2025-03-27T10:28:43.797Z","updated_at":"2025-09-09T14:17:00.853Z","avatar_url":"https://github.com/trac-hacks.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"===================================\nTrac-oidc — OpenID Connect for Trac\n===================================\n\n|version| |trac versions| |build status|\n\n***********\nDescription\n***********\n\nA plugin to support authentication to trac_ using the `OpenID\nConnect`_ protocol.  Currently this probably only works with\nGoogle_\\’s *OpenID Provider*.\n\nThis plugin was written as a partial replacement for the\nTracAuthOpenId_, since Google has (as of mid-June, 2015) `discontinued\nsupport`_ for authentication using *OpenID 2.0*.\nGoogle’s extension_ for mapping *OpenID 2.0* identifiers to *OpenID\nConnect* identifiers is used, so sites which previously used\n``TracAuthOpenId`` for authentication against Google *should* be able\nto switch to using ``trac-oidc`` without losing track of user’s\nsettings and permissions.\n\nThis plugin is tested with trac versions 0.11, 0.12, 1.0, and 1.1.\n\nThe distribution may be downloaded from PyPI_.\nDevelopment takes place at github_.\n\n\n.. _OpenID Connect: http://openid.net/connect/\n.. _trac: http://trac.edgewall.org/\n.. _TracAuthOpenId: https://pypi.python.org/pypi/TracAuthOpenId\n.. _google: https://developers.google.com/identity/protocols/OpenIDConnect\n.. _discontinued support: https://support.google.com/accounts/answer/6206245\n.. _extension:\n   https://developers.google.com/identity/protocols/OpenID2Migration#map-identifiers\n.. _pypi: https://pypi.python.org/pypi/trac-oidc\n.. _github: http://github.com/trac-hacks/trac-oidc/.\n\n*****\nUsage\n*****\n\nObtain OAuth 2.0 Credentials\n============================\n\nYou must obtain *OAuth 2.0 credentials* from Google before you can\nuse this plugin.\n\n1. Go to the `Google Developers Console`_.\n\n.. _google developers console: https://console.developers.google.com/\n\n2. Select a project, or create a new one.\n\n3. In the sidebar on the left, expand **APIs \u0026 auth**.\n   Next, click **APIs**.\n   Select the **Enabled APIs** link in the API section to see a list\n   of all your enabled APIs.\n\n4. *Optional, but recommended*:\n   Make sure that the **Google+ API** is on the list of enabled APIs.\n   If you have not enabled it, select the API from the list of APIs,\n   then select the Enable API button for the API.  (The Google+ API is\n   used to retrieve the user’s real name on initial sign in.)\n\n5. In the sidebar on the left, select **Credentials**.\n\n6. If you haven't done so already, create your project's\n   OAuth 2.0 credentials by clicking **Create new Client ID**,\n   and providing the information needed to create the credentials.\n\n7. The *redirect URI* used by this plugin is the base url for your trac\n   followed by ``/trac_oidc/redirect``. I.e. if the top of your trac\n   is at ``http://example.org/mytrac``, then the *redirect URI* will\n   be ``http://example.org/mytrac/trac_oidc/redirect``.  If your trac\n   is available under multiple hostnames, or under both ``http:``\n   and ``https:`` schemes, then you may need to configure multiple\n   *redirect URI*\\s.\n\n8. When all looks copacetic, click the **Download JSON** button (on\n   the **Credentials** page) to download a JSON file containing the\n   required client secrets.  Save this file to somewhere where trac\n   can read it.  By default, the plugin looks for this file under the\n   name ``client_secret.json`` in the ``conf`` subdirectory of the\n   trac environment, however this can be configured.  (Since the file\n   contains sensitive information, consider setting the file\n   permissions so that not just anybody can read it.)\n\n\nInstall the Plugin\n==================\n\nThe plugin is available from PyPI_, so it may be installed,\ne.g., using pip_::\n\n      pip install trac-oidc\n\n.. _pip: https://pip.pypa.io/en/stable/\n\nConfiguration\n=============\n\nIn your ``trac.ini``::\n\n  [components]\n\n  # You must enable the trac_oidc plugin\n  trac_oidc.* = enabled\n\n  # Optional: You probably want to disable the stock login module\n  trac.web.auth.loginmodule = disabled\n\n  [trac_oidc]\n\n  # Optional: Specify the path to the client secrets JSON file.\n  # The default is ``client_secret.json``.  Relative paths are\n  # interpreted relative to the ``conf`` subdirectory of the trac\n  # environment (i.e. alongside ``trac.ini``.)\n  client_secret_file = /path/to/client_secret.json\n\n  [openid]\n\n  # Optional: This only matters if you would like to migrate\n  # users created by the TracAuthOpenId_ plugin to this one.\n  # In that case, the OpenID realm must be set to the same value\n  # that was used by TracAuthOpenId (where it is called the *trust root*)\n  # for the identity URLs to be comparable.\n  #\n  # If this is set, then the OpenID realm will include just the hostname,\n  # otherwise the realm will include the full base path of the trac.\n  # E.g. if you trac is is ``http://example.org:8080/mytrac``, then the realm\n  # will be ``http://example.org:8080/`` if ``absolute_trust_root`` is set\n  # and ``http://example.org:8080/mytrac`` if ``absolute_trust_root`` is\n  # not set.\n  #\n  # The default is ``true``.\n  #\n  absolute_trust_root = false\n\n*****************************\nMigration from TracAuthOpenId\n*****************************\n\nIf you used **only** Google as the authentication provider with\nTracAuthOpenId_, then you should be able to disable\n``TracAuthOpenId``, configure and enable ``trac-oidc``, and things\n*should* just work — users should keep their sessions (i.e. they will\nretain their settings and permissions.)\n\n.. note::\n\n   Make sure not to change the setting of ``absolute_trust_root`` from\n   whatever you were using with ``TracAuthOpenId``.\n\nIf you were using multiple authentication providers with ``TracAuthOpenId``,\nit should be possible to run both ``TracAuthOpenId`` (with Google disabled),\nand ``trac-oidc`` together.  I have not tried this, however, and some tuning\nwill probably be required.\n\n*****\nTo Do\n*****\n\nPossible improvements.\n\nGeneralize to work with more providers\n======================================\n\nThough, currently, only authentication via Google’s OP is supported,\nit should be straightforward to generalize the plugin to work with other\n*OpenID Connect* providers, and other authentication services based on\n*OAuth 2.0* (e.g. Twitter, Facebook.)\n\n\nIntegrate with AccountManagerPlugin\n===================================\n\nI’m not sure exactly what’s involved, but it would be nice if the\nAccountManagerPlugin_ could be used to administer associations between\nOIDC subject identifiers and authenticated sessions, etc.\n\n.. _AccountManagerPlugin: https://trac-hacks.org/wiki/AccountManagerPlugin\n\n*******\nAuthors\n*******\n\n`Jeff Dairiki`_\n\n.. _Jeff Dairiki: mailto:dairiki@dairiki.org\n\n.. |version| image::\n    https://img.shields.io/pypi/v/trac-oidc.svg\n    :target: https://pypi.python.org/pypi/trac-oidc/\n    :alt: Latest Version\n.. |build status| image::\n    https://travis-ci.org/trac-hacks/trac-oidc.svg?branch=master\n    :target: https://travis-ci.org/trac-hacks/trac-oidc\n.. |trac versions| image::\n   https://img.shields.io/badge/trac-0.11%2C%200.12%2C%201.0%2C%201.1-blue.svg\n   :target: http://trac.edgewall.org/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrac-hacks%2Ftrac-oidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrac-hacks%2Ftrac-oidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrac-hacks%2Ftrac-oidc/lists"}