{"id":16206916,"url":"https://github.com/verdan/flaskoidc","last_synced_at":"2025-04-09T20:13:33.962Z","repository":{"id":41245209,"uuid":"185968367","full_name":"verdan/flaskoidc","owner":"verdan","description":"A wrapper of Flask with pre-configured OIDC support","archived":false,"fork":false,"pushed_at":"2024-12-23T15:54:20.000Z","size":54,"stargazers_count":53,"open_issues_count":8,"forks_count":35,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-04-09T20:13:29.625Z","etag":null,"topics":["flask","flask-oidc","flask-wrapper","oidc"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/verdan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["verdan"],"patreon":"vmahmood"}},"created_at":"2019-05-10T10:23:05.000Z","updated_at":"2025-03-01T16:19:21.000Z","dependencies_parsed_at":"2024-10-25T17:16:14.040Z","dependency_job_id":"63abfd52-ac10-4a00-87b4-6809151525bb","html_url":"https://github.com/verdan/flaskoidc","commit_stats":{"total_commits":57,"total_committers":7,"mean_commits":8.142857142857142,"dds":"0.19298245614035092","last_synced_commit":"9e8fae3f5b62e2420162d9d5bbe7357046f21914"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verdan%2Fflaskoidc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verdan%2Fflaskoidc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verdan%2Fflaskoidc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verdan%2Fflaskoidc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/verdan","download_url":"https://codeload.github.com/verdan/flaskoidc/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248103872,"owners_count":21048245,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flask","flask-oidc","flask-wrapper","oidc"],"created_at":"2024-10-10T10:08:39.519Z","updated_at":"2025-04-09T20:13:33.933Z","avatar_url":"https://github.com/verdan.png","language":"Python","funding_links":["https://github.com/sponsors/verdan","https://patreon.com/vmahmood"],"categories":[],"sub_categories":[],"readme":"# FlaskOIDC\n[![PyPI version](https://badge.fury.io/py/flaskoidc.svg)](https://badge.fury.io/py/flaskoidc)\n[![License](http://img.shields.io/:license-Apache%202-blue.svg)](LICENSE)\n\nThis package relies purely on the `Authlib` package. [Authlib](https://docs.authlib.org/en/latest/)\n\nA wrapper of Flask with pre-configured OIDC support. Ideal for microservices architecture, each request will be authenticated using Flask's `before_request` middleware. \nNecassary endpoints can be whitelisted using an environment variable `FLASK_OIDC_WHITELISTED_ENDPOINTS`. \n\n## Installation:\n```bash\npip3 install flaskoidc\n```\n\n\n## Usage:\n\nAfter simply installing the flaskoidc you can simply use it like below:\n\n```python\nfrom flaskoidc import FlaskOIDC\napp = FlaskOIDC(__name__)\n``` \n\n## Configurations:\n\nPlease make sure to extend your configurations from `BaseConfig` (only if you are sure what you are doing. Recommended way is to use the environment variables for the configuration.)\n\n```python\nfrom flaskoidc import FlaskOIDC\nfrom flaskoidc.config import BaseConfig\n\n# Custom configuration class, a subclass of BaseConfig\nCustomConfig(BaseConfig):\n    DEBUG = True\n\napp = FlaskOIDC(__name__)\napp.config.from_object(CustomConfig)\n\n```\n\nFollowing `ENVIRONMENT VARIABLES` MUST be set to get the OIDC working.\n\n#### FLASK_OIDC_PROVIDER_NAME \n_(default: 'google')_\n\nThe name of the OIDC provider, like `google`, `okta`, `keycloak` etc. I have verified this package only for\ngoogle, okta and keycloak. Please make sure to open a new issue if any of your OIDC provider is not working.\n\n#### FLASK_OIDC_SCOPES \n_(default: 'openid email profile')_\n\nScopes required to make your client works with the OIDC provider, separated by a space. \n\n- OKTA: make sure to add `offline_access` in your scopes in order to get the refresh_token.\n\n#### FLASK_OIDC_USER_ID_FIELD\n_(default: 'email')_\n\nDifferent OIDC providers have different id field for the users. Make sure to adjust this according to what \nyour provider returns in the user profile i.e., `id_token`.\n\n#### FLASK_OIDC_CLIENT_ID\n_(default: '')_\n\nClient ID that you get once you create a new application on your OIDC provider.\n\n#### FLASK_OIDC_CLIENT_SECRET\n_(default: '')_\n\nClient Secret that you get once you create a new application on your OIDC provider.\n\n#### FLASK_OIDC_FORCE_SCHEME\n_(default: 'http')_\n\nCan be used to force a URL scheme when crafting a `redirect_uri` in _'/login'_ route.  Useful when Flask application is behind an ingress doing TLS termination.\n\n#### FLASK_OIDC_REDIRECT_URI\n_(default: '/auth')_\n\nThis is the endpoint that your OIDC provider hits to authenticate against your request. \nThis is what you set as one of your REDIRECT URI in the OIDC provider client's settings.  \n\n#### FLASK_OIDC_CONFIG_URL\n_(default: '')_\n\nTo simplify OIDC implementations and increase flexibility, OpenID Connect allows the use of a \"Discovery document,\" a JSON document found at a well-known location containing key-value pairs which provide details about the OpenID Connect provider's configuration, including the URIs of the authorization, token, revocation, userinfo, and public-keys endpoints.\n\nDiscovery Documents may be retrieved from:\n- `Google`: https://accounts.google.com/.well-known/openid-configuration\n- `OKTA`\n  - https://[YOUR_OKTA_DOMAIN]/.well-known/openid-configuration\n  - https://[YOUR_OKTA_DOMAIN]/oauth2/[AUTH_SERVER_ID]/.well-known/openid-configuration\n- `Auth0`: https://[YOUR_DOMAIN]/.well-known/openid-configuration\n- `Keycloak`: http://[KEYCLOAK_HOST]:[KEYCLOAK_PORT]/auth/realms/[REALM]/.well-known/openid-configuration\n\n\n#### FLASK_OIDC_OVERWRITE_REDIRECT_URI\n_(default: '/')_\nIn some cases you may need to redirect to a different endpoint after a successful login. This environment lets you set that endpoint. By default, this redirects to `/`. \n\n#### FLASK_OIDC_PROVIDER_ADDITIONAL_PARAMETERS_FILE_PATH\n_(default: None)_\n\nThe absolute path to a json file holding key value pairs of additional parameters ro be appended during client \nregistration. This will overwrite any default parameters for a given OIDC provider.\n\n....\n\nA few other environment variables along with their default values are. \n\n```python\n# Flask `SECRET_KEY` config value\nFLASK_OIDC_SECRET_KEY: '!-flask-oidc-secret-key'\n\n# Comma separated string of URLs which should be exposed without authentication, else all request will be authenticated.\nFLASK_OIDC_WHITELISTED_ENDPOINTS: \"status,healthcheck,health\"\n```\n\nYou can also set the config variables specific to [Flask-SQLAlchemy](https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/) using the same key as the environment variables.\n```python\n# Details about this below in the \"Session Management\" section.\nSQLALCHEMY_DATABASE_URI: 'sqlite:///sessions.db'\n```\n\n## Known Issues:\n- Need to make sure it still works with the clients_secrets.json file or via env variables for each endpoint of a custom OIDC provider. \n- You may enter problems when installing cryptography, check its [official document](https://cryptography.io/en/latest/installation/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fverdan%2Fflaskoidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fverdan%2Fflaskoidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fverdan%2Fflaskoidc/lists"}