I'm trying to get my Pyramid application to use a Keycloak
authentication server. Keycloak supports OAuth2 with OpenID Connect. I
don't need authorization: just authenticating the user and retrieving
their roles and metadata and maybe the refresh feature. I've looked
through several Oauth2, OpenID,
https://github.com/requests/requests-oauthlib
> On May 17, 2019, at 14:26, Mike Orr wrote:
>
> I'm trying to get my Pyramid application to use a Keycloak
> authentication server. Keycloak supports OAuth2 with OpenID Connect. I
> don't need authorization: just authenticating the user and retrievi
I have a project that I've been meaning to Open Source. I'll try to make
time tomorrow to repackage it... it's called pyramid_oauthlib_lowlevel and
is a VERY LOWLEVEL integration tool for oauthlib against Pyramid, it was
somewhat inspired by flask-oauthlib and there are example oauth1 and oauth
mike-
if you haven't figured it out yet, hopefully my examples can help:
https://github.com/jvanasco/pyramid_oauthlib_lowlevel
i've been meaning to release this for a while now, thanks for giving me a
reason to.
in the tests, you can see a full flow of interacting with clients and
servers:
Thanks. This presents the same difficulty as 'pyramid_ouathlib',
figuring out which parts I need. It's like looking through a forest
for the right fern plants. My current authentication code and views is
4 pages long, the linked modules are 32 pages, and 'pyramid-oauthlib',
'ouathlib', and 'request
Thanks for the kind words. This was actually pretty fast to do. I think
it took 2-3 days to build oAuth into our apps and almost everything was
repackaged into this within that same week. This has been sitting in a
private repo for a year or so, because it required some updates to oauthlib
an
On Tue, May 21, 2019 at 4:14 PM Jonathan Vanasco wrote:
>
> Thanks for the kind words. This was actually pretty fast to do. I think it
> took 2-3 days to build oAuth into our apps and almost everything was
> repackaged into this within that same week. This has been sitting in a
> private repo
On Tuesday, May 21, 2019 at 8:13:11 PM UTC-4, Mike Orr wrote:
>
>
> I want it to do username/password checking and give me the user
> metadata including the list of roles. Then I can do authorization from
> the roles. By "no authorization" I mean the role/view ACLs would
> remain in Pyramid; I
OK, I got it working enough to authenticate the user and get a
userinfo dict, but it doesn't have the all-important roles
information. I may need to add some scopes; I'm asking the server
admin about that. The original problem was I received an incomplete
authorization URL, '/auth' instead of
'auth
Many of the things you mentioned are specific to Keycloak. I can't answer
those.
I can take a deeper look at the oauth details tomorrow. the following are
things that just popped at me.
On Thursday, May 30, 2019 at 8:57:28 PM UTC-4, Mike Orr wrote:
>
> - What should I do if there's a state mi
On Thu, May 30, 2019 at 6:25 PM Jonathan Vanasco wrote:
>
> Many of the things you mentioned are specific to Keycloak. I can't answer
> those.
>
> I can take a deeper look at the oauth details tomorrow. the following are
> things that just popped at me.
>
> On Thursday, May 30, 2019 at 8:57:28
> But what should I say? If it's not a real human then I can just return
an Internal Server Error, but if it's a person suffering a
malfunctioning server or network then i want to give a polite message.
and what would be the right thing to say?
This is a good question.
State mismatch happens more
On Fri, May 31, 2019 at 9:12 AM Theron Luhn wrote:
>
> > But what should I say? If it's not a real human then I can just return
> an Internal Server Error, but if it's a person suffering a
> malfunctioning server or network then i want to give a polite message.
> and what would be the right thing
To follow up, I got OAuth/Keycloak authentication working with the
following code pattern. The userinfo contains only name/email-related
attributes, not the role attributes and origin directory info I need
to calculate Pyramid pincipals. (Origin directory = where the user is
defined; e.g., an enter
So I can extract the data from my OAuth2 tokens now. My remaining
questions are how to integrate refreshing into a Pyramid application.
First, do I need to? I don't care if the token is refreshed; I'll keep
using the claims stored in the Pyramid session until it expires.But if
I want to contribute
On Friday, June 21, 2019 at 8:43:32 PM UTC-4, Mike Orr wrote:
>
> But if I want to contribute to the enterprise's Single Sign-In, do I need
> to
> tell the server the user is still logged into my application so it
> doesn't expire the SSO account?
That is up to your upstream identity provi
> On Jun 24, 2019, at 15:44, Jonathan Vanasco wrote:
>
>
> On Friday, June 21, 2019 at 8:43:32 PM UTC-4, Mike Orr wrote:
> But if I want to contribute to the enterprise's Single Sign-In, do I need to
> tell the server the user is still logged into my application so it
> doesn't expire the S
17 matches
Mail list logo
