Portier authentication support for Kinto

kinto-portier enables authentication in Kinto applications using an email address.

It provides:

• An authentication policy class;
• Integration with Kinto cache backend for token verifications;
• Integration with Kinto for heartbeat view checks;
• Some optional endpoints to perform the OAuth dance (optional).
• Kinto documentation
• Issue tracker

Installation

Install the Python package:

pip install kinto-portier

Include the package in the project configuration:

kinto.includes = kinto_portier

And configure authentication policy using pyramid_multiauth formalism:

multiauth.policies = portier
multiauth.policy.portier.use = kinto_portier.authentication.PortierOAuthAuthenticationPolicy

By default, it will rely on the cache configured in Kinto.

Configuration

Fill those settings with the values obtained during the application registration:

kinto.portier.broker_url = https://broker.portier.io
kinto.portier.webapp.authorized_domains = *.github.io
# kinto.portier.cache_ttl_seconds = 300
# kinto.portier.state.ttl_seconds = 3600

Login flow

OAuth Bearer token

Use the OAuth token with this header:

Authorization: Portier <jwt_token>

notes:	If the token is not valid, this will result in a 401 error response.