Python OIDC with UW IdP
This project implements the OIDC Certified RP Python module pyoidc
for server based Python Flask applications using Flask-pyoidc
.
Setup - Running Locally Docker
- Choose a domain that you will use, it should look like this and be also registered with the IdP as a redirect URL ...
http://[your domain]/redirect_uri
. - Add
127.0.0.1 [your domain]
to/etc/hosts
- Copy
.env-tmp
to.env
and add real values making sureSERVER_NAME
matches[your domain]
. docker build -t oidc-python:latest .
docker run --env-file .env -p 80:8000 oidc-python
- Open
http://[your domain]
Setup - Running in Minikube
-
Install and start minikube, make sure your context is minikube
kubectl config current-context
-
Tell minikube to use your local docker
eval $(minikube docker-env)
-
Build the image
docker build -t oidc-python:latest .
-
Create a kubernetes secret.
echo "actual client id" > OIDC_CLIENT echo "actual client secret" > OIDC_SECRET echo "actual flask session key" > SECRET_KEY kubectl create secret generic oidc-python --from-file=./OIDC_SECRET --from-file=./OIDC_CLIENT --from-file=./SECRET_KEY
-
Create a service.yml and deployment.yml using
/examples/kubernetes
-
Apply the yml
kubectl apply -f ./examples/kubernetes/
-
Make a request to
/
, you should not get a 404curl $(minikube service oidc-python --url)
-
You can also load this in the browser by getting the url
minikube service oidc-python --url
and then add to your/etc/hosts
file that url:port like[url:port] [your domain]
.
Setup - Running in Kubernetes
-
Configure docker to use gcloud
gcloud auth configure-docker
-
Tag and push
docker build -t gcr.io/uwit-mci-iam/oidc-python:1.0.0 . docker push gcr.io/uwit-mci-iam/oidc-python:1.0.0
-
Use deployment and service located at https://github.com/UWIT-IAM/gcp-k8/tree/master/dev/oidc-python