-
-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement: OIDC Security Backend #878
Comments
So, after looking into Open to people who want to pick this up - this issue though is going to be closed here. fyi @infohash if you want to publish you own lib. |
any OIDC supportin coming in 2.0 ? the starlite-oidc is also abandoned right? |
While there is no planned date for OIDC extension of starlite 2.0, I have prepared a requirement to create an OIDC extension which will wrap The problem I am facing is even though
Both have its own problems and complexity with maintainability of code (and security if I port The reason I no longer want to use You can also try using |
thats sounds bad , how other async frameworks doing with this? did they write their own connector? Gonna look around. |
I stumble upon this : https://github.com/revensky/psion what do you think? |
also this one , looks maintained : https://github.com/kroketio/quart-keycloak could this be adapted? |
I think FastAPI does have a custom third party OIDC extension and there is also a well maintained and fully compliant authlib for Python but with BSD license for open source projects and a commercial license for industrial projects. The problem with writing a security lib like this is if it is not certified or at least not fully compliant with the OIDC spec, its adoption rate in the industrial projects will be very slow and if you are not a security expert, maintaining its security will be hard so I stick to writing wrappers. |
Thank you very much for well researched reply
Dual license, sucks. |
Have you checked oauthlib ? |
oauthlib is a legacy version of authlib. |
how about https://github.com/frankie567/httpx-oauth ? |
@infohash lepture/authlib#475 the author saids that allows to use BSD License on Closed Source Projects (can choose any) . His license only seems to apply to the cases where the developer uses a closed source OAuth Provider (like Auth0) . |
For corporates any license condition that requires a conversation is going to block usage. “Why is starlite being blocked by the package manager?” “Oh, one of its dependencies is on a dual license. You need to speak to Steve in Legal to explain what you’re using it for and get agreement that your use case matches this guy’s vague statement on a GitHub issue” “Yeah… I’ll just use something else.” |
Its seems that BlackSheep's OIDC looks like the best fit for starlite as @Goldziher suggested . |
As we discussed in #794 - we would like to have an OIDC integration as an optional component in
starlite.contrib.oidc
. This will have to rely onpyoidc
, which while problematic is the only fully fledged OIDC implementation in python and also has a usable license.Our implementation should support all the flows supported by
pyoidc
with an easy to use abstraction layer. For reference: https://darutk.medium.com/diagrams-of-all-the-openid-connect-flows-6968e3990660The text was updated successfully, but these errors were encountered: