/oidc-rp-python

Used for implementing OIDC with the UW IdP

Primary LanguagePython

Python OIDC with UW IdP

This project implements the OIDC Certified RP Python module pyoidc for server based Python Flask applications using Flask-pyoidc.

Setup - Running Locally Docker

  1. Choose a domain that you will use, it should look like this and be also registered with the IdP as a redirect URL ... http://[your domain]/redirect_uri.
  2. Add 127.0.0.1 [your domain] to /etc/hosts
  3. Copy .env-tmp to .env and add real values making sure SERVER_NAME matches [your domain].
  4. docker build -t oidc-python:latest .
  5. docker run --env-file .env -p 80:8000 oidc-python
  6. Open http://[your domain]

Setup - Running in Minikube

  1. Install and start minikube, make sure your context is minikube kubectl config current-context

  2. Tell minikube to use your local docker eval $(minikube docker-env)

  3. Build the image docker build -t oidc-python:latest .

  4. Create a kubernetes secret.

    echo "actual client id" > OIDC_CLIENT
echo "actual client secret" > OIDC_SECRET
echo "actual flask session key" > SECRET_KEY
kubectl create secret generic oidc-python --from-file=./OIDC_SECRET --from-file=./OIDC_CLIENT --from-file=./SECRET_KEY

  5. Create a service.yml and deployment.yml using /examples/kubernetes

  6. Apply the yml kubectl apply -f ./examples/kubernetes/

  7. Make a request to /, you should not get a 404 curl $(minikube service oidc-python --url)

  8. You can also load this in the browser by getting the url minikube service oidc-python --url and then add to your /etc/hosts file that url:port like [url:port] [your domain].

Setup - Running in Kubernetes

  1. Configure docker to use gcloud gcloud auth configure-docker

  2. Tag and push

    docker build -t gcr.io/uwit-mci-iam/oidc-python:1.0.0 .
docker push gcr.io/uwit-mci-iam/oidc-python:1.0.0

  3. Use deployment and service located at https://github.com/UWIT-IAM/gcp-k8/tree/master/dev/oidc-python