Kinto authentication backend for Portier
License: Other
Kinto is a minimalist JSON storage service with synchronisation and sharing abilities.
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
I'm trying to use kinto-portier along a Kinto instance.
version: "3"
services:
cache:
image: library/memcached
db:
image: postgres:9.6-alpine
restart: unless-stopped
env_file: .env
volumes:
- ./pgdata:/var/lib/postgresql/data
web:
build: .
depends_on:
- db
- cache
ports:
- 8888:8888
volumes:
- ./config:/etc/kinto
volumes:
pgdata:FROM kinto/kinto-server
RUN pip3 install --user kinto-portier[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = %(http_port)s
[app:main]
use = egg:kinto
kinto.readonly = false
kinto.batch_max_requests = 25
kinto.paginate_by = 100
# Experimental JSON-schema on collection
# kinto.experimental_collection_schema_validation = false
#
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#activating-the-permissions-endpoint
# kinto.experimental_permissions_endpoint = false
# kinto.trailing_slash_redirect_enabled = true
# kinto.heartbeat_timeout_seconds = 10
# Plugins
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#plugins
# https://github.com/uralbash/awesome-pyramid
kinto.includes = kinto.plugins.default_bucket
kinto.plugins.admin
kinto_portier
# Backends
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#storage
#
kinto.storage_backend = kinto.core.storage.postgresql
kinto.storage_url = postgres://postgres:postgres@db/postgres
# kinto.storage_max_fetch_size = 10000
# kinto.storage_pool_size = 25
# kinto.storage_max_overflow = 5
# kinto.storage_pool_recycle = -1
# kinto.storage_pool_timeout = 30
# kinto.storage_max_backlog = -1
# Cache
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#cache
#
kinto.cache_backend = kinto.core.cache.memory
kinto.cache_url =
# kinto.cache_prefix =
# kinto.cache_max_size_bytes = 524288
# kinto.cache_pool_size = 25
# kinto.cache_max_overflow = 5
# kinto.cache_pool_recycle = -1
# kinto.cache_pool_timeout = 30
# kinto.cache_max_backlog = -1
# kinto.cache_backend = kinto.core.cache.memcached
# kinto.cache_hosts = 127.0.0.1:11211
# Permissions.
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#permissions
#
kinto.permission_backend = kinto.core.permission.memory
kinto.permission_url =
# kinto.permission_pool_size = 25
# kinto.permission_max_overflow = 5
# kinto.permission_pool_recycle = 1
# kinto.permission_pool_timeout = 30
# kinto.permission_max_backlog - 1
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#bypass-permissions-with-configuration
# kinto.bucket_create_principals = system.Authenticated
# Authentication
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#authentication
#
kinto.userid_hmac_secret = dacfdf5fd86c5a9ef41f5d571b3923e6e471f98443b8561a76ca983b49cdc357
# Kinto-portier authentication
# https://github.com/Kinto/kinto-portier
# Set `multiauth.policies` to `portier`
multiauth.policies = portier
multiauth.policy.portier.use = kinto_portier.authentication.PortierOAuthAuthenticationPolicy
kinto.portier.broker_url = https://broker.portier.io
kinto.portier.webapp.authorized_domains = localhost:8888
localhost:3000
*.allo-media.net
*.github.io
# kinto.portier.cache_ttl_seconds = 300
# kinto.portier.state.ttl_seconds = 3600
# Accounts API configuration
# https://kinto.readthedocs.io//en/stable/api/1.x/accounts.html
; multiauth.policies = account
; multiauth.policy.account.use = kinto.plugins.accounts.authentication.AccountsAuthenticationPolicy
# Allow anyone to create accounts.
# kinto.account_create_principals = system.Everyone
# Set user 'account:admin' as the administrator.
# kinto.account_write_principals = account:admin
# kinto.account_read_principals = account:admin
# Notifications
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#notifications
#
# Configuration example:
# kinto.event_listeners = redis
# kinto.event_listeners.redis.use = kinto_redis.listeners
# kinto.event_listeners.redis.url = redis://localhost:6379/0
# kinto.event_listeners.redis.pool_size = 5
# kinto.event_listeners.redis.listname = queue
# kinto.event_listeners.redis.actions = create
# kinto.event_listeners.redis.resources = bucket collection
# Production settings
#
# https://kinto.readthedocs.io/en/latest/configuration/production.html
# kinto.http_scheme = https
# kinto.http_host = kinto.services.mozilla.com
# Cross Origin Requests
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#cross-origin-requests-cors
#
# kinto.cors_origins = *
# Backoff indicators/end of service
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#backoff-indicators
# https://kinto.readthedocs.io/en/latest/api/1.x/backoff.html#id1
#
# kinto.backoff =
# kinto.backoff_percentage =
# kinto.retry_after_seconds = 3
# kinto.eos =
# kinto.eos_message =
# kinto.eos_url =
# Project information
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#project-information
#
# kinto.version_json_path = ./version.json
# kinto.error_info_link = https://github.com/kinto/kinto/issues/
# kinto.project_docs = https://kinto.readthedocs.io
# kinto.project_version =
# kinto.version_prefix_redirect_enabled = true
# Application profilling
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#application-profiling
# kinto.profiler_enabled = true
# kinto.profiler_dir = /tmp/profiling
# Client cache headers
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#client-caching
#
# Every bucket objects objects and list
# kinto.bucket_cache_expires_seconds = 3600
#
# Every collection objects and list of every buckets
# kinto.collection_cache_expires_seconds = 3600
#
# Every group objects and list of every buckets
# kinto.group_cache_expires_seconds = 3600
#
# Every records objects and list of every collections
# kinto.record_cache_expires_seconds = 3600
#
# Records in a specific bucket
# kinto.blog_record_cache_expires_seconds = 3600
#
# Records in a specific collection in a specific bucket
# kinto.blog_article_record_cache_expires_seconds = 3600
# Custom ID generator for POST Requests
# https://kinto.readthedocs.io/en/latest/tutorials/custom-id-generator.html#tutorial-id-generator
#
# Default generator
# kinto.bucket_id_generator=kinto.views.NameGenerator
# Custom example
# kinto.collection_id_generator = name_generator.CollectionGenerator
# kinto.group_id_generator = name_generator.GroupGenerator
# kinto.record_id_generator = name_generator.RecordGenerator
# Enabling or disabling endpoints
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#enabling-or-disabling-endpoints
#
# This is a rather confusing setting due to naming conventions used in kinto.core
# For a more in depth explanation, refer to https://github.com/Kinto/kinto/issues/710
# kinto.endpoint_type_resource_name_method_enabled = false
# Where:
# endpoint_type: is either ``collection`` (plural, e.g. ``/buckets``) or ``record`` (single, e.g. ``/buckets/abc``);
# resource_name: is the name of the resource (e.g. ``bucket``, ``group``, ``collection``, ``record``);
# method: is the http method (in lower case) (e.g. ``get``, ``post``, ``put``, ``patch``, ``delete``).
# For example, to disable the POST on the list of buckets and DELETE on single records
# kinto.collection_bucket_post_enabled = false
# kinto.record_record_delete_enabled = false
# [uwsgi]
# wsgi-file = app.wsgi
# enable-threads = true
# socket = /var/run/uwsgi/kinto.sock
# chmod-socket = 666
# processes = 3
# master = true
# module = kinto
# harakiri = 120
# uid = kinto
# gid = kinto
# virtualenv = .venv
# lazy = true
# lazy-apps = true
# single-interpreter = true
# buffer-size = 65535
# post-buffering = 65535
# plugin = python
# Logging and Monitoring
#
# https://kinto.readthedocs.io/en/latest/configuration/settings.html#logging-and-monitoring
# kinto.statsd_backend = kinto.core.statsd
# kinto.statsd_prefix = kinto
# kinto.statsd_url =
# kinto.newrelic_config =
# kinto.newrelic_env = dev
# Logging configuration
[loggers]
keys = root, kinto
[handlers]
keys = console
[formatters]
keys = color
[logger_root]
level = INFO
handlers = console
[logger_kinto]
level = DEBUG
handlers = console
qualname = kinto
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = color
[formatter_color]
class = logging_color_formatter.ColorFormatter
When trying to authenticate in the Kinto admin using portier, I'm redirected to a page with an error message:
The request is invalid, and could not be completed.
Technical description: the client_id must be the origin of the redirect_uri
This indicates an issue with the site you're trying to login to. Contact the site administrator to get the issue resolved.
The URL in question is in this form:
https://broker.portier.io/auth?login_hint=nicolas%40xxx.net&scope=openid+email&nonce=<obfuscated>&response_type=id_token&response_mode=form_post&client_id=None%3A%2F%2FNone&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Fv1%2Fportier%2Fverify
Notice the client_id query string parameter, client_id=None%3A%2F%2FNone, which translates to "None://None" once urldecoded.
What's going on, what did I miss?
Currently, users have to go through the entire authorization flow after the default timeout of 15 minutes. It would be nice to have the ability to extend the timeout by another session_ttl_seconds on each successful verification request.
We have to build the redirect URL and it is not always trivial to do in the form, so in a lot of cases we are actually building a form in javascript before posting it. It would be easier to be able to do a get instead.
Plus it would be closed to the flow kinto-fxa provides.
kinto.http_scheme and kinto.http_hostjwt_token since the token you pass to Kinto isn't actually a JWTThis makes kinto-portier to fail with kinto 7+
Dependabot couldn't authenticate with https://pypi.python.org/simple/.
You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.