enpaul/keyosk
1
0
Fork 0
mirror of https://github.com/enpaul/keyosk.git synced 2025-12-19 09:42:34 +00:00
Code Issues Projects Releases Wiki Activity

Overhaul repository with newest bestest practices

Browse Source 
Add typing stub file
Add metadata tests
Add missing dev dependencies
Add merge conflict check pre-commit
Add tox env for py3.9
Update license from MIT to GPL3
Update pyproject with pypi metadata
Update makefile to reduce duplication and add missing targets
Update dependencies to latest versions
Update pre-commit config to piggy back on poetry env
Update pyproject to use poetry-core
Update toxfile to use locked dependencies
Remove unused codeowners file
Remove placeholder test
This commit is contained in:
Ethan Paul
2020-11-26 01:22:13 -05:00
parent 5030db2a84
commit ca891dd1fb
17 changed files with 2073 additions and 784 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
README.md
View File

@@ -1,81 +1,9 @@
<h2 align="center">keyosk</h2>
# keyosk
<p align="center">
<a href="https://jwt.io/"><img alt="jwt compatible" src="https://jwt.io/img/badge-compatible.svg"></a>
<a href="https://black.readthedocs.io/en/stable/"><img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"></a>
</p>
Simple REST-full application to serve as a ready-to-deploy OAuth2 and
OpenID-Connect authentication provider
Keyosk is a RESTful web service that can be used to issue application-agnostic
[JSON Web Tokens](https://jwt.io/introduction/) (JWTs).
In a [microservice based architecture](https://xkcd.com/1988/), each service only
communicates with the other services using the publicly exposed API. This promotes
more consistent and stable APIs as well as more intentionally specialized services.
However, when it comes to authentication this can present a problem: to ensure secure
authentication for a microservice-based application there are only two real options:
* Each service must re-implement an authentication system, leading to duplicated code,
nonstandard interfaces, and the potential for synchronization problems
* The services must have access to a shared resource outside of their publicly
defined APIs, which is kind of against the whole idea of microservice architectures
**Keyosk provides a third option:**
Users can authenticate against Keyosk and be issued a JSON Web Token, which can then
be used to authenticate against other microservices in the application. When a
microservice receives a user-submitted JWT it can verify with the Keyosk server that
the token a) is valid and b) hasn't been tampered with.
The workflow looks something like this:
1. User wants to submit a request to the *ToDo Service*
2. User submits username and password/API key using
[HTTP basic auth](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication)
to Keyosk
3. Keyosk validates the user's credentials and issues a JWT that encodes the users
permissions, then signs the JWT using its private-key.
4. The user takes the JWT issued by Keyosk and submits their request to the
*ToDo Service*
5. The *ToDo Service* queries Keyosk for its public-key and uses the public-key to
verify that the JWT it just received was in fact issued by Keyosk and hasn't been
tampered with.
6. The *ToDo Service* decodes the JWT and is able to read the permissions information
for the user's account directly out of the JWT itself.
The application's accounts are stored in one location, the authentication workflow is
the same for all the application's components, and all the components communicate with
each other over their public API.
To learn more, [read the docs!](docs/)
## building
This project uses [Poetry](https://poetry.eustace.io/) for its build and development
system. Please [install Poetry](https://poetry.eustace.io/docs/#installation) and run
`poetry install` to create and populate the virtual environment.
```bash
# build python wheel and source distributions
make build
# build sphinx documentation in HTML format
make docs
# build sphinx documentation in another format
make docs SPHINX_FORMAT=<some other sphinx format>
```
## developing
This project requires [Poetry](https://python-poetry.org/docs/#installation) version
1.0 or newer.
```bash
# create virtual environment from lockfile
poetry install
# install pre-commit hooks
poetry run pre-commit install
# run the automated tests
poetry run tox
```
[![license](https://img.shields.io/pypi/l/keyosk)](https://opensource.org/licenses/MIT)
[![pypi-version](https://img.shields.io/pypi/v/keyosk)](https://pypi.org/project/tox-poetry-installer/)
[![python-versions](https://img.shields.io/pypi/pyversions/keyosk)](https://www.python.org)
[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)