Skip to content

Datasette authentication using IndieAuth and RelMeAuth

Notifications You must be signed in to change notification settings

simonw/datasette-indieauth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

datasette-indieauth

PyPI Changelog codecov Tests License

Datasette authentication using IndieAuth.

Demo

You can try out the latest version of this plugin at datasette-indieauth-demo.datasette.io

Installation

Install this plugin in the same environment as Datasette.

$ datasette install datasette-indieauth

Usage

Ensure you have a website with a domain that supports IndieAuth or RelMeAuth. The easiest way to do that is to add the following HTML to your homepage, linking to your personal GitHub profile:

<link href="https://github.com/simonw" rel="me">
<link rel="authorization_endpoint" href="https://indieauth.com/auth">

Your GitHub profile needs to link back to your website, to prove that your GitHub account should be a valid identifier for that page.

Now visit /-/indieauth on your Datasette instance to begin the sign-in progress.

Actor

When a user signs in using IndieAuth they will be recieve a signed ds_actor cookie identifying them as an actor that looks like this:

{
    "me": "https://simonwillison.net/",
    "display": "simonwillison.net"
}

If the IndieAuth server returned additional "profile" fields those will be merged into the actor. You can visit /-/actor on your Datasette instance to see the full actor you are currently signed in as.

Restricting access with the restrict_access plugin configuration

You can use Datasette's permissions system to control permissions of authenticated users - by default, an authenticated user will be able to perform the same actions as an unauthenticated user.

As a shortcut if you want to lock down access to your instance entirely to just specific users, you can use the restrict_access plugin configuration option like this:

{
    "plugins": {
        "datasette-indieauth": {
            "restrict_access": "https://simonwillison.net/"
        }
    }
}

This can be a string or a list of user identifiers. It can also be a space separated list, which means you can use it with the datasette publish --plugin-secret configuration option to set permissions as part of a deployment, like this:

datasette publish vercel mydb.db --project my-secret-db \
    --install datasette-indieauth \
    --plugin-secret datasette-indieauth restrict_access https://simonwillison.net/

Development

To set up this plugin locally, first checkout the code. Then create a new virtual environment:

cd datasette-indieauth
python3 -mvenv venv
source venv/bin/activate

Or if you are using pipenv:

pipenv shell

Now install the dependencies and tests:

pip install -e '.[test]'

To run the tests:

pytest