Datasette authentication using IndieAuth.
You can try out the latest version of this plugin at datasette-indieauth-demo.datasette.io
Install this plugin in the same environment as Datasette.
$ datasette install datasette-indieauth
Ensure you have a website with a domain that supports IndieAuth or RelMeAuth. The easiest way to do that is to add the following HTML to your homepage, linking to your personal GitHub profile:
<link href="https://github.com/simonw" rel="me">
<link rel="authorization_endpoint" href="https://indieauth.com/auth">
Your GitHub profile needs to link back to your website, to prove that your GitHub account should be a valid identifier for that page.
Now visit /-/indieauth
on your Datasette instance to begin the sign-in progress.
When a user signs in using IndieAuth they will be recieve a signed ds_actor
cookie identifying them as an actor that looks like this:
{
"me": "https://simonwillison.net/",
"display": "simonwillison.net"
}
If the IndieAuth server returned additional "profile"
fields those will be merged into the actor. You can visit /-/actor
on your Datasette instance to see the full actor you are currently signed in as.
You can use Datasette's permissions system to control permissions of authenticated users - by default, an authenticated user will be able to perform the same actions as an unauthenticated user.
As a shortcut if you want to lock down access to your instance entirely to just specific users, you can use the restrict_access
plugin configuration option like this:
{
"plugins": {
"datasette-indieauth": {
"restrict_access": "https://simonwillison.net/"
}
}
}
This can be a string or a list of user identifiers. It can also be a space separated list, which means you can use it with the datasette publish --plugin-secret
configuration option to set permissions as part of a deployment, like this:
datasette publish vercel mydb.db --project my-secret-db \
--install datasette-indieauth \
--plugin-secret datasette-indieauth restrict_access https://simonwillison.net/
To set up this plugin locally, first checkout the code. Then create a new virtual environment:
cd datasette-indieauth
python3 -mvenv venv
source venv/bin/activate
Or if you are using pipenv
:
pipenv shell
Now install the dependencies and tests:
pip install -e '.[test]'
To run the tests:
pytest