File: auth.rst

package info (click to toggle)
flower 0.8.3%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 1,636 kB
  • ctags: 447
  • sloc: python: 2,474; makefile: 171
file content (70 lines) | stat: -rw-r--r-- 2,704 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
Authentication
==============

Protecting your Flower instance from unwarranted access is important
if it runs in an untrusted environment. Below, we outline the various
forms of authentication supported by Flower.

.. _basic-auth:

HTTP Basic Authentication
-------------------------

Securing Flower with Basic Authentication is easy.

The `--basic_auth` option accepts `user:password` pairs separated by
semicolons. If configured, any client trying to access this
Flower instance will be prompted to provide the credentials specified in
this argument: ::

    $ celery flower --basic_auth=user1:password1,user2:password2

See also :ref:`reverse-proxy`

.. _google-oauth:

Google OAuth 2.0
----------------

Flower supports Google OAuth 2.0. This way you can authenticate any user
with a Google account. Google OAuth 2.0 authentication is enabled using the
`--auth`, `--oauth2_key`, `--oauth2_secret` and `--oauth2_redirect_uri` options.

`--auth` is a regular expression, for granting access only to the specified email pattern.
`--oauth2_key` and `--oauth2_secret` are your credentials from your `Google Developer Console`_.
`--oauth2_redirect_uri` is there to specify what is the redirect_uri associated to you key and secret

For instance, if you want to grant access to `me@gmail.com` and `you@gmail.com`: ::

    $ celery flower --auth="me@gmail.com|you@gmail.com" --oauth2_key=... --oauth2_secret=... --oauth2_redirect_uri=http://flower.example.com/login

Alternatively you can set environment variables instead of command line arguments: ::

    $ export FLOWER_OAUTH2_KEY=...
    $ export FLOWER_OAUTH2_SECRET=...
    $ export FLOWER_OAUTH2_REDIRECT_URI=http://flower.example.com/login
    $ celery flower --auth=.*@example\.com

.. _Google Developer Console: https://console.developers.google.com

.. _github-oauth:

GitHub OAuth
------------

Flower also supports GitHub OAuth. Flower should be registered in
<https://github.com/settings/applications/new> before getting started.
See `GitHub OAuth API`_ docs for more info.

GitHub OAuth should be activated using `--auth_provider` option.
The client id, secret and redirect uri should be provided using
`--oauth2_key`, `--oauth2_secret` and `--oauth2_redirect_uri` options or using
`FLOWER_OAUTH2_KEY`, `FLOWER_OAUTH2_SECRET` and `FLOWER_OAUTH2_REDIRECT_URI`
environment variables.: ::

    $ export FLOWER_OAUTH2_KEY=7956724aafbf5e1a93ac
    $ export FLOWER_OAUTH2_SECRET=f9155f764b7e466c445931a6e3cc7a42c4ce47be
    $ export FLOWER_OAUTH2_REDIRECT_URI=http://localhost:5555/login
    $ celery flower --auth_provider=flower.views.auth.GithubLoginHandler --auth=.*@example\.com

.. _GitHub OAuth API: https://developer.github.com/v3/oauth/