Metadata-Version: 2.4
Name: mlflow-oidc-auth
Version: 6.6.2
Summary: OIDC auth plugin for MLflow
Maintainer-email: Alexander Kharkevich <alex@kharkevich.org>
License-Expression: Apache-2.0
Project-URL: homepage, https://github.com/mlflow-oidc/mlflow-oidc-auth
Project-URL: issues, https://github.com/mlflow-oidc/mlflow-oidc-auth/issues
Project-URL: documentation, https://github.com/mlflow-oidc/mlflow-oidc-auth/tree/main/docs/
Project-URL: repository, https://github.com/mlflow-oidc/mlflow-oidc-auth
Keywords: mlflow,oauth2,oidc
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: End Users/Desktop
Classifier: Intended Audience :: Science/Research
Classifier: Intended Audience :: Information Technology
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3.10
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: mlflow<4,>=3.8.1
Requires-Dist: python-dotenv<2
Requires-Dist: requests<3,>=2.31.0
Requires-Dist: sqlalchemy<3,>=1.4.0
Requires-Dist: flask<4
Requires-Dist: gunicorn<24; platform_system != "Windows"
Requires-Dist: alembic!=1.10.0,<2
Requires-Dist: authlib<2
Requires-Dist: uvicorn>=0.20.0
Requires-Dist: fastapi>=0.100.0
Requires-Dist: asgiref>=3.0.0
Requires-Dist: httpx>=0.28.1
Provides-Extra: dev
Requires-Dist: black<26,>=24.8.0; extra == "dev"
Requires-Dist: pytest<9,>=8.3.2; extra == "dev"
Requires-Dist: pre-commit<5; extra == "dev"
Requires-Dist: autoflake<2; extra == "dev"
Provides-Extra: test
Requires-Dist: pytest<9,>=8.3.2; extra == "test"
Requires-Dist: pytest-cov<6,>=5.0.0; extra == "test"
Requires-Dist: pytest-asyncio<2; extra == "test"
Requires-Dist: httpx<1,>=0.28.1; extra == "test"
Provides-Extra: aws
Requires-Dist: boto3>=1.42.26; extra == "aws"
Provides-Extra: azure
Requires-Dist: azure-identity>=1.25.1; extra == "azure"
Requires-Dist: azure-keyvault-secrets>=4.10.0; extra == "azure"
Provides-Extra: vault
Requires-Dist: hvac>=2.4.0; extra == "vault"
Provides-Extra: cloud
Requires-Dist: boto3>=1.42.26; extra == "cloud"
Requires-Dist: azure-identity>=1.25.1; extra == "cloud"
Requires-Dist: azure-keyvault-secrets>=4.10.0; extra == "cloud"
Requires-Dist: hvac>=2.4.0; extra == "cloud"
Dynamic: license-file

# mlflow-oidc-auth
[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![PyPI Downloads](https://static.pepy.tech/badge/mlflow-oidc-auth/month)](https://pepy.tech/projects/mlflow-oidc-auth)
[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/mlflow-oidc/mlflow-oidc-auth)

MLflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider.

This plugin allows you to use OIDC for user management in MLflow, enabling single sign-on (SSO) capabilities and centralized user management.

### Features
- OIDC-based authentication for MLflow UI and API
- User management through OIDC provider
- User-level access control
- Group-based access control
- Permissions management based on regular expressions (allows or denies access to specific MLflow resources based on regular expressions and assigns permissions to users or groups)
- Support for session, JWT, and basic authentication methods
- Compatible with mlflow-client (basic auth)

### Documentation

For detailed documentation, please refer to the [docs](https://mlflow-oidc.github.io/mlflow-oidc-auth/). AI generated documentation is available at [DeepWiki](https://deepwiki.com/mlflow-oidc/mlflow-oidc-auth).

## Quick Start

To get the full version (with entire MLflow and all dependencies), run:
```bash
python3 -m venv venv
source venv/bin/activate
python3 -m pip install mlflow-oidc-auth[full]
mlflow server --app-name oidc-auth --host 0.0.0.0 --port 8080
```

## Webhook secret encryption key 🔐

Webhook secrets are stored encrypted in the database using a Fernet key. If you plan to use MLflow webhooks with secrets, set the encryption key in the environment variable `MLFLOW_WEBHOOK_SECRET_ENCRYPTION_KEY` before creating any webhooks. Generate a key with:

```bash
MLFLOW_WEBHOOK_SECRET_ENCRYPTION_KEY=$(python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())")
export MLFLOW_WEBHOOK_SECRET_ENCRYPTION_KEY
```

Important: keep this key stable across application restarts and replicas. If the key is lost or changed after webhooks are created, previously stored secrets cannot be decrypted and will cause webhook listing to fail until you restore the original key or remove/rotate the affected webhook secrets.


## Development

For development quick start, please refer to the [Development and Contribution](docs/development.md) section.

## License

Apache 2 Licensed. For more information, please see [LICENSE](https://github.com/mlflow-oidc/mlflow-oidc-auth?tab=Apache-2.0-1-ov-file).

### Based on MLflow basic-auth plugin
https://github.com/mlflow/mlflow/tree/master/mlflow/server/auth
