repos: 195087137
This data as json
| id | node_id | name | full_name | private | owner | html_url | description | fork | created_at | updated_at | pushed_at | homepage | size | stargazers_count | watchers_count | language | has_issues | has_projects | has_downloads | has_wiki | has_pages | forks_count | archived | disabled | open_issues_count | license | topics | forks | open_issues | watchers | default_branch | permissions | temp_clone_token | organization | network_count | subscribers_count | readme | readme_html | allow_forking | visibility | is_template | template_repository | web_commit_signoff_required | has_discussions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 195087137 | MDEwOlJlcG9zaXRvcnkxOTUwODcxMzc= | datasette-auth-github | simonw/datasette-auth-github | 0 | 9599 | https://github.com/simonw/datasette-auth-github | Datasette plugin that authenticates users against GitHub | 0 | 2019-07-03T16:02:53Z | 2021-06-03T11:42:54Z | 2021-02-25T06:40:17Z | https://datasette-auth-github-demo.datasette.io/ | 119 | 34 | 34 | Python | 1 | 1 | 1 | 1 | 0 | 4 | 0 | 0 | 3 | apache-2.0 | ["asgi", "datasette", "datasette-plugin", "datasette-io"] | 4 | 3 | 34 | main | {"admin": false, "push": false, "pull": false} | 4 | 1 | # datasette-auth-github [](https://pypi.org/project/datasette-auth-github/) [](https://github.com/simonw/datasette-auth-github/releases) [](https://github.com/simonw/datasette-auth-github/actions?query=workflow%3ATest) [](https://github.com/simonw/datasette-auth-github/blob/main/LICENSE) Datasette plugin that authenticates users against GitHub. <!-- toc --> - [Setup instructions](#setup-instructions) - [The authenticated actor](#the-authenticated-actor) - [Restricting access to specific users](#restricting-access-to-specific-users) - [Restricting access to specific GitHub organizations or teams](#restricting-access-to-specific-github-organizations-or-teams) - [What to do if a user is removed from an organization or team](#what-to-do-if-a-user-is-removed-from-an-organization-or-team) <!-- tocstop --> ## Setup instructions * Install the plugin: `datasette install datasette-auth-github` * Create a GitHub OAuth app: https://github.com/settings/applications/new * Set the Authorization callback URL to `http://127.0.0.1:8001/-/github-auth-callback` * Create a `metadata.json` file with the following structure: ```json { "title": "datasette-auth-github demo", "plugins": { "datasette-auth-github": { "client_id": {"$env": "GITHUB_CLIENT_ID"}, "client_secret": {"$env": "GITHUB_CLIENT_SECRET"} } } } ``` Now you can start Datasette like this, passing in the secrets as environment variables: $ GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=YYY datasette \ fixtures.db -m metadata.json Note that hard-coding secrets in `metadata.json` is a bad idea as they will be visible to anyone who can navigate to `/-/metadata`. Instead, we use Datasette's mechanism for [adding secret plugin configuration options](https://docs.datasette.io/en/stable/plugins.html#secret-configuration-values). By default anonymous users will still be able to interact with Datasette. If you wish all users to have to sign in with a GitHub account first, add this to your ``metadata.json``: ```json { "allow": { "id": "*" }, "plugins": { "datasette-auth-github": { "...": "..." } } } ``` ## The authenticated actor Visit `/-/actor` when signed in to see the shape of the authenticated actor. It should look something like this: ```json { "actor": { "display": "simonw", "gh_id": "9599", "gh_name": "Simon Willison", "gh_login": "simonw", "gh_email": "...", "gh_orgs": [ "dogsheep", "datasette-project" ], "gh_teams": [ "dogsheep/test" ] } } ``` The `gh_orgs` and `gh_teams` properties will only be present if you used `load_teams` or `load_orgs`, documented below. ## Restricting access to specific users You can use Datasette's [permissions mechanism](https://docs.datasette.io/en/stable/authentication.html) to specify which user or users are allowed to access your instance. Here's how to restrict access to just GitHub user `simonw`: ```json { "allow": { "gh_login": "simonw" }, "plugins": { "datasette-auth-github": { "...": "..." } } } ``` This `"allow"` block can be positioned at the database, table or query level instead: see [Configuring permissions in metadata.json](https://docs.datasette.io/en/stable/authentication.html#configuring-permissions-in-metadata-json) for details. Note that GitHub allows users to change their username, and it is possible for other people to claim old usernames. If you are concerned that your users may change their usernames you can key the allow blocks against GitHub user IDs instead, which do not change: ```json { "allow": { "gh_id": "9599" } } ``` ## Restricting access to specific GitHub organizations or teams You can also restrict access to users who are members of a specific GitHub organization. You'll need to configure the plugin to check if the user is a member of that organization when they first sign in. You can do that using the `"load_orgs"` plugin configuration option. Then you can use `"allow": {"gh_orgs": [...]}` to specify which organizations are allowed access. ```json { "plugins": { "datasette-auth-github": { "...": "...", "load_orgs": ["your-organization"] } }, "allow": { "gh_orgs": "your-organization" } } ``` If your organization is [arranged into teams](https://help.github.com/en/articles/organizing-members-into-teams) you can restrict access to a specific team like this: ```json { "plugins": { "datasette-auth-github": { "...": "...", "load_teams": [ "your-organization/staff", "your-organization/engineering", ] } }, "allows": { "gh_team": "your-organization/engineering" } } ``` ## What to do if a user is removed from an organization or team A user's organization and team memberships are checked once, when they first sign in. Those teams and organizations are then persisted in the user's signed `ds_actor` cookie. This means that if a user is removed from an organization or team but still has a Datasette cookie, they will still be able to access that Datasette instance. You can remedy this by rotating the `DATASETTE_SECRET` environment variable any time you make changes to your GitHub organization members. Changing this value will cause all of your existing users to be signed out, by invalidating their cookies. When they sign back in again their new memberships will be recorded in a new cookie. See [Configuring the secret](https://docs.datasette.io/en/stable/settings.html?highlight=secret#configuring-the-secret) in the Datasette documentation for more details. | <div id="readme" class="md" data-path="README.md"><article class="markdown-body entry-content container-lg" itemprop="text"><h1><a id="user-content-datasette-auth-github" class="anchor" aria-hidden="true" href="#user-content-datasette-auth-github"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>datasette-auth-github</h1> <p><a href="https://pypi.org/project/datasette-auth-github/" rel="nofollow"><img src="https://camo.githubusercontent.com/a3e596637d6128f29e3fcfeb8e50ecbe5c7e1c328e94c5d338238fa0f70a2a86/68747470733a2f2f696d672e736869656c64732e696f2f707970692f762f6461746173657474652d617574682d6769746875622e737667" alt="PyPI" data-canonical-src="https://img.shields.io/pypi/v/datasette-auth-github.svg" style="max-width:100%;"></a> <a href="https://github.com/simonw/datasette-auth-github/releases"><img src="https://camo.githubusercontent.com/86aa92461a20542b5de5e6d64b24503b5b58f83bf66a98a86bc33ea443ed93b8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f73696d6f6e772f6461746173657474652d617574682d6769746875623f696e636c7564655f70726572656c6561736573266c6162656c3d6368616e67656c6f67" alt="Changelog" data-canonical-src="https://img.shields.io/github/v/release/simonw/datasette-auth-github?include_prereleases&label=changelog" style="max-width:100%;"></a> <a href="https://github.com/simonw/datasette-auth-github/actions?query=workflow%3ATest"><img src="https://github.com/simonw/datasette-auth-github/workflows/Test/badge.svg" alt="Tests" style="max-width:100%;"></a> <a href="https://github.com/simonw/datasette-auth-github/blob/main/LICENSE"><img src="https://camo.githubusercontent.com/1698104e976c681143eb0841f9675c6f802bb7aa832afc0c7a4e719b1f3cf955/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d417061636865253230322e302d626c75652e737667" alt="License" data-canonical-src="https://img.shields.io/badge/license-Apache%202.0-blue.svg" style="max-width:100%;"></a></p> <p>Datasette plugin that authenticates users against GitHub.</p> <ul> <li><a href="#user-content-setup-instructions">Setup instructions</a></li> <li><a href="#user-content-the-authenticated-actor">The authenticated actor</a></li> <li><a href="#user-content-restricting-access-to-specific-users">Restricting access to specific users</a></li> <li><a href="#user-content-restricting-access-to-specific-github-organizations-or-teams">Restricting access to specific GitHub organizations or teams</a></li> <li><a href="#user-content-what-to-do-if-a-user-is-removed-from-an-organization-or-team">What to do if a user is removed from an organization or team</a></li> </ul> <h2><a id="user-content-setup-instructions" class="anchor" aria-hidden="true" href="#user-content-setup-instructions"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Setup instructions</h2> <ul> <li>Install the plugin: <code>datasette install datasette-auth-github</code></li> <li>Create a GitHub OAuth app: <a href="https://github.com/settings/applications/new">https://github.com/settings/applications/new</a></li> <li>Set the Authorization callback URL to <code>http://127.0.0.1:8001/-/github-auth-callback</code></li> <li>Create a <code>metadata.json</code> file with the following structure:</li> </ul> <div class="highlight highlight-source-json position-relative" data-snippet-clipboard-copy-content="{ "title": "datasette-auth-github demo", "plugins": { "datasette-auth-github": { "client_id": {"$env": "GITHUB_CLIENT_ID"}, "client_secret": {"$env": "GITHUB_CLIENT_SECRET"} } } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>title<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-github demo<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>plugins<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-github<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>client_id<span class="pl-pds">"</span></span>: {<span class="pl-s"><span class="pl-pds">"</span>$env<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>GITHUB_CLIENT_ID<span class="pl-pds">"</span></span>}, <span class="pl-s"><span class="pl-pds">"</span>client_secret<span class="pl-pds">"</span></span>: {<span class="pl-s"><span class="pl-pds">"</span>$env<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>GITHUB_CLIENT_SECRET<span class="pl-pds">"</span></span>} } } }</pre></div> <p>Now you can start Datasette like this, passing in the secrets as environment variables:</p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="$ GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=YYY datasette \ fixtures.db -m metadata.json "><pre><code>$ GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=YYY datasette \ fixtures.db -m metadata.json </code></pre></div> <p>Note that hard-coding secrets in <code>metadata.json</code> is a bad idea as they will be visible to anyone who can navigate to <code>/-/metadata</code>. Instead, we use Datasette's mechanism for <a href="https://docs.datasette.io/en/stable/plugins.html#secret-configuration-values" rel="nofollow">adding secret plugin configuration options</a>.</p> <p>By default anonymous users will still be able to interact with Datasette. If you wish all users to have to sign in with a GitHub account first, add this to your <code>metadata.json</code>:</p> <div class="highlight highlight-source-json position-relative" data-snippet-clipboard-copy-content="{ "allow": { "id": "*" }, "plugins": { "datasette-auth-github": { "...": "..." } } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>allow<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>id<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>*<span class="pl-pds">"</span></span> }, <span class="pl-s"><span class="pl-pds">"</span>plugins<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-github<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span> } } }</pre></div> <h2><a id="user-content-the-authenticated-actor" class="anchor" aria-hidden="true" href="#user-content-the-authenticated-actor"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>The authenticated actor</h2> <p>Visit <code>/-/actor</code> when signed in to see the shape of the authenticated actor. It should look something like this:</p> <div class="highlight highlight-source-json position-relative" data-snippet-clipboard-copy-content="{ "actor": { "display": "simonw", "gh_id": "9599", "gh_name": "Simon Willison", "gh_login": "simonw", "gh_email": "...", "gh_orgs": [ "dogsheep", "datasette-project" ], "gh_teams": [ "dogsheep/test" ] } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>actor<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>display<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>simonw<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>gh_id<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>9599<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>gh_name<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>Simon Willison<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>gh_login<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>simonw<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>gh_email<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>gh_orgs<span class="pl-pds">"</span></span>: [ <span class="pl-s"><span class="pl-pds">"</span>dogsheep<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>datasette-project<span class="pl-pds">"</span></span> ], <span class="pl-s"><span class="pl-pds">"</span>gh_teams<span class="pl-pds">"</span></span>: [ <span class="pl-s"><span class="pl-pds">"</span>dogsheep/test<span class="pl-pds">"</span></span> ] } }</pre></div> <p>The <code>gh_orgs</code> and <code>gh_teams</code> properties will only be present if you used <code>load_teams</code> or <code>load_orgs</code>, documented below.</p> <h2><a id="user-content-restricting-access-to-specific-users" class="anchor" aria-hidden="true" href="#user-content-restricting-access-to-specific-users"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Restricting access to specific users</h2> <p>You can use Datasette's <a href="https://docs.datasette.io/en/stable/authentication.html" rel="nofollow">permissions mechanism</a> to specify which user or users are allowed to access your instance. Here's how to restrict access to just GitHub user <code>simonw</code>:</p> <div class="highlight highlight-source-json position-relative" data-snippet-clipboard-copy-content="{ "allow": { "gh_login": "simonw" }, "plugins": { "datasette-auth-github": { "...": "..." } } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>allow<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>gh_login<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>simonw<span class="pl-pds">"</span></span> }, <span class="pl-s"><span class="pl-pds">"</span>plugins<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-github<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span> } } }</pre></div> <p>This <code>"allow"</code> block can be positioned at the database, table or query level instead: see <a href="https://docs.datasette.io/en/stable/authentication.html#configuring-permissions-in-metadata-json" rel="nofollow">Configuring permissions in metadata.json</a> for details.</p> <p>Note that GitHub allows users to change their username, and it is possible for other people to claim old usernames. If you are concerned that your users may change their usernames you can key the allow blocks against GitHub user IDs instead, which do not change:</p> <div class="highlight highlight-source-json position-relative" data-snippet-clipboard-copy-content="{ "allow": { "gh_id": "9599" } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>allow<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>gh_id<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>9599<span class="pl-pds">"</span></span> } }</pre></div> <h2><a id="user-content-restricting-access-to-specific-github-organizations-or-teams" class="anchor" aria-hidden="true" href="#user-content-restricting-access-to-specific-github-organizations-or-teams"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Restricting access to specific GitHub organizations or teams</h2> <p>You can also restrict access to users who are members of a specific GitHub organization.</p> <p>You'll need to configure the plugin to check if the user is a member of that organization when they first sign in. You can do that using the <code>"load_orgs"</code> plugin configuration option.</p> <p>Then you can use <code>"allow": {"gh_orgs": [...]}</code> to specify which organizations are allowed access.</p> <div class="highlight highlight-source-json position-relative" data-snippet-clipboard-copy-content="{ "plugins": { "datasette-auth-github": { "...": "...", "load_orgs": ["your-organization"] } }, "allow": { "gh_orgs": "your-organization" } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>plugins<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-github<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>load_orgs<span class="pl-pds">"</span></span>: [<span class="pl-s"><span class="pl-pds">"</span>your-organization<span class="pl-pds">"</span></span>] } }, <span class="pl-s"><span class="pl-pds">"</span>allow<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>gh_orgs<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>your-organization<span class="pl-pds">"</span></span> } }</pre></div> <p>If your organization is <a href="https://help.github.com/en/articles/organizing-members-into-teams">arranged into teams</a> you can restrict access to a specific team like this:</p> <div class="highlight highlight-source-json position-relative" data-snippet-clipboard-copy-content="{ "plugins": { "datasette-auth-github": { "...": "...", "load_teams": [ "your-organization/staff", "your-organization/engineering", ] } }, "allows": { "gh_team": "your-organization/engineering" } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>plugins<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-github<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>...<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>load_teams<span class="pl-pds">"</span></span>: [ <span class="pl-s"><span class="pl-pds">"</span>your-organization/staff<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>your-organization/engineering<span class="pl-pds">"</span></span>, ] } }, <span class="pl-s"><span class="pl-pds">"</span>allows<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>gh_team<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>your-organization/engineering<span class="pl-pds">"</span></span> } }</pre></div> <h2><a id="user-content-what-to-do-if-a-user-is-removed-from-an-organization-or-team" class="anchor" aria-hidden="true" href="#user-content-what-to-do-if-a-user-is-removed-from-an-organization-or-team"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>What to do if a user is removed from an organization or team</h2> <p>A user's organization and team memberships are checked once, when they first sign in. Those teams and organizations are then persisted in the user's signed <code>ds_actor</code> cookie.</p> <p>This means that if a user is removed from an organization or team but still has a Datasette cookie, they will still be able to access that Datasette instance.</p> <p>You can remedy this by rotating the <code>DATASETTE_SECRET</code> environment variable any time you make changes to your GitHub organization members.</p> <p>Changing this value will cause all of your existing users to be signed out, by invalidating their cookies. When they sign back in again their new memberships will be recorded in a new cookie.</p> <p>See <a href="https://docs.datasette.io/en/stable/settings.html?highlight=secret#configuring-the-secret" rel="nofollow">Configuring the secret</a> in the Datasette documentation for more details.</p> </article></div> |
Links from other tables
- 25 rows from repo in releases