Kratos External Idp Integrator
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/edge | 299 | 24 Sep 2025 | |
| istio/edge | 273 | 13 Jan 2025 | |
| 0.3/edge | 295 | 01 Aug 2025 | |
| 0.2/stable | 192 | 26 Jun 2024 | |
| 0.2/edge | 192 | 01 May 2024 | |
| 0.1/edge | 182 | 15 Sep 2023 |
juju deploy kratos-external-idp-integrator --channel edge
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
charms.kratos_external_idp_integrator.v1.kratos_external_provider
-
- Last updated 01 Aug 2025
- Revision Library version 1.0
Interface library for Kratos external OIDC providers.
This library wraps relation endpoints using the kratos-external-idp interface
and provides a Python API for both requesting Kratos to register the client credentials
and for communicating with an external provider.
Getting Started
To get started using the library, you need to fetch the library using charmcraft.
cd some-charm
charmcraft fetch-lib charms.kratos_external_idp_integrator.v1.kratos_external_provider
To use the library from the provider side (KratosExternalIdpIntegrator):
In the metadata.yaml of the charm, add the following:
provides:
kratos-external-idp:
interface: external_provider
limit: 1
Then, to initialize the library:
from charms.kratos_external_idp_integrator.v1.kratos_external_provider import (
ExternalIdpProvider,
)
from ops.model import BlockedStatus
class SomeCharm(CharmBase):
def __init__(self, *args):
# ...
self.external_idp_provider = ExternalIdpProvider(self, self.config)
self.framework.observe(self.on.config_changed, self._on_config_changed)
self.framework.observe(self.external_idp_provider.on.ready, self._on_ready)
self.framework.observe(
self.external_idp_provider.on.redirect_uri_changed, self._on_redirect_uri_changed
)
def _on_config_changed(self, event):
# ...
providers = self.external_idp_provider.validate_provider_config([self.config])
if not providers:
self.unit.status = BlockedStatus("Invalid configuration")
# ...
def _on_redirect_uri_changed(self, event):
logger.info(f"The client's redirect_uri changed to {event.redirect_uri}")
def _on_ready(self, event):
if not isinstance(self.unit.status, BlockedStatus):
self.external_idp_provider.create_providers(providers)
To use the library from the requirer side (Kratos):
In the metadata.yaml of the charm, add the following:
requires:
kratos-external-idp:
interface: external_provider
Then, to initialize the library:
from charms.kratos_external_idp_integrator.v1.kratos_external_provider import (
ExternalIdpRequirer
)
class KratosCharm(CharmBase):
def __init__(self, *args):
# ...
self.external_idp_requirer = ExternalIdpRequirer(self)
self.framework.observe(
self.external_idp_provider.on.client_config_changed, self._on_client_config_changed
)
def _on_client_config_changed(self, event):
self._configure(event)
self.external_provider.update_registered_provider(
providers,
event.relation_id,
)
Index
def
dump_secret(
v: SecretStr,
_: SerializerFunctionWrapHandler
)
class BaseProvider
Methods
BaseProvider. validate_provider( cls , v: str )
BaseProvider. serialize_scope( self , v )
BaseProvider. deserialize_scope( cls , v )
BaseProvider. deserialize_mapper_url( self )
BaseProvider. deserialize_id( self )
BaseProvider. deserialize_label( self )
class GenericProvider
Methods
GenericProvider. deserialize_id( self )
class SocialProvider
class GithubProvider
Methods
GithubProvider. deserialize_scope( cls , v )
class MicrosoftProvider
Methods
MicrosoftProvider. deserialize_id( self )
class AppleProvider
class Providers
Methods
Providers. __iter__( self )
Providers. __getitem__( self , idx: int )
Providers. __len__( self )
class RequirerProvider
class RequirerProviders
Methods
RequirerProviders. __iter__( self )
RequirerProviders. __getitem__( self , idx: int )
RequirerProviders. __len__( self )
class RelationReadyEvent
Description
Event to notify the charm that the relation is ready. None
Methods
RelationReadyEvent. snapshot( self )
Description
Save event. None
RelationReadyEvent. restore( self , snapshot: dict )
Description
Restore event. None
class RedirectURIChangedEvent
Description
Event to notify the charm that the redirect_uri changed. None
Methods
RedirectURIChangedEvent. __init__( self , handle: Handle , redirect_uri: str )
RedirectURIChangedEvent. snapshot( self )
Description
Save redirect_uri. None
RedirectURIChangedEvent. restore( self , snapshot: dict )
Description
Restore redirect_uri. None
class ExternalIdpProviderEvents
Description
Event descriptor for events raised by ExternalIdpProvider. None
class ExternalIdpProvider
Description
Forward client configurations to Identity Broker. None
Methods
ExternalIdpProvider. __init__( self , charm: CharmBase , relation_name: str )
ExternalIdpProvider. is_ready( self )
Description
Checks if the relation is ready. None
ExternalIdpProvider. create_providers( self , providers: Providers )
ExternalIdpProvider. remove_provider( self )
ExternalIdpProvider. get_redirect_uri( self , relation_id )
Description
Get the kratos client's redirect_uri. None
ExternalIdpProvider. validate_provider_config( configurations )
Description
Validate the OIDC provider configuration. None
class ClientConfigChangedEvent
Description
Event to notify the charm that a provider's client config changed. None
Methods
ClientConfigChangedEvent. __init__( self , handle: Handle , provider: Provider )
ClientConfigChangedEvent. snapshot( self )
Description
Save event. None
ClientConfigChangedEvent. restore( self , snapshot: dict )
Description
Restore event. None
class ClientConfigRemovedEvent
Description
Event to notify the charm that a provider's client config was removed. None
Methods
ClientConfigRemovedEvent. __init__( self , handle: Handle , relation_id: str )
ClientConfigRemovedEvent. snapshot( self )
Description
Save event. None
ClientConfigRemovedEvent. restore( self , snapshot: dict )
Description
Restore event. None
class ExternalIdpRequirerEvents
Description
Event descriptor for events raised by ExternalIdpRequirerEvents. None
class ExternalIdpRequirer
Description
Receive the External Idp configurations for Kratos. None
Methods
ExternalIdpRequirer. __init__( self , charm: CharmBase , relation_name: str )
ExternalIdpRequirer. relations( self )
ExternalIdpRequirer. update_registered_provider( self , providers: RequirerProviders , relation_id: int )
ExternalIdpRequirer. remove_registered_provider( self , relation_id: int )
ExternalIdpRequirer. get_providers_from_relation( self , relation: Relation )
ExternalIdpRequirer. get_providers( self )