datasette-indieauth by simonw

87 downloads this week        Star

README source code


PyPI Changelog codecov Tests License

Datasette authentication using IndieAuth.


You can try out the latest version of this plugin at


Install this plugin in the same environment as Datasette.

$ datasette install datasette-indieauth


Ensure you have a website with a domain that supports IndieAuth or RelMeAuth. The easiest way to do that is to add the following HTML to your homepage, linking to your personal GitHub profile:

<link href="" rel="me">
<link rel="authorization_endpoint" href="">

Your GitHub profile needs to link back to your website, to prove that your GitHub account should be a valid identifier for that page.

Now visit /-/indieauth on your Datasette instance to begin the sign-in progress.


When a user signs in using IndieAuth they will be recieve a signed ds_actor cookie identifying them as an actor that looks like this:

    "me": "",
    "display": ""

If the IndieAuth server returned additional "profile" fields those will be merged into the actor. You can visit /-/actor on your Datasette instance to see the full actor you are currently signed in as.

Restricting access with the restrict_access plugin configuration

You can use Datasette's permissions system to control permissions of authenticated users - by default, an authenticated user will be able to perform the same actions as an unauthenticated user.

As a shortcut if you want to lock down access to your instance entirely to just specific users, you can use the restrict_access plugin configuration option like this:

    "plugins": {
        "datasette-indieauth": {
            "restrict_access": ""

This can be a string or a list of user identifiers. It can also be a space separated list, which means you can use it with the datasette publish --plugin-secret configuration option to set permissions as part of a deployment, like this:

datasette publish vercel mydb.db --project my-secret-db \
    --install datasette-indieauth \
    --plugin-secret datasette-indieauth restrict_access


To set up this plugin locally, first checkout the code. Then create a new virtual environment:

cd datasette-indieauth
python3 -mvenv venv
source venv/bin/activate

Or if you are using pipenv:

pipenv shell

Now install the dependencies and tests:

pip install -e '.[test]'

To run the tests: