Authenticate to Django with JSON Web Tokens (JWTs) signed by Cloudflare Access
Project description
Authenticate to Django with JSON Web Tokens (JWTs) signed by Cloudflare Access. A Django reimplementation of https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/validating-json/#python-example
To run the demo, export these environment variables
ALLOWEDFLARE_ACCESS_URL
https://your-organization.cloudflareaccess.comALLOWEDFLARE_AUDIENCE
64-character hexidecimal stringALLOWEDFLARE_PRIVATE_DOMAIN
your-domain.tld
Then run
docker-compose up
Configure Cloudflare Tunnel public hostname demodj.your-domain.tld to http://localhost:8001 or equivalent.
TODO
- Better login page
- Django REST Framework (DRF) support
- Grant users view permission to all models
- (Re-) authenticating proxy for different-domain front-ends, like https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/cors/#send-authentication-token-with-cloudflare-worker but
- Setting username so it can be logged by gunicorn
- Rewriting origin redirects
- Setting the XmlHttpRequest(?) header to avoid redirects to the sign-in page
- Will the original CF_Authorization cookie need to be copied, similar to X-Forwarded-For?
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
allowedflare-2023.47.0.tar.gz
(4.1 kB
view hashes)
Built Distribution
Close
Hashes for allowedflare-2023.47.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ab9add6304bb69c5a0a2c0ff04202b160d42669f3e43329dc1821c8ff6185d5a |
|
MD5 | 35c53962f74fb88c987fb5b3284207ef |
|
BLAKE2b-256 | af4a992064547c7e6b5f46b4cde9d5e175b0d13e77cf65072d9668a0c662eb89 |