Authenticate to Django with JSON Web Tokens (JWTs) signed by Cloudflare Access
Project description
Authenticate to Django with JSON Web Tokens (JWTs) signed by Cloudflare Access. A Django reimplementation of https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/validating-json/#python-example
To run the demo, set the following environment variables:
export ALLOWEDFLARE_ACCESS_URL=https://your-organization.cloudflareaccess.com
export ALLOWEDFLARE_AUDIENCE=64-character hexidecimal string
export ALLOWEDFLARE_PRIVATE_DOMAIN=your-domain.tld
Then run
docker compose up
Configure Cloudflare Tunnel public hostname demodj.your-domain.tld to http://localhost:8001 or equivalent.
TODO
- Django REST Framework (DRF) support
- Same-origin (re-)authenticating proxy
- Like https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/cors/#send-authentication-token-with-cloudflare-worker
- Setting username so it can be logged by gunicorn
- Rewriting origin redirects
- Setting the XmlHttpRequest(?) header to avoid redirects to the sign-in page
- Will the original CF_Authorization cookie need to be copied, similar to X-Forwarded-For?
- Unit tests
- Example configuration using Helicopyter
- End-to-end tests
Open Questions
- Should Allowedflare provide a subclass of RemoteUserMiddleware to automatically login each request?
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
allowedflare-2024.10.2.tar.gz
(5.8 kB
view hashes)
Built Distribution
Close
Hashes for allowedflare-2024.10.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1bdd04f913e656066fa3b4a6b133f471624838acd27f32d159eb7129c4c58900 |
|
MD5 | 7875a9ff0aedb0b74db327f0e30b5c20 |
|
BLAKE2b-256 | 2499e3d63eb26ff4ede209e2999383383d3a79f3fd863f346a3d544a3fb126d4 |