Authenticate to Django with JSON Web Tokens (JWTs) signed by Cloudflare Access
Project description
Authenticate to Django with JSON Web Tokens (JWTs) signed by Cloudflare Access. A Django reimplementation of https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/validating-json/#python-example
To run the demo, set the following environment variables:
export ALLOWEDFLARE_ACCESS_URL=https://your-organization.cloudflareaccess.com
export ALLOWEDFLARE_AUDIENCE=64-character hexidecimal string
export ALLOWEDFLARE_PRIVATE_DOMAIN=your-domain.tld
Then run
docker compose up
Configure Cloudflare Tunnel public hostname demodj.your-domain.tld to http://localhost:8001 or equivalent.
TODO
- Same-origin (re-)authenticating proxy
- Like https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/cors/#send-authentication-token-with-cloudflare-worker
- Setting username so it can be logged by gunicorn
- Rewriting origin redirects
- Setting the XmlHttpRequest(?) header to avoid redirects to the sign-in page
- Will the original CF_Authorization cookie need to be copied, similar to X-Forwarded-For?
- Unit tests
- Example configuration using Helicopyter
- End-to-end tests
Open Questions
- Do existing projects like https://django-rest-framework-simplejwt.readthedocs.io/en/latest/index.html already provide this functionality?
- Should Allowedflare provide a subclass of RemoteUserMiddleware to automatically login each request?
- Are there Free/Libre/Open Source alternatives to Cloudflare Access and Okta that I can run end-to-end tests against?
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
allowedflare-2024.10.3.tar.gz
(6.0 kB
view hashes)
Built Distribution
Close
Hashes for allowedflare-2024.10.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 042c33e1e39be6ad5044b52ad1c2f2e09e5dfbad9dbdd7acfeafde7277aa591b |
|
MD5 | 2eec4b643ebfb80d484ec455aff773aa |
|
BLAKE2b-256 | 7684a68575ecded1d75c6145499e5a57b6569bad2119fcef41c9a1aabbd7db91 |