Authenticate to Django with JSON Web Tokens (JWTs) signed by Cloudflare Access
Project description
Authenticate to Django with JSON Web Tokens (JWTs) signed by Cloudflare Access. A Django reimplementation of https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/validating-json/#python-example
To run the demo, export these environment variables
ALLOWEDFLARE_ACCESS_URL
https://your-organization.cloudflareaccess.comALLOWEDFLARE_AUDIENCE
64-character hexidecimal stringALLOWEDFLARE_PRIVATE_DOMAIN
your-domain.tld
Then run
docker-compose up
Configure Cloudflare Tunnel public hostname demodj.your-domain.tld to http://localhost:8001 or equivalent.
TODO
- Better login page
- Django REST Framework (DRF) support
- Grant users view permission to all models
- (Re-) authenticating proxy for different-domain front-ends, like https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/cors/#send-authentication-token-with-cloudflare-worker but
- Setting username so it can be logged by gunicorn
- Rewriting origin redirects
- Setting the XmlHttpRequest(?) header to avoid redirects to the sign-in page
- Will the original CF_Authorization cookie need to be copied, similar to X-Forwarded-For?
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
allowedflare-2024.9.0.tar.gz
(4.3 kB
view hashes)
Built Distribution
Close
Hashes for allowedflare-2024.9.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9c73135428fef6276118864e16d5847b9413317e693fa1dcac0403c80ca00925 |
|
MD5 | a467d984c3949c972b7fde42d062f90f |
|
BLAKE2b-256 | fa0e9bd183fad5b46deeb782a824a3a26e662fbf396462a6e680b2cc748dde00 |