Extension of the authenctication backend of the mozilla-django-oidc package, with extra validation.
Project description
amsterdam-django-oidc
This package contains an authentication backend for Django.
It is currently based on the authentication backend provided by Mozilla through the mozilla-django-oidc package.
The Mozilla package however does not validate the iss, aud and exp claims of the access token and always calls
the userinfo endpoint on the identity provider. Unfortunately that is not adequate for the use case within the
landscape of applications of the city of Amsterdam. Hence, the reason for this solution.
Instead of calling the userinfo endpoint, it will validate the aforementioned claims.
Install
The package can be installed using your favorite package manager for python. For example using uv:
uv add amsterdam-django-oidc
Or using pip:
pip install amsterdam-django-oidc
Usage
Add the backend to the setting AUTHENTICATION_BACKENDS:
# settings.py
AUTHENTICATION_BACKENDS = [
# ...
"amsterdam_django_oidc.OIDCAuthenticationBackend",
]
There are also a few settings required in addition to those of the Mozilla package:
| Name | Type | Description |
|---|---|---|
| OIDC_OP_ISSUER | str | The allowed issuer, the value of the iss claim in the access token must match the value of this setting |
| OIDC_TRUSTED_AUDIENCES | list[str] | Audiences that we trust, at least one of the values of the aud claim must match one the values of this setting |
| OIDC_VERIFY_AUDIENCE | bool | Controls wether or not to verify the aud claim, default: True |
Development
In order to facilitate further development of this package a containerized setup is provided.
Building the container images
docker compose build
Running development tools
It's recommended to start a container and use the shell inside the container:
docker compose run --rm amsterdam-django-oidc bash
Once you see the shell it's possible to run commands like:
uv run ruff check
uv run mypy .
uv run pytest
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file amsterdam_django_oidc-0.2.4.tar.gz.
File metadata
- Download URL: amsterdam_django_oidc-0.2.4.tar.gz
- Upload date:
- Size: 3.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2ec34a5f8d3a16b07f3205653edf3bc186d83e811a5434b0e7727f9c97d890f3
|
|
| MD5 |
bdeddf5bd53734b82f80e295f0d55c87
|
|
| BLAKE2b-256 |
6ef7d6cbc400ba9316b06f84b78ec25baba8fa6aaf2c906aeb170da78f7eafce
|
File details
Details for the file amsterdam_django_oidc-0.2.4-py3-none-any.whl.
File metadata
- Download URL: amsterdam_django_oidc-0.2.4-py3-none-any.whl
- Upload date:
- Size: 4.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
367c9197b36d930491c39b87a93e089f3baab5d89a5d907f1b6646481115f68f
|
|
| MD5 |
081c56dc4ed62ed7e94d14aa1baa62a4
|
|
| BLAKE2b-256 |
a74299a1e3cc0edc924ccd46af2a6aa8ada5455a2828ff9dbcd5156fcc8f2a5f
|
