Skip to main content

A middleware and a set of handlers to handle Code Grant authentication with Cognito

Project description

AWS Cognito code grant for Django Rest Framework

This package implements an authentication backend and a set of handlers that enable your application to use code grant authentication with AWS Cognito.

The package has been developed by STITCH (https://www.stitchdesignlab.com/)

The documentation for this project is a work-in-progress and is pretty much bare bones. Do not hesitate to contact us, or open an issue or PR for contribution.

Links

Code grant

Code grant is an OAuth 2.0 flow that allows one to use Cognito as a data store and authentication backend for users, while maintaining an updating replica of User and Group information in your applications database. This way, the application gains the possibility to add custom business logic for users, while the user data is still stored and managed centrally through Cognito.

This is especially useful when you are implementing multiple API backends for a platform that consist of multiple applications that need to operate on a shared userbase.

See the link above for a detailed explanation of the standard.

Installation

You can install this package from pip: pip install cognito_code_grant

Usage

The implementation consists of an authentication backend, a login handler, and a logout handler. To use the backend, simply specify it in your Django Settings:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'cognito_code_grant.authentication.CognitoAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        ...
    )

To use the handlers, include them in your URLs using a helper function:

from cognito_code_grant.views import include_auth_urls

urlpatterns = [
    path('auth/', include_auth_urls()),
    ...
]

Additionally, you will need to set the following settings to point to your instance of Cognito:

AUTH_COGNITO_CLIENT_ID = # your client ID
AUTH_COGNITO_CODE_GRANT_URL = # your token endpoint (https://AUTH_DOMAIN/oauth2/token)
AUTH_COGNITO_JWKS_URL = # the url for your JWKs (https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json.)

Development

To run tests, you need to point Django to local test settings, and run the migrations (it will use an sqllite db in a temp folder).

export DJANGO_SETTINGS_MODULE=tests.settings
python -m django migrate
python -m django test

On a merge to master, CICD will automatically create a patch version bump, and deploy to pypi. Minor/Major realeases need to be handled manually by the maintainers.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cognito_code_grant-1.0.30.tar.gz (7.1 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page