A Django package for JSON Web Token validation and verification. Using PyJWT.
Project description
Django-JWT
This is a package to verify and validate JSON Web Tokens (JWT) in Django.
Installation
- Install the package using pip:
pip install dj-jwt-auth
- Add "django_jwt" to your INSTALLED_APPS setting like this::
INSTALLED_APPS = [
...
"django_jwt",
]
- Add "django_jwt.middleware.JWTAuthMiddleware" to your MIDDLEWARE setting like this::
MIDDLEWARE = [
...
"django_jwt.middleware.JWTAuthMiddleware",
]
Configuration:
Required variables:
- OIDC_CONFIG_ROUTES - dict of "algorithm": "config_url". Required for using JWTAuthMiddleware. Example:
OIDC_CONFIG_ROUTES = {
"RS256": "https://keyCloak/realms/h/.well-known/openid-configuration",
"HS256": "https://keyCloak/realms/h/.well-known/openid-configuration",
}
Optional variables:
- OIDC_AUDIENCE - by default ["account", "broker"]
User retated variables:
- OIDC_USER_UPDATE - if True, user model will be updated from userinfo endpoint if MODIFIED date has changed, by default True
- OIDC_USER_MODIFIED_FIELD - user model field to store last modified date, by default
modified_timestamp
- OIDC_TOKEN_MODIFIED_FIELD - access token field to store last modified date, by default
updated_at
- OIDC_USER_UID - User model" unique identifier, by default
kc_id
- OIDC_TOKEN_USER_UID - access token field to store user UID, by default
sub
- OIDC_USER_MAPPING - mapping between JWT claims and user model fields. Can be dict or function. By default:
OIDC_USER_MAPPING = {
"given_name": "first_name",
"family_name": "last_name",
"name": "username",
}
OR
def OIDC_USER_MAPPING(userinfo):
return {
"first_name": userinfo.get("given_name"),
"last_name": userinfo.get("family_name"),
"username": userinfo.get("name"),
}
- OIDC_USER_DEFAULTS - default values for user model fields, by default:
OIDC_USER_DEFAULTS = {
"is_active": True,
}
- OIDC_USER_ON_CREATE and OIDC_USER_ON_UPDATE - functions to be called on user creation and update, by default:
OIDC_USER_ON_CREATE = None
OIDC_USER_ON_UPDATE = None
These functions should accept two arguments: user and request.
### Admin panel integration:
To integrate admin panel with OIDC, add OIDC_ADMIN_ISSUER and OIDC_ADMIN_CLIENT_ID to settings.
- OIDC_ADMIN_ISSUER - for admin-panel access through OIDC. By default will be used 'ES256' from OIDC_CONFIG_ROUTES. Example:
OIDC_ADMIN_ISSUER = "https://keyCloak/realms/h/.well-known/openid-configuration"
- OIDC_ADMIN_CLIENT_ID - by default "complete-anatomy"
To mapping roles to admin panel permissions, use OIDC_ADMIN_ROLES. Example:
```python
from django_jwt.roles import ROLE
OIDC_ADMIN_ROLES = [
ROLE(
name="admin", # name from token
is_superuser=True,
),
ROLE(
name="staff",
groups=["LMS (Full)", "Organizations (Full)", "Customer Support (Full)"],
permissions=["Can add user"],
),
]
And add login view to urls.py:
urlpatterns = [
path("admin/", include("django_jwt.urls")),
...
]
Login URL will be available at /admin/oidc/
.
Testing:
Run command python runtests.py
to run tests.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
dj-jwt-auth-1.5.0.tar.gz
(10.0 kB
view hashes)
Built Distribution
Close
Hashes for dj_jwt_auth-1.5.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b223f3c13ac6e865dc204c09208570683d71e1ddb5392662c1e3b494755c8b00 |
|
MD5 | fcbc746d97ebe9a084c5e5ddab3ebe2b |
|
BLAKE2b-256 | 0763960ca4015a3ae575f7e77021d90f2b99cd67cb8bc4045101c25240dfd1c9 |