Skip to main content

Library for allowing the use of AWS Cognito security in Django projects

Project description

Django Cognito Authentication

The intent of this library is to provide a package that supports Django and allows an easy implementation for replacing the default Django authentication with an AWS Cognito based authentication.

This is a fork of Alex Plants great work with the original django-cognito.

Install

pip install django-cognito-redux

Usage

Need to fill this out more...

Pass in the Access Token and ID Token using headers ACCESSTOKEN and IDTOKEN respectively. Also pass in the refresh token using using REFRESHTOKEN.

AWS Credentials

This library uses boto3 which follows a specific path for determining what credentials to use. Definitely recommend reading their Configuring Credentials section.

The mechanism in which boto3 looks for credentials is to search through a list of possible locations and stop as soon as it finds credentials. The order in which Boto3 searches for credentials is:

1. Passing credentials as parameters in the boto.client() method
2. Passing credentials as parameters when creating a Session object
3. Environment variables (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_DEFAULT_REGION`, `AWS_PROFILE`)
4. Shared credential file (~/.aws/credentials)
5. AWS config file (~/.aws/config)
6. Assume Role provider
7. Boto2 config file (/etc/boto.cfg and ~/.boto)
8. Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

It is recommended to not pass in arguments with you instantiate a new session or client. Instead use IAM roles for production, and local configuration files locally.

As an example I generally have a profile setup in my ~/.aws/credentials, and a default region set for that profile in ~/.aws/config. From there I set AWS_PROFILE=profilename as an environment variable so my app knows what to use. This allows for easy local development as well as being able to use IAM roles in production, and not having to set a lot of environment variables.

Recommendations

It is recommended to use a custom user model to set what you need on the model instead of retrofitting existin user model if possible.

Settings

COGNITO_USER_MODEL_FIELD_REF_FIELD

Field on your user model you want to use to reference for lookups.

COGNITO_USER_MODEL_FIELD_REF_FIELD = 'sub'

COGNITO_TOKEN_REF_FIELD

Field on from the cognito user you want to save as reference to your model

COGNITO_TOKEN_REF_FIELD = 'sub'

More Examples

COGNITO_TOKEN_REF_FIELD = 'sub'
COGNITO_USER_MODEL_FIELD_REF_FIELD = 'sub'

# Is equivilent to 

User.objects.get(sub='sub')
COGNITO_TOKEN_REF_FIELD = 'username'
COGNITO_USER_MODEL_FIELD_REF_FIELD = 'email'

# Is equivilent to 

User.objects.get(username='email')

COGNITO_USER_FIELD_MAPPING

The keys of the dictionary map to user fields, and values map to data pulled from the id token. This is used to save data to your user model on create.

COGNITO_USER_FIELD_MAPPING = {
    "email": "email",
    "first_name": "custom:first_name",
    "last_name": "custom:last_name",
    "sub": "sub"
}

APP_CLIENT_ID =

The client id of your app client for the user pool

APP_CLIENT_ID = 'xxxxxxxxxxxxxxxxxxxxxxxxxx'

APP_SECRET_KEY

The secret key for your user pool client

COGNITO_POOL_ID

The userpool id

COGNITO_POOL_ID = 'us-east-1_xxxxxxxxx'

USE_CSRF

USE_CSRF = False

HTTP_ONLY_COOKIE

HTTP_ONLY_COOKIE = False

SECURE_COOKIE

SECURE_COOKIE = False

AUTO_CREATE_USER

Create a user if tokens validate if the user doesn't exist.

AUTO_CREATE_USER = True

Changelog

1.4.0

  • Change token validation to validate ID Tokens and Access Tokens
  • Add settings for mapping attributes from the ID Token to the user model
  • Change token use to be an ID Token instead of Access Token
  • Added more Docs
  • Cover race condition where someone might call backend more than once before user is created

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-cognito-redux-1.4.0.tar.gz (13.3 kB view details)

Uploaded Source

Built Distribution

django_cognito_redux-1.4.0-py3-none-any.whl (17.8 kB view details)

Uploaded Python 3

File details

Details for the file django-cognito-redux-1.4.0.tar.gz.

File metadata

  • Download URL: django-cognito-redux-1.4.0.tar.gz
  • Upload date:
  • Size: 13.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.37.0 CPython/3.7.4

File hashes

Hashes for django-cognito-redux-1.4.0.tar.gz
Algorithm Hash digest
SHA256 c86b3cc5e84433462a2ae58b7d524c5c7870019aebb2b0f83609da1493d66071
MD5 3f78a50dffd4ebc31c8e0bd1cabd0109
BLAKE2b-256 b3fef487a3bac4dd108be625e1da4137f9296fd3b2a37b09a4b4a7055746f35b

See more details on using hashes here.

File details

Details for the file django_cognito_redux-1.4.0-py3-none-any.whl.

File metadata

  • Download URL: django_cognito_redux-1.4.0-py3-none-any.whl
  • Upload date:
  • Size: 17.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.37.0 CPython/3.7.4

File hashes

Hashes for django_cognito_redux-1.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 43fd71c3140596a5ee2154f498abbca2c812ced7015ae1b8c66b21af525e2741
MD5 ebb3ec12b06ff75153dda233efbbea5c
BLAKE2b-256 65c3046d0775c829236f12c64c96b348deeb597b263901d465b6c271296e6edf

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page