Project description

django-cognito-saml

Library to implement django authentication using cognito (via pyjwt).

Assumptions made:

Using authorization code flow. Implicit grant is insecure as the access token is transferred over in the request parameters without encryption.

Settings

Setting	Description
COGNITO_ENDPOINT	Either the hosted domain or custom domain for your cognito app
COGNITO_CLIENT_ID	CLIENT_ID of your application in your user pool
COGNITO_CLIENT_SECRET	CLIENT_SECRET of your application in your user pool
COGNITO_JWKS_URI	The JWKS URI of your user pool. Used to verify the JWT.
COGNITO_REDIRECT_URI	OPTIONAL It is possible to share one cognito app with multiple websites via a proxy.
COGNITO_RESPONSE_HOOK	OPTIONAL Post authentication hook to modify the response (perhaps to add headers). Specify it as a django import_string.

Installation

Add the above settings to your settings.

COGNITO_ENDPOINT = "..."
COGNITO_CLIENT_ID = "..."
COGNITO_CLIENT_SECRET = "..."
COGNITO_JWKS_URI = "..."
COGNITO_REDIRECT_URI = "..."
COGNITO_RESPONSE_HOOK = ""

Define your authentication backend. Subclass off django_cognito_saml.backends.CognitoUserBackend. A custom backend is where you add users to groups and / or do something custom. Set create_unknown_user = False if we want only pre-created users to be used.

class CustomCognitoBackend(CognitoUserBackend):
    # Change this to False if you do not want to create a remote user.
    create_unknown_user = True

    def authenticate(  # type: ignore[override]
        self, request: HttpRequest, cognito_jwt: dict[str, Any], **kwargs: Any
    ) -> Optional[AbstractBaseUser]:
        # Customizing the username field used to create the user
        remote_user = cognito_jwt["username"]
        user = super().authenticate(request, remote_user=remote_user, **kwargs)
        return user

    def configure_user(  # type: ignore[override]
        self, request: HttpRequest, user: AbstractBaseUser, created: bool = True
    ) -> AbstractBaseUser:
        # Configuring the user post login
        if created:
            user.name = self.cognito_jwt["name"]
            user.save()
        return user

Add CustomCognitoBackend to your authentication backends. Alternatively; If you wish to modify the authentication logic (ie: Adding permissions)<>

AUTHENTICATION_BACKENDS = (
    ...
    "apps.backends.CustomCognitoBackend",
    ...
)

Add the cognito saml urls to your urls.py

urls = [
    ...
    path("/", include("django_cognito_saml.urls")),
]

Project details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

0.1.6

Mar 14, 2023

0.1.5

Mar 14, 2023

0.1.4

Mar 14, 2023

0.1.3

Mar 14, 2023

0.1.2

Mar 10, 2023

This version

0.1.1

Mar 10, 2023

0.1.0

Mar 10, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_cognito_saml-0.1.1.tar.gz (7.1 kB view hashes)

Uploaded Mar 10, 2023 Source

Built Distribution

django_cognito_saml-0.1.1-py3-none-any.whl (9.5 kB view hashes)

Uploaded Mar 10, 2023 Python 3

Hashes for django_cognito_saml-0.1.1.tar.gz

Hashes for django_cognito_saml-0.1.1.tar.gz
Algorithm	Hash digest
SHA256	`14a2a75185f5d5d5baf2deba9747361600bcb87940b34be1b2f127c512d2d598`
MD5	`efad13e0b27aef18a79691325c83f30a`
BLAKE2b-256	`67648e3389eb964f097b96846c1f79cc606341d467ceaa18889fe261c34fad1f`

Hashes for django_cognito_saml-0.1.1-py3-none-any.whl

Hashes for django_cognito_saml-0.1.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`9fc03bcdf71e01f1da3473e8db1aac768fe9928f8280f8308c3f5a25113bc2b0`
MD5	`ae473f3421acc30f45fdb98e3e20dc07`
BLAKE2b-256	`095bb7bd2e21c9876d6939d2ba10b2d938a8ea6468cc47f582871610e200b8f9`