No project description provided
Project description
django-cognito-saml
Library to implement django authentication using cognito (via pyjwt).
Assumptions made:
- Using
authorization code
flow. Implicit grant is insecure as the access token is transferred over in the request parameters without encryption.
Settings
Setting | Description |
---|---|
COGNITO_ENDPOINT | Either the hosted domain or custom domain for your cognito app |
COGNITO_CLIENT_ID | CLIENT_ID of your application in your user pool |
COGNITO_CLIENT_SECRET | CLIENT_SECRET of your application in your user pool |
COGNITO_JWKS_URI | The JWKS URI of your user pool. Used to verify the JWT. |
COGNITO_REDIRECT_URI | OPTIONAL It is possible to share one cognito app with multiple websites via a proxy. |
COGNITO_RESPONSE_HOOK | OPTIONAL Post authentication hook to modify the response (perhaps to add headers). Specify it as a django import_string. |
Installation
- Add the above settings to your settings.
COGNITO_ENDPOINT = "..."
COGNITO_CLIENT_ID = "..."
COGNITO_CLIENT_SECRET = "..."
COGNITO_JWKS_URI = "..."
COGNITO_REDIRECT_URI = "..."
COGNITO_RESPONSE_HOOK = ""
- Define your authentication backend. Subclass off
django_cognito_saml.backends.CognitoUserBackend
. A custom backend is where you add users to groups and / or do something custom. Setcreate_unknown_user = False
if we want only pre-created users to be used.
class CustomCognitoBackend(CognitoUserBackend):
# Change this to False if you do not want to create a remote user.
create_unknown_user = True
def authenticate( # type: ignore[override]
self, request: HttpRequest, cognito_jwt: dict[str, Any], **kwargs: Any
) -> Optional[AbstractBaseUser]:
# Customizing the username field used to create the user
remote_user = cognito_jwt["username"]
user = super().authenticate(request, remote_user=remote_user, **kwargs)
return user
def configure_user( # type: ignore[override]
self, request: HttpRequest, user: AbstractBaseUser, created: bool = True
) -> AbstractBaseUser:
# Configuring the user post login
if created:
user.name = self.cognito_jwt["name"]
user.save()
return user
- Add
CustomCognitoBackend
to your authentication backends. Alternatively; If you wish to modify the authentication logic (ie: Adding permissions)<>
AUTHENTICATION_BACKENDS = (
...
"apps.backends.CustomCognitoBackend",
...
)
- Add the cognito saml urls to your
urls.py
urls = [
...
path("/", include("django_cognito_saml.urls")),
]
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for django_cognito_saml-0.1.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 14a2a75185f5d5d5baf2deba9747361600bcb87940b34be1b2f127c512d2d598 |
|
MD5 | efad13e0b27aef18a79691325c83f30a |
|
BLAKE2b-256 | 67648e3389eb964f097b96846c1f79cc606341d467ceaa18889fe261c34fad1f |
Close
Hashes for django_cognito_saml-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9fc03bcdf71e01f1da3473e8db1aac768fe9928f8280f8308c3f5a25113bc2b0 |
|
MD5 | ae473f3421acc30f45fdb98e3e20dc07 |
|
BLAKE2b-256 | 095bb7bd2e21c9876d6939d2ba10b2d938a8ea6468cc47f582871610e200b8f9 |