Custom Microsoft Entra ID Authentication Backend for Django.
Project description
django-epfl-entra-id
Custom Microsoft Entra ID Authentication Backend for Django.
Requirements
- Python 3.6 or later
- Django 1.11, 2.2, 3.2, 4.2 or 5.2
Installation
pip install django-epfl-entra-id
Documentation
Settings
Add mozilla_django_oidc to INSTALLED_APPS:
INSTALLED_APPS = [
...
"django.contrib.auth",
"mozilla_django_oidc", # Load after auth
...
]
Add django_epfl_entra_id authentication backend:
AUTHENTICATION_BACKENDS = ("django_epfl_entra_id.auth.EPFLOIDCAB",)
Register your application in the App Portal and add the OIDC configuration:
TENANT_ID = os.environ["TENANT_ID"]
OIDC_RP_CLIENT_ID = os.environ["OIDC_RP_CLIENT_ID"]
OIDC_RP_CLIENT_SECRET = os.environ["OIDC_RP_CLIENT_SECRET"]
AUTH_DOMAIN = f"https://login.microsoftonline.com/{TENANT_ID}"
OIDC_OP_AUTHORIZATION_ENDPOINT = f"{AUTH_DOMAIN}/oauth2/v2.0/authorize"
OIDC_OP_TOKEN_ENDPOINT = f"{AUTH_DOMAIN}/oauth2/v2.0/token"
OIDC_OP_JWKS_ENDPOINT = f"{AUTH_DOMAIN}/discovery/v2.0/keys"
OIDC_OP_USER_ENDPOINT = "https://graph.microsoft.com/oidc/userinfo"
OIDC_RP_SIGN_ALGO = "RS256"
LOGIN_URL = "/auth/authenticate"
LOGIN_REDIRECT_URL = "/"
LOGOUT_REDIRECT_URL = "/"
Routing
Edit your urls.py and add the following:
urlpatterns = [
...
path("", include("django_epfl_entra_id.urls")),
path("auth/", include("mozilla_django_oidc.urls")),
...
]
Example template:
{% if user.is_authenticated %}
<p>Current user: {{ user.username }}</p>
<form action="{% url 'oidc_logout' %}" method="post">
{% csrf_token %}
<input type="submit" value="logout">
</form>
{% else %}
<a href="{% url 'oidc_authentication_init' %}?next={{ request.path }}">
Login
</a>
{% endif %}
Optional configuration
AUTH_PROFILE_MODULE = "userprofile.UserProfile"
Restrict Authentication by Rights (Authorizations)
By default, any user with a valid EPFL Entra ID account can authenticate. If you want to restrict access only to users possessing specific application rights (claims injected by the EPFL portal), follow these steps:
Configure your app's settings.py
You need to enable the strict rights verification and define where Django should redirect unauthorized users (e.g., to a 403 Forbidden page). Add the following to your settings:
# Enable strict rights verification.
# (You can dynamically load this from your .env file if preferred)
OIDC_REQUIRE_AUTHORIZATIONS = True
# Redirect unauthorized users to the dedicated forbidden view
LOGIN_REDIRECT_URL_FAILURE = "/forbidden"
Note: Ensure that your application rights are properly configured in the EPFL deployment portal (app-portal). Entra ID relies on this configuration to inject the authorizations claim into the user's token.
Logging
Enable these loggers in settings to see logging messages to help you debug:
LOGGING = {
...
"loggers": {
"mozilla_django_oidc": {
"handlers": ["console"],
"level": "DEBUG"
},
"django_epfl_entra_id": {
"handlers": ["console"],
"level": "DEBUG",
},
...
}
Make sure to use the appropriate handler for your app.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_epfl_entra_id-0.0.9.tar.gz.
File metadata
- Download URL: django_epfl_entra_id-0.0.9.tar.gz
- Upload date:
- Size: 12.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ea3b0fe74fe5dcbcfb32f8dc4490de40241f9d654a954afc95623f576e778183
|
|
| MD5 |
3f288eb9794b8763b142d9e2c59d1e55
|
|
| BLAKE2b-256 |
f966c22f4360696111a6016e2fff7e24836ff4d8fb1e107c09a94cc3e4f467dd
|
Provenance
The following attestation bundles were made for django_epfl_entra_id-0.0.9.tar.gz:
Publisher:
release.yml on epfl-si/django-epfl-entra-id
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
django_epfl_entra_id-0.0.9.tar.gz -
Subject digest:
ea3b0fe74fe5dcbcfb32f8dc4490de40241f9d654a954afc95623f576e778183 - Sigstore transparency entry: 2023647345
- Sigstore integration time:
-
Permalink:
epfl-si/django-epfl-entra-id@7dd7ef18bd843726ff63bcdf71d7084e7f95b6a3 -
Branch / Tag:
refs/tags/v0.0.9 - Owner: https://github.com/epfl-si
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@7dd7ef18bd843726ff63bcdf71d7084e7f95b6a3 -
Trigger Event:
push
-
Statement type:
File details
Details for the file django_epfl_entra_id-0.0.9-py3-none-any.whl.
File metadata
- Download URL: django_epfl_entra_id-0.0.9-py3-none-any.whl
- Upload date:
- Size: 14.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2b54d9fedf6ce4d03656744b7871fa39f62ece66655572853bee6e6c63b84a78
|
|
| MD5 |
089c422d6b24035c4d72252a4230eae6
|
|
| BLAKE2b-256 |
ead45011e61787bc76a125d094684feec01eae5f6a02fd6549720db6bc54bfb8
|
Provenance
The following attestation bundles were made for django_epfl_entra_id-0.0.9-py3-none-any.whl:
Publisher:
release.yml on epfl-si/django-epfl-entra-id
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
django_epfl_entra_id-0.0.9-py3-none-any.whl -
Subject digest:
2b54d9fedf6ce4d03656744b7871fa39f62ece66655572853bee6e6c63b84a78 - Sigstore transparency entry: 2023647580
- Sigstore integration time:
-
Permalink:
epfl-si/django-epfl-entra-id@7dd7ef18bd843726ff63bcdf71d7084e7f95b6a3 -
Branch / Tag:
refs/tags/v0.0.9 - Owner: https://github.com/epfl-si
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@7dd7ef18bd843726ff63bcdf71d7084e7f95b6a3 -
Trigger Event:
push
-
Statement type: