A Django OpenID Connect (OIDC) authentication backend
Project description
This module makes it easy to integrate OpenID Connect as an authentication source in a Django project.
Behind the scenes, it uses Roland Hedberg’s great pyoidc library.
Quickstart
Install djangooidc:
# Latest released package: pip install django-oidc # Latest code - unstable! pip install git+https://github.com/marcanpilami/django-oidc.git
Then to use it in a Django project, add this to your urls.py:
url(r'openid/', include('djangooidc.urls')),
Then add the following items to your settings.py:
add ‘djangooidc.backends.OpenIdConnectBackend’ to AUTHENTICATION_BACKENDS after the default ‘django.contrib.auth.backends.ModelBackend’
set LOGIN_URL = ‘openid’
add the specific OIDC parameters (change the absolute URLs to yours):
# Information used when registering the client, this may be the same for all OPs # Ignored if auto registration is not used. OIDC_DYNAMIC_CLIENT_REGISTRATION_DATA = { "application_type": "web", "contacts": ["ops@example.com"], "redirect_uris": ["http://localhost:8000/openid/callback/login/", ], "post_logout_redirect_uris": ["http://localhost:8000/openid/callback/logout/", ] } # Default is using the 'code' workflow, which requires direct connectivity from your website to the OP. OIDC_DEFAULT_BEHAVIOUR = { "response_type": "code", "scope": ["openid", "profile", "email", "address", "phone"], }
The configuration above is enough to use OIDC providers (OP) that support discovery and self client registration. In addition, you may want to use a specific OpenID Connect provider that is not auto-discoverable. This is done by adding items to the OIDC_PROVIDERS dictionary. See full documentation for parameter names.
For example, an Azure AD OP (V1 endpoint, as V2 does not support code flow yet) would be:
OIDC_PROVIDERS = { "Azure Active Directory": { "srv_discovery_url": "https://sts.windows.net/aaaaaaaa-aaaa-1111-aaaa-xxxxxxxxxxxxx/", "behaviour": OIDC_DEFAULT_BEHAVIOUR, "client_registration": { "client_id": "your_client_id", "client_secret": "your_client_secret", "redirect_uris": ["http://localhost:8000/openid/callback/login/"], "post_logout_redirect_uris": ["http://localhost:8000/openid/callback/logout/"], "token_endpoint_auth_method": "client_secret_post", } } }
You may now test the authentication by going to (on the development server) http://localhost:8000/openid/login or to any of your views that requires authentication.
Features
Ready to use Django authentication backend
No models stored in database - just some configuration in settings.py to keep it simple
Fully integrated with Django’s internal accounts and permission system
Support for all OIDC workflows: Authorization Code flow, Implicit flow, Hybrid flow. Don’t worry if you don’t know what these are - the package comes with great defaults.
Includes logout at the provider level
History
0.1.4 (2017-01-07)
OIDC library was updated. Its version is no longer “latest” to avoid breaking django-oidc on each major library update.
code that was broken by the update was fixed.
no more need for wheels on Windows.
0.1.0 (2015-05-08)
First release
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-oidc-0.1.4.tar.gz
.
File metadata
- Download URL: django-oidc-0.1.4.tar.gz
- Upload date:
- Size: 13.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 566fcc38abc8206ac60438d69f985fdfb13adfd204055bdc4c942a1fb204a8a8 |
|
MD5 | 17e553e51f2ac0a254041d72cfa2d5a4 |
|
BLAKE2b-256 | 72f372a64e7db0653aab25bf26721187f27a81a208caf9bd3373d53b31f3a2e0 |