Django OAuth authentication middleware for admin interface
Project description
django-sso-oauth
Django OAuth authentication middleware for admin interface.
Replaces the default Django admin login with an OAuth 2.0 / OpenID Connect flow. After a successful OAuth exchange, the user's session is maintained by a lightweight middleware that maps the OAuth identity to a Django user.
Requirements
- Python >= 3.6
- Django >= 3.2
requestsPyJWT
Installation
pip install django-sso-oauth
Configuration
1. Environment variables
Set the following variables in your .env file or environment:
| Variable | Description |
|---|---|
DJANGO_SSO_OAUTH_BASE_URL |
Base URL of the OAuth provider (e.g. https://sso.example.com) |
DJANGO_SSO_OAUTH_CLIENT_ID |
OAuth client ID |
DJANGO_SSO_OAUTH_CLIENT_SECRET |
OAuth client secret |
DJANGO_SSO_OAUTH_REDIRECT_URL |
Redirect URI registered with the OAuth provider (e.g. https://yourapp.example.com/admin/oauth/redirect) |
DJANGO_SSO_OAUTH_AFTER_LOGIN_URL |
URL to redirect to after login successfully (default: admin:index) |
2. Add to INSTALLED_APPS
INSTALLED_APPS = [
...
"django_sso_oauth",
]
3. Add middleware
Add OauthAdminSessionMiddleware after SessionMiddleware in your MIDDLEWARE setting:
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django_sso_oauth.middleware.OauthAdminSessionMiddleware", # <-- add here
...
]
4. Wire up URLs
In your project's urls.py, override the default admin login and add the OAuth redirect callback:
from django.contrib import admin
from django.urls import path, include
from django_sso_oauth import views as sso_views
urlpatterns = [
path("admin/login/", sso_views.login), # replaces default admin login
path("admin/oauth/redirect", sso_views.oauth_redirect), # OAuth callback
path("admin/", admin.site.urls),
...
]
Important: The
admin/login/andadmin/oauth/redirectpaths must be declared beforeadmin.site.urlsso they take precedence.
How it works
- When a user visits
/admin/, Django redirects to/admin/login/. - The
loginview redirects to the OAuth provider's authorization endpoint. - The provider redirects back to
/admin/oauth/redirectwith an authorization code. - The
oauth_redirectview exchanges the code for an access token, decodes the JWT to extract the user's email (upnorunique_nameclaim), and looks up the corresponding Django user. - The email is stored in the session;
OauthAdminSessionMiddlewarerestores the user on every subsequent request.
The Django user must already exist in the database. User provisioning is not handled by this package.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_sso_oauth-1.0.2.tar.gz.
File metadata
- Download URL: django_sso_oauth-1.0.2.tar.gz
- Upload date:
- Size: 6.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.17
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fe74c0618aae1dd46e3de06f1d4b98422c429748021383d0fee541cedd635480
|
|
| MD5 |
6205f0723b32598fc21644fb229892c9
|
|
| BLAKE2b-256 |
9f1d7e7a8cc0cf23aeae0762126578700eae1cbd86da4c0c07a43b15b44a529f
|
File details
Details for the file django_sso_oauth-1.0.2-py3-none-any.whl.
File metadata
- Download URL: django_sso_oauth-1.0.2-py3-none-any.whl
- Upload date:
- Size: 7.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.17
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
19b2d222c5922c371c02ff67128455322672a3086d7d30258f07b4c201313415
|
|
| MD5 |
b583338428450af36f2414680ddc28e7
|
|
| BLAKE2b-256 |
14a0e96fa4a03378581c08524234cdbe0222cf3354d486659da71594c8717321
|
