Reusable Django app to facilitate gov.uk Staff Single Sign On

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for uktrade from gravatar.com uktrade

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT

Author: Department for International Trade

Classifiers

Project description

Django-staff-sso-client

CircleCI codecov PyPI PyPI - Python Version PyPI - Django Version

A Django client for staff-sso

As of Version 4, users are looked up by username field instead of email field

Requirements

Python 3.6 Django>=1.11

Installation

pip install django-staff-sso-client

Configuration

Add the following to your settings file:

INSTALLED_APPS=[
    [...]
    'authbroker_client',
]

# authbroker config
AUTHBROKER_URL = 'speak-to-webops-team-for-access'
AUTHBROKER_CLIENT_ID = 'speak-to-webops-team-for-access'
AUTHBROKER_CLIENT_SECRET = 'speak-to-webops-team-for-access'

Add the 'authbroker_client.backends.AuthbrokerBackend' authentication backend, e.g:

AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',
    'authbroker_client.backends.AuthbrokerBackend',
]

Add the LOGIN_URL ( it must be '/auth/login' )

LOGIN_URL = reverse_lazy('authbroker_client:login')

Add the LOGIN_REDIRECT_URL for e.g.

LOGIN_REDIRECT_URL = reverse_lazy('home_page')

Then finally add this to your main urls.py file:

path('auth/', include('authbroker_client.urls'))

or, if you're using Django<2:

url('^auth/', include('authbroker_client.urls', namespace='authbroker', app_name='authbroker_client'))

You should now have an /auth/login/ URL which directs users through the staff-sso login flow. Once a user is authenticated via staff-sso (and chosen identify provider), they will be redirected back to your application. A local django user with a matching email address will then be logged in. The user entry will be created if it does not already exist in the database.

Once authenticated, the user will be redirected to settings.LOGIN_REDIRECT_URL

Use the django @login_required decorator to protect individual views, or if you want to protect all views use this middleware:

MIDDLEWARE = [
    [...]
    'authbroker_client.middleware.ProtectAllViewsMiddleware',
]

if you do like to use admin interface in your app, when using this module, you will also need to install and configure the custom_usermodel.

TODO:

  • ensure has_valid_token() checks with staff-sso after grace period (e.g. 1 minute)
  • improve exception handling logic in authbroker_client/views.py

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for uktrade from gravatar.com uktrade

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT

Author: Department for International Trade

Classifiers

Release history Release notifications | RSS feed

4.2.2

4.2.1

4.2.0

4.1.1

4.0.1

4.0.0

3.1.1

3.1.0

3.0.0

2.2.1

2.2.0

2.1.0

2.0.1

2.0.0

1.0.1

1.0.0

This version

0.4.0

0.3.1

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

django_staff_sso_client-0.4.0-py3-none-any.whl (10.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page