Skip to main content

Middleware to allow authorization using Keycloak and Django

Project description

Django Keycloak Authorization

Middleware to allow authorization using Keycloak and Django for DRF and Graphene based projects. This package can only be used for projects started from scratch since they override the users management.

Installation

  1. Add django_keycloak to the Django INSTALLED_APPS

  2. Add django_keycloak.middleware.KeycloakMiddleware to the Django `MIDDLEWARE

  3. Change Django AUTHENTICATION_BACKENDS to:

    AUTHENTICATION_BACKENDS = (
        'django_keycloak.backends.KeycloakAuthenticationBackend',
    )
    
  4. Add the following to Django settings:

    KEYCLOAK_CONFIG = {
        'SERVER_URL': 'https://keycloak.staging.ubiwhere.com',
        'INTERNAL_URL': 'https://keycloak.staging.ubiwhere.com',
        'REALM': 'django',
        'CLIENT_ID': 'api',
        'CLIENT_SECRET_KEY': '0414b857-8430-4fbb-b86a-62bc398f37ea',
        'CLIENT_ADMIN_ROLE': 'admin',
        'REALM_ADMIN_ROLE': 'admin',
        'EXEMPT_URIS': [],
        'GRAPHQL_ENDPOINT': 'graphql/'
    }
    
  5. Override the Django user model on settings:

    AUTH_USER_MODEL = "django_keycloak.KeycloakUser"
    
  6. If using graphene add the GRAPHQL_ENDPOINT to settings and ``KeycloakGrapheneMiddleware to the grapheneMIDDLEWARE`

Django Admin

The Django superuser that can be used for the Django Admin login, must created with the normal management command python manage.py createsuperuser. But first you must create this user on keycloak and set a client admin role and realm admin role like the CLIENT_ADMIN_ROLE and REALM_ADMIN_ROLE that were added on settings previously.

Django Rest Framework

In the Django settings the the Rest Framework settings can't have any Authorization values (used in other projects). Example:

```json
# Rest framework settings
REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
    'PAGE_SIZE': 100,  # Default to 20
    'PAGINATE_BY_PARAM': 'page_size',
    # Allow client to override, using `?page_size=xxx`.
    'MAX_PAGINATE_BY': 100,
    # Maximum limit allowed when using `?page_size=xxx`.
    'TEST_REQUEST_DEFAULT_FORMAT': 'json'
}
```

DRY Permissions

The permissions must be set like in other projects. You must the the permissions configuration for each model. Example:

```json
@staticmethod
@authenticated_users
def has_read_permission(request):
    roles = request.remote_user.get('client_roles')

    return True if 'ADMIN' in roles else False
```

Keycloak users synchronization

The management command sync_keycloak_users must be ran periodically. In order to remove from the local users the ones that are no longer available at keycloak. This command can be called using the task named sync_users_with_keycloak, using celery. Fot that you just need to:

  • Add the task to the CELERY_BEAT_SCHEDULE ìns Django settings:

    CELERY_BEAT_SCHEDULE = {
        'sync_users_with_keycloak': {
            'task': 'django_keycloak.tasks.sync_users_with_keycloak',
            'schedule': timedelta(hours=24),
            'options': {'queue': 'sync_users'}
        },
    }
    
  • Add the sync_users queue to the docker-compose celery service:

    command: celery worker -A citibrain_base -B -E -l info -Q backup,celery,sync_users --autoscale=4,1

Attention: This task is only responsible to delete users from local storage. The creation of new users, that are on keycloak, is done when they try to login.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_uw_keycloak-0.7.0.tar.gz (12.6 kB view details)

Uploaded Source

Built Distribution

django_uw_keycloak-0.7.0-py3-none-any.whl (15.7 kB view details)

Uploaded Python 3

File details

Details for the file django_uw_keycloak-0.7.0.tar.gz.

File metadata

  • Download URL: django_uw_keycloak-0.7.0.tar.gz
  • Upload date:
  • Size: 12.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.8.7

File hashes

Hashes for django_uw_keycloak-0.7.0.tar.gz
Algorithm Hash digest
SHA256 2be71014473c9f8e4a5396ae4b28a246ea691ccec05eef48085e0cd02c0aa68e
MD5 f651b36b5a7c1b476f89c9460c52c89f
BLAKE2b-256 7a0d17e6198b8870551b412d4183a87bbd32eb98a690592469d2b04898d03092

See more details on using hashes here.

File details

Details for the file django_uw_keycloak-0.7.0-py3-none-any.whl.

File metadata

  • Download URL: django_uw_keycloak-0.7.0-py3-none-any.whl
  • Upload date:
  • Size: 15.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.8.7

File hashes

Hashes for django_uw_keycloak-0.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 63aab27786a2c103820eb4850c233b899e628aec867dc2ac039139c8850e7bf2
MD5 57ecaf86652abe549c8709c455dfde15
BLAKE2b-256 8c2b1951c8dec96790966bb5aa6b33c6bf4f27de52a5bdb6cc2dea14b19ad147

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page