Plugin OIDC (OpenID Connect) into Django CMS.
Project description
DjangoCMS OIDC (OpenID Connect)
Plugins for user authentication via OpenID, based on Mozilla Django OIDC.
Installation
$ pip install djangocms-oidc
Caution! If you are using project django-python3-ldap, you must use version higher than 0.11.3.
Example in requirements.txt:
django-python3-ldap @ git+https://github.com/etianen/django-python3-ldap.git@759d3483d9e656fef2b6a2e669101bca3021d9d5
Add settings to settings.py
Start by making the following changes to your settings.py file.
# Add 'mozilla_django_oidc' and 'djangocms_oidc' to INSTALLED_APPS
INSTALLED_APPS = [
# ...
'multiselectfield',
'django_countries',
'mozilla_django_oidc', # place after auth (django.contrib.auth)
'djangocms_oidc',
]
AUTHENTICATION_BACKENDS = [
# ...
'djangocms_oidc.auth.DjangocmsOIDCAuthenticationBackend',
]
MIDDLEWARE = [
# ...
'djangocms_oidc.middleware.OIDCSessionRefresh',
]
# Define OIDC classes
OIDC_AUTHENTICATE_CLASS = "djangocms_oidc.views.DjangocmsOIDCAuthenticationRequestView"
OIDC_CALLBACK_CLASS = "djangocms_oidc.views.DjangocmsOIDCAuthenticationCallbackView"
OIDC_OP_AUTHORIZATION_ENDPOINT = "https://example.com/authorization-endpoint"
OIDC_RP_CLIENT_ID = "myClientId"
Add OIDC urls to urls.py
Modify your project urls.py file.
urlpatterns = [
# ....
path('oidc/', include('mozilla_django_oidc.urls')),
path('djangocms-oidc/', include('djangocms_oidc.urls')),
]
Settings
Most settings are the same as the project Mozilla Django OIDC.
The following values are defined in the plugins. It is therefore not necessary to set them in the project settings. They have no effect.
OIDC_RP_CLIENT_ID
OIDC_RP_CLIENT_SECRET
OIDC_OP_AUTHORIZATION_ENDPOINT
OIDC_OP_TOKEN_ENDPOINT
OIDC_OP_USER_ENDPOINT
The OIDC_RP_SCOPES parameter behaves differently from the parameter in mozilla-django-oidc due to overloaded function verify_claims. The parameter contains a string of claim names. If at least one of them is present in the response from the provider, the handover of the data is verified. Default value of parameter is 'openid2_id openid email'. One of these data must be handovered, otherwise the response from the provider is dismissed.
Usage in administration
These plugins are available to the editor in the administration:
OIDC Handover data
OIDC Login
OIDC List identifiers
OIDC Display dedicated content
OIDC Show attribute
OIDC Show attribute Country
How to use provider MojeID
Home › Djangocms_Oidc › Oidc register consumers › oidc register consumer: Add
Name: MojeID TestRegister consumer: https://mojeid.regtest.nic.cz/oidc/registration/
Home › Djangocms_Oidc › Oidc providers › oidc provider: add
Name: MojeID TestCode: mojeidRegister consumer: MojeID TestAuthorization endpoint: https://mojeid.regtest.nic.cz/oidc/authorization/Token endpoint: https://mojeid.regtest.nic.cz/oidc/token/User endpoint: https://mojeid.regtest.nic.cz/oidc/userinfo/Account URL: https://mojeid.regtest.nic.cz/editor/Logout URL: https://mojeid.regtest.nic.cz/logout/
Page structure: Add
OpenID Connect: OIDC Handover dataProvider: MojeID TestClaims: {…} (copy from the example below) For mojeid see list “claims_supported” in .well-known openid-configuration.Verified by names: … (copy from the example below)
How to run an example
Run the example in Docker. Install as follows:
$ git clone https://github.com/CZ-NIC/djangocms-oidc-form-fields.git
$ cd djangocms-oidc-form-fields/example
$ docker-compose build web
$ docker-compose run --user $(id -u):$(id -g) web python manage.py migrate
$ docker-compose run --user $(id -u):$(id -g) web python manage.py loaddata site.json
Start the webserver:
$ docker-compose up -d
Open in your browser: http://localhost:8000/. To log in to the administrations use admin:password at http://localhost:8000/admin.
Stop the webserver:
$ docker-compose down
License
This software is licensed under the GNU GPL license. For more info check the LICENSE file.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for djangocms_oidc-4.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a1b412a451a263162b29f656ed4bfe8bb0f89a40101c992934f31eb837270a19 |
|
MD5 | fa085725a280177b6f1f34811e7862d2 |
|
BLAKE2b-256 | 7165ba2fe92d849e713960d7df43b65fae11d90b84e2c4720a5984b9f98cd2ff |