A convenience libary for authenticating users from Keycloak access tokens
Project description
DRF Keycloak Auth
Requirements
- Python >= 3.4
- Django
- Django Rest Framework
- Python Keycloak
Installation
$ pip install drf-keycloak-auth
Add the application to your project's INSTALLED_APPS in settings.py.
INSTALLED_APPS = [
...
'drf_keycloak_auth',
]
In your project's settings.py, add this to the REST_FRAMEWORK configuration. Note that if you want to retain access to the browsable API for locally created users, then you will probably want to keep rest_framework.authentication.SessionAuthentication too.
REST_FRAMEWORK = {
...
'DEFAULT_AUTHENTICATION_CLASSES': [
...
'rest_framework.authentication.SessionAuthentication',
'drf_keycloak_auth.authentication.KeycloakAuthentication',
]
}
and add this to the MIDDLEWARE configuration to parse roles from the JWT
MIDDLEWARE = [
...
'drf_keycloak_auth.middleware.KeycloakMiddleware'
]
The drf_keycloak_auth application comes with the following settings as default, which can be overridden in your project's settings.py file. Make sure to nest them within DRF_KEYCLOAK_AUTH as below:
DEFAULTS = {
'KEYCLOAK_SERVER_URL': os.getenv('KEYCLOAK_SERVER_URL'),
'KEYCLOAK_REALM': os.getenv('KEYCLOAK_REALM'),
'KEYCLOAK_CLIENT_ID': os.getenv('KEYCLOAK_CLIENT_ID'),
'KEYCLOAK_CLIENT_SECRET_KEY': os.getenv('KEYCLOAK_CLIENT_SECRET_KEY'),
'KEYCLOAK_AUTH_HEADER_PREFIX':
os.getenv('KEYCLOAK_AUTH_HEADER_PREFIX', 'Bearer'),
'KEYCLOAK_MANAGE_LOCAL_USER':
os.getenv('KEYCLOAK_MANAGE_LOCAL_USER', True),
'KEYCLOAK_MANAGE_LOCAL_GROUPS':
os.getenv('KEYCLOAK_MANAGE_LOCAL_GROUPS', False),
}
All you need to do now is have your client code handle the Keycloak authentication flow, retrieve the access_token for the user, and then use the access_token for the user in an Authorization header in requests to your API.
Bearer <token>
Roles will be present in request.roles with a role: prefix, e.g.:
['role:admin', 'a4a9be6e-bd04-42f8-9377-27d9db82216f']
except for the authenticated user's pk field, e.g. for a user model using uuid's as primary key:
['role:user', 'a4a9be6e-bd04-42f8-9377-27d9db82216f']
where the pk can be used for checking object ownership.
Voila!
Contributing
- Please raise an issue/feature and name your branch 'feature-n' or 'issue-n', where 'n' is the issue number.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file drf_keycloak_auth-0.0.1.dev3.tar.gz.
File metadata
- Download URL: drf_keycloak_auth-0.0.1.dev3.tar.gz
- Upload date:
- Size: 7.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/51.0.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
416697f2847c7cf0b387e041fd6c591fbde1cd1da51f0ec36a34331b337808b9
|
|
| MD5 |
fe0384d9eb714d18d1ab70a9ec7112ef
|
|
| BLAKE2b-256 |
9681b27a14c52c3d05a2f3c5e151170051915978fd9c8627e4844524b695fb6d
|
File details
Details for the file drf_keycloak_auth-0.0.1.dev3-py3-none-any.whl.
File metadata
- Download URL: drf_keycloak_auth-0.0.1.dev3-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/51.0.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
89b27cae31ade01cdc09c37f2a5c46a3bc6b48d4b7739b92f4c3ddc22bb43101
|
|
| MD5 |
3894e5bd2f1df88c4010249368045c79
|
|
| BLAKE2b-256 |
53a1720376e8d408ed08325fffcc93e6351a53c9e2649c65ceca0736eaf17d36
|
