Skip to main content

A simple way to use Custom authentication in django application. for dsm

Project description

Djagno DSM Authentication

Requirements

  • python >= 3.6
  • django >= 2.0
  • social-auth-app-django
  • djangorestframework-simplejwt

Installation

pip install dsm-django-socialauth

Usage

Prerequisite

  • must be PROTOCOL://HOST/oauth/complete/dsmauth/

note: Callback URL must be same with decarelation in urls.py

in this example use http://127.0.0.1/oauth/complete/dsmauth/

in setting.py

INSTALLED_APPS = [
    'dsmauth', # must be top of installed app
    ...
    'social_django',
    'rest_framework', # optional for use /authen/api/account/me/
    ...
]

add authentication backend in setting.py

AUTHENTICATION_BACKENDS = [
    ...
    'django.contrib.auth.backends.ModelBackend',
    'dsmauth.backend.dsmOAuth2',
    ...
]

set client id and client secret in setting.py

SOCIAL_AUTH_DSMAUTH_KEY = '<client_id>'
SOCIAL_AUTH_DSMAUTH_SECRET = '<client_secret>'

Sample SOCIAL_AUTH_PIPELINE

SOCIAL_AUTH_PIPELINE = [ 
    'social_core.pipeline.social_auth.social_details',
    'social_core.pipeline.social_auth.social_uid',
    'social_core.pipeline.social_auth.social_user',
    'social_core.pipeline.user.get_username',
    'social_core.pipeline.user.create_user',
    'social_core.pipeline.social_auth.associate_user',
    'social_core.pipeline.social_auth.load_extra_data',
    'social_core.pipeline.user.user_details',
    'social_core.pipeline.social_auth.associate_by_email',
]

Add login redirect

LOGIN_REDIRECT_URL='<path to redirect>'

Setauth server name and url

OAUTH_DSM_SERVER_BASEURL = 'oauth.data.storemesh.com'
BASE_BACKEND_URL = '<backend domain> eg http://localhost:8000'

(optional) If use in internal ip address for DSM VMs

OAUTH_DSM_SCHEME = "<http or https>"
OAUTH_INTERNAL_IP = "<internal oauth provider ip address>"

add setting authen via simple jwt

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
    ],
}

from datetime import timedelta
SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(hours=1),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
    'ROTATE_REFRESH_TOKENS': False,
    'BLACKLIST_AFTER_ROTATION': True,

    'ALGORITHM': 'HS256',
    'SIGNING_KEY': SECRET_KEY,
    'VERIFYING_KEY': None,
    'AUDIENCE': None,
    'ISSUER': None,

    'AUTH_HEADER_TYPES': ('Bearer',),
    'USER_ID_FIELD': 'id',
    'USER_ID_CLAIM': 'user_id',

    'UPDATE_LAST_LOGIN':True
}

See more detail about social-app-django in (https://github.com/python-social-auth/social-app-django)

in urls.py

from django.urls import path, include
from dsmauth.complete import complete

urlpatterns = [
    ...
    path('oauth/complete/<str:backend>/', complete, name='complete'),
    path('oauth/', include('social_django.urls', namespace='social')),
    path('authen/', include('dsmauth.urls'))

    ...
]

in template

  • template
    ...
        <a href="{% url 'social:begin' 'dsmauth' %}">Login with DSM</a>
        <a href="{% url 'logout' %}"> LOGOUT</a>
    ...
  • signin with next
    ...
    <a 
        href="{% url 'social:begin' 'dsmauth' %}?next={{ request.scheme }}://{{ request.get_host }}{% url 'admin:index' %}"
    >
        Login with dsm
    </a> 
    ...

If use backend-frontend (Client Site Render)

can use authentication with JWT

in settings.py

BASE_FRONTEND_URL='http://localhost:3000/'

Authentication step

  1. frontend href to <BACKEND_URL>/oauth/login/dsmauth
    • optional <BACKEND_URL>/oauth/login/dsmauth/?callback=<FRONTEND_URI>
      • FRONTEND_URI : domain frontend or localhost:xxxx
      • default: use in backend settings BASE_FRONTEND_URL and BASE_BACKEND_URL
  2. backend authentication with oauth server
  3. if authen complete backend callback to frontend <BASE_FRONTEND_URL>/callback?token=<REFRESH_TOKEN>
  • note BASE_FRONTEND_URL in backend/settings.py previous step
  1. frontend request access token with refresh token via

    • request
    [POST] : <BACKEND_URL>/authen/token/refresh/
    body : {
        "refresh" : "<REFRESH_TOKEN IN STEP 3>"
    }
    
    • reponse
    {
        "access": "eyJ0eXAiOiJKV1Qi...ifZOpwg"
    }
    
  2. frontend collect access(access token) for request api

How to use

  • request to backend
URL : <BACKEND>/api/xxx
HEADER : {
    'Authorization': "Bearer <ACCESS_TOKEN>"
}

logout / sign out

  • logout href to <BACKEND_URL>/authen/logout/
    • optional <BACKEND_URL>/authen/logout/?callback=<FRONTEND_URI>
      • FRONTEND_URI : domain frontend or localhost:xxxx
      • default: use in backend settings BASE_FRONTEND_URL and BASE_BACKEND_URL

Optional setup log

add settings in settings.py

MIDDLEWARE = [
    ...
    'dsmauth.middleware.LogHeaderMiddleware',
    ...
]

it's can get log in response header

  • X-Username : (string) username ex mike
  • X-Error : (string) short traceback python exception ex
    File /backend/searchapp/views.py, line 6, in error
    i = 10/0
    ZeroDivisionError: division by zero
    

Optional use JWT middleware

MIDDLEWARE = [
    ...
    'dsmauth.middleware.JWTauthenticationMiddleware',
    ...
]

if pass jwt token in header can use request.user

SignIn Admin via Oauth

  • edit urls.py
...
admin.site.login_template = 'admin/custom-login.html'
admin.site.index_template = 'admin/custom-index.html'
admin.site.site_title = "<PROJECT NAME>"
admin.site.site_header = "<PROJECT NAME>"
...

Get user info

[GET]: <BASE_URI>/authen/api/account/me/

{
    "id": 1,
    "user": "system_admin",
    "is_staff": true,
    "is_superuser": true,
    "first_name": "system",
    "last_name": "admin",
    "email": "system_admin@email.com",
    "image": null,
    "role": [
        {
            "name": "DataUser"
        },
        {
            "name": "SystemAdmin"
        }
    ],
    "permission": [
        3,
        7
    ]
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dsm-django-socialauth-1.0.33.tar.gz (13.2 kB view details)

Uploaded Source

File details

Details for the file dsm-django-socialauth-1.0.33.tar.gz.

File metadata

File hashes

Hashes for dsm-django-socialauth-1.0.33.tar.gz
Algorithm Hash digest
SHA256 2067054fe3f5b8138272ac30fb73032192158c8caf0eb7ce01d8bfb7c2a71c9d
MD5 cbf7be69170fdb57866d42dc1e0662e3
BLAKE2b-256 f28e6744a3d9b35552400cb2238e56a7588584d8625585dec077dadaaeeda258

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page