Django authentication backends and views for Vector-generated apps
Project description
govector-auth
Django authentication backends and views for Vector-generated apps. Handles JWT verification from Vector's auth proxy, session cookie management, and dev-mode auto-authentication.
Install
pip install govector-auth
Setup
Authentication Backends
Add to your Django settings:
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
"govector_auth.JWTCookieAuthentication",
"govector_auth.DevAutoAuthentication",
],
}
JWTCookieAuthenticationreads JWT from HttpOnly cookies with CSRF enforcementDevAutoAuthenticationprovides a fallback dev user when auth is not configured (whenVECTOR_AUTH_PROXY_URLis not set)
URL Configuration
Add the auth views to your urls.py:
from govector_auth import AuthTokenView, TokenRefreshView, CurrentUserView, LogoutView
urlpatterns = [
path("api/accounts/auth/token", AuthTokenView.as_view()),
path("api/accounts/auth/refresh", TokenRefreshView.as_view()),
path("api/accounts/me/", CurrentUserView.as_view()),
path("api/accounts/logout/", LogoutView.as_view()),
]
Required Settings
# Cookie names
ACCESS_TOKEN_COOKIE = "access_token"
REFRESH_TOKEN_COOKIE = "refresh_token"
# Cookie config
ACCESS_TOKEN_COOKIE_MAX_AGE = 60 * 5 # 5 minutes
ACCESS_TOKEN_COOKIE_HTTPONLY = True
ACCESS_TOKEN_COOKIE_SECURE = True # False for local dev
ACCESS_TOKEN_COOKIE_SAMESITE = "Lax"
ACCESS_TOKEN_COOKIE_PATH = "/"
REFRESH_TOKEN_COOKIE_MAX_AGE = 60 * 60 * 24 * 7 # 7 days
REFRESH_TOKEN_COOKIE_HTTPONLY = True
REFRESH_TOKEN_COOKIE_SECURE = True # False for local dev
REFRESH_TOKEN_COOKIE_SAMESITE = "Lax"
REFRESH_TOKEN_COOKIE_PATH = "/"
Required Environment Variables
VECTOR_AUTH_PROXY_URL=https://auth.govector.ai # Vector's hosted auth proxy
DEV_USER_EMAIL=dev@localhost # Fallback email when auth is disabled
User Model
Your User model should include these fields for full compatibility:
class User(AbstractBaseUser):
email = models.EmailField(unique=True)
first_name = models.CharField(max_length=150, blank=True)
last_name = models.CharField(max_length=150, blank=True)
picture = models.URLField(max_length=500, blank=True, default="")
vector_uga_user_id = models.CharField(max_length=255, blank=True, default="")
is_active = models.BooleanField(default=True)
@property
def full_name(self) -> str:
return f"{self.first_name} {self.last_name}".strip() or self.email
Auth Flow
- Frontend POSTs JWT from auth proxy to
AuthTokenView - View fetches RS256 public key from
VECTOR_AUTH_PROXY_URL/.well-known/jwks.json - Verifies JWT signature, extracts user claims
- Creates or updates local User record
- Issues SimpleJWT access + refresh tokens as HttpOnly cookies
- Subsequent requests authenticated via
JWTCookieAuthentication TokenRefreshViewrotates tokens when access token expires
API
JWTCookieAuthentication
DRF authentication backend. Reads JWT from the ACCESS_TOKEN_COOKIE cookie, falls back to Authorization header. Enforces CSRF on unsafe methods when using cookies.
DevAutoAuthentication
DRF authentication backend. When VECTOR_AUTH_PROXY_URL is not set, auto-authenticates with a shared dev user. When auth is enabled, returns None (passes through to 401).
Views
| View | Method | Path | Description |
|---|---|---|---|
AuthTokenView |
POST | /api/accounts/auth/token |
Exchange auth proxy JWT for session |
TokenRefreshView |
POST | /api/accounts/auth/refresh |
Rotate refresh token |
CurrentUserView |
GET | /api/accounts/me/ |
Get current user |
LogoutView |
POST | /api/accounts/logout/ |
Clear auth cookies |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file govector_auth-0.1.6.tar.gz.
File metadata
- Download URL: govector_auth-0.1.6.tar.gz
- Upload date:
- Size: 48.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4532244b2a9c72834c177dd5807063ce9af13cd1b43c8c36f26833e4984fcb4f
|
|
| MD5 |
b83e503d5546b115b4965532f131ec8d
|
|
| BLAKE2b-256 |
ab57e87ab946a4b852d1cee14879f347df1f6baf2a9651c4d0cd0b08ec3ea2b5
|
File details
Details for the file govector_auth-0.1.6-py3-none-any.whl.
File metadata
- Download URL: govector_auth-0.1.6-py3-none-any.whl
- Upload date:
- Size: 8.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
89a47679678dde3eafba74fd0459d41e7a39ef165af5c1b5ea9e72b8c983584f
|
|
| MD5 |
f48c7d6e8b5f9b5862c51a748e5fdf2e
|
|
| BLAKE2b-256 |
5c7fdc44d9bf0898c3b90e639625f75f8f325144eb0c69dc7a4088d9a6921350
|
