Reusable and configurable Keycloak OIDC backend for Django

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Foxedwrer3 from gravatar.com Foxedwrer3

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Keycloak OIDC Backend for restaurant management apps

Переисользуемый и гибкий Keycloak OIDC backend для Django. Используются следующие иерархические группы для задания ролей

    /organization_<iikoid>/admin
    /organization_<iikoid>/manager
    /organization_<iikoid>/viewer
    /organization_<iikoid>/member - use it for restaurant only users
    /organization_<iikoid>/restaurant_<iikoid>/manager
    /organization_<iikoid>/restaurant_<iikoid>/staff
    /organization_<iikoid>/restaurant_<iikoid>/viewer

Installation

GH_PAT - personal access token for GitHub

pip install git+https://$GH_PATgithub.com/ark-tm/keycloak-auth-backend.git

Usage

  1. Add to INSTALLED_APPS

    INSTALLED_APPS = [
    ...
    'mozilla_django_oidc',
    ...
]

    In User model there must be keycloak_id field
    In restaurant: iikoid
    In organization: iiko_id

    Example models for roles:

    class OrganizationRoleEnum(models.TextChoices):
    VIEWER = "viewer", "Viewer"
    MANAGER = "manager", "Manager"
    ADMIN = "admin", "Admin"
    MEMBER = "member", "Member"


class RestaurantRoleEnum(models.TextChoices):
    VIEWER = "viewer", "Viewer"
    STAFF = "staff", "Staff"
    MANAGER = "manager", "Manager"

class OrganizationRole(TimestampedModel):
    user = models.ForeignKey('core.User', on_delete=models.CASCADE)
    organization = models.ForeignKey(Organization, on_delete=models.CASCADE)
    role = models.CharField(max_length=50, choices=OrganizationRoleEnum.choices)

    class Meta:
        unique_together = ('user', 'organization')

class RestaurantRole(TimestampedModel):
    user = models.ForeignKey('core.User', on_delete=models.CASCADE)
    restaurant = models.ForeignKey(Restaurant, on_delete=models.CASCADE)
    role = models.CharField(max_length=50, choices=RestaurantRoleEnum.choices)

    class Meta:
        unique_together = ('user', 'restaurant')

  2. Configure AUTHENTICATION_BACKENDS in your Django settings.py:

    AUTHENTICATION_BACKENDS = (
    'keycloak-auth.backends.KeycloakOIDCBackend',
    'django.contrib.auth.backends.ModelBackend',
)

  3. Specify your models in settings.py:

    ORGANIZATION_MODEL = 'core.Organization'
ORGANIZATION_ROLE_MODEL = 'core.OrganizationRole'
RESTAURANT_MODEL = 'core.Restaurant'
RESTAURANT_ROLE_MODEL = 'core.RestaurantRole'

  4. Add the mozilla-django-oidc settings

OIDC_RP_CLIENT_ID
OIDC_RP_CLIENT_SECRET
KEYCLOAK_REALM

OIDC_OP_AUTHORIZATION_ENDPOINT
OIDC_OP_TOKEN_ENDPOINT 
OIDC_OP_USER_ENDPOINT
OIDC_OP_JWKS_ENDPOINT
OIDC_RP_SIGN_ALGO
OIDC_USERNAME_CLAIM
OIDC_USER_CREATION = True 
OIDC_AUTH_REQUEST_EXTRA_PARAMS = {"scope": "openid email profile roles"} 

LOGIN_REDIRECT_URL
LOGOUT_REDIRECT_URL
OIDC_LOGIN_REDIRECT_URL
OIDC_LOGOUT_REDIRECT_URL

OIDC_STORE_ACCESS_TOKEN = True
OIDC_STORE_ID_TOKEN = True
OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 3600


KEYCLOAK_SERVER_URL = getenv('KEYCLOAK_SERVER_URL')

KEYCLOAK_CLIENT_ID = OIDC_RP_CLIENT_ID
KEYCLOAK_CLIENT_SECRET = OIDC_RP_CLIENT_SECRET

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Foxedwrer3 from gravatar.com Foxedwrer3

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

This version

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keycloak_restaurant_auth-1.0.1.tar.gz (3.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

keycloak_restaurant_auth-1.0.1-py3-none-any.whl (4.0 kB view details)

Uploaded Python 3

File details

Details for the file keycloak_restaurant_auth-1.0.1.tar.gz.

File metadata

  • Download URL: keycloak_restaurant_auth-1.0.1.tar.gz
  • Upload date:
  • Size: 3.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.10

File hashes

Hashes for keycloak_restaurant_auth-1.0.1.tar.gz
Algorithm Hash digest
SHA256 a8c37b7be4d08db8e3ec4971c2fee258103322bf1884b5da21547f69674028ec
MD5 7e07cf95dbbc281ac02013a0cb0404c1
BLAKE2b-256 0eb21a8b0ee45e9e6fb0415b859f3db7aca5477f4fba1c04dee1f3a7e9923fd6

See more details on using hashes here.

File details

Details for the file keycloak_restaurant_auth-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for keycloak_restaurant_auth-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 64b677e7ffbce3466736850ebeb75e3170960f5c26bdd6bab906372648526d15
MD5 463289daf9e4eefc4b411a342b4609e0
BLAKE2b-256 c85476507b1686ccc7c7ef1c551dffc2b5d77e6629a74f4debb542142e7dacba

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page