Add Multi-provider auth for various providers
Project description
Multiprovider Authentication
Multiprovider Authentication is an easy to setup authentication middleware with support for Django REST Framework and multiple OAuth2/OIDC Identity Providers that issue opaque or JWT access tokens, e.g. Auth0, Globus, etc.
Rationale
Many authentication middleware packages have been writted for Django REST Framework with
support for OAuth2 opaque or JWT token. Most popular ones are listed with a short description
on Django REST Framework - Authentication. But all of them that support opaque tokens
require access to the Identity Provider database to verify the access tokens. Or they cannot be
stack up with other authentication classes to authenticate a bearer token against multiple
Identity Providers. The Multiprovider Authentication middleware fills up the gap. It supports all
Identity Providers that issue JWT tokens and Globus that issues opaque access tokens. Support
for other Identity Providers can easily be added by creating a new backend in mp_auth/backends.
Each backend can be used separately as an Django REST Framework authentication class, or can be a part of
list of authentication class that Django REST Framework will go through to authenticate an HTTP request.
mp_auth.backend.mp.MultiproviderAuthentication is a special authentication class that calls all
authentication classes configured in settings.py.
Setup
Install the Multiprovider Authentication middleware for Django REST Framework (Python 3 is required)
pip install mp-auth
and in settings.py set the following:
INSTALLED_APPS [
...
'mp_auth',
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'mp_auth.backends.mp.MultiproviderAuthentication',
)
}
MULTIPROVIDER_AUTH = {
"BearerTokens": {
"globus": {
"scope": [<scopes>],
"aud": <audience>
}
},
"JWT": {
<issuer>": {
"aud": <audience>
}
}
}
GLOBUS_CLIENT_ID = <OAuth2 client id>
GLOBUS_CLIENT_SECRET = <OAuth2 client secret>
Then any view can be protected by JWTAuthentication or GlobusAuthentication, or, if you want to
authenticate an HTTP request against both JWTAuthentication or GlobusAuthentication, by
MultiproviderAuthentication class.
from mp_auth.backends.mp import MultiproviderAuthentication
class MyAPIView(APIView):
authentication_classes = (MultiproviderAuthentication,)
renderer_classes = (JSONRenderer,)
def get(self, request, format=None):
user = request.user
return Response({"username": user.username})
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file mp_auth-0.3-py3-none-any.whl.
File metadata
- Download URL: mp_auth-0.3-py3-none-any.whl
- Upload date:
- Size: 13.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/42.0.2 requests-toolbelt/0.9.1 tqdm/4.41.0 CPython/3.7.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b1f25bdadd2f24babb2ee2465156b7ddebf4e79f140d743af0506e15dc160cf0 |
|
| MD5 | 268ad66c19d35630c1edf14e73e86869 |
|
| BLAKE2b-256 | 1218dcaaf1b6987af05641b625ba3117f60ea88733f8304299e092951a862901 |
