Skip to main content

Add Multi-provider auth for various providers

Project description

Multiprovider Authentication

Multiprovider Authentication is an easy to setup authentication middleware with support for Django REST Framework and multiple OAuth2/OIDC Identity Providers that issue opaque or JWT access tokens, e.g. Auth0, Globus, etc.

Rationale

Many authentication middleware packages have been writted for Django REST Framework with support for OAuth2 opaque or JWT token. Most popular ones are listed with a short description on Django REST Framework - Authentication. But all of them that support opaque tokens require access to the Identity Provider database to verify the access tokens. Or they cannot be stack up with other authentication classes to authenticate a bearer token against multiple Identity Providers. The Multiprovider Authentication middleware fills up the gap. It supports all Identity Providers that issue JWT tokens and Globus that issues opaque access tokens. Support for other Identity Providers can easily be added by creating a new backend in mp_auth/backends. Each backend can be used separately as an Django REST Framework authentication class, or can be a part of list of authentication class that Django REST Framework will go through to authenticate an HTTP request. mp_auth.backend.mp.MultiproviderAuthentication is a special authentication class that calls all authentication classes configured in settings.py.

Setup

Install the Multiprovider Authentication middleware for Django REST Framework (Python 3 is required)

pip install mp-auth

and in settings.py set the following:

INSTALLED_APPS [
    ...
    'mp_auth',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'mp_auth.backends.mp.MultiproviderAuthentication',
    )
}

MULTIPROVIDER_AUTH = {
    "BearerTokens": {
        "globus": {
            "scope": [<scopes>],
            "aud": <audience>
        }
    },
    "JWT": {
        <issuer>": {
            "aud": <audience>
        }
    }
}

GLOBUS_CLIENT_ID = <OAuth2 client id>
GLOBUS_CLIENT_SECRET = <OAuth2 client secret>

Then any view can be protected by JWTAuthentication or GlobusAuthentication, or, if you want to authenticate an HTTP request against both JWTAuthentication or GlobusAuthentication, by MultiproviderAuthentication class.

from mp_auth.backends.mp import MultiproviderAuthentication

class MyAPIView(APIView):
    authentication_classes = (MultiproviderAuthentication,)
    renderer_classes = (JSONRenderer,)

    def get(self, request, format=None):
        user = request.user
        return Response({"username": user.username})

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for mp-auth, version 0.3
Filename, size File type Python version Upload date Hashes
Filename, size mp_auth-0.3-py3-none-any.whl (13.9 kB) File type Wheel Python version py3 Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page