Project description

Multiprovider Authentication

Multiprovider Authentication is an easy to setup authentication middleware with support for Django REST Framework and multiple OAuth2/OIDC Identity Providers that issue opaque or JWT access tokens, e.g. Auth0, Globus, etc.

Rationale

Many authentication middleware packages have been writted for Django REST Framework with support for OAuth2 opaque or JWT token. Most popular ones are listed with a short description on Django REST Framework - Authentication. But all of them that support opaque tokens require access to the Identity Provider database to verify the access tokens. Or they cannot be stack up with other authentication classes to authenticate a bearer token against multiple Identity Providers. The Multiprovider Authentication middleware fills up the gap. It supports all Identity Providers that issue JWT tokens and Globus that issues opaque access tokens. Support for other Identity Providers can easily be added by creating a new backend in mp_auth/backends. Each backend can be used separately as an Django REST Framework authentication class, or can be a part of list of authentication class that Django REST Framework will go through to authenticate an HTTP request. mp_auth.backend.mp.MultiproviderAuthentication is a special authentication class that calls all authentication classes configured in settings.py.

Setup

Install the Multiprovider Authentication middleware for Django REST Framework (Python 3 is required)

pip install mp-auth

and in settings.py set the following:

INSTALLED_APPS [
    ...
    'mp_auth',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'mp_auth.backends.mp.MultiproviderAuthentication',
    )
}

MULTIPROVIDER_AUTH = {
    "BearerTokens": {
        "globus": {
            "scope": [<scopes>],
            "aud": <audience>
        }
    },
    "JWT": {
        <issuer>": {
            "aud": <audience>
        }
    }
}

GLOBUS_CLIENT_ID = <OAuth2 client id>
GLOBUS_CLIENT_SECRET = <OAuth2 client secret>

Then any view can be protected by JWTAuthentication or GlobusAuthentication, or, if you want to authenticate an HTTP request against both JWTAuthentication or GlobusAuthentication, by MultiproviderAuthentication class.

from mp_auth.backends.mp import MultiproviderAuthentication

class MyAPIView(APIView):
    authentication_classes = (MultiproviderAuthentication,)
    renderer_classes = (JSONRenderer,)

    def get(self, request, format=None):
        user = request.user
        return Response({"username": user.username})

Project details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

0.3

Jan 3, 2020

This version

0.2

Jan 2, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

mp_auth-0.2-py3-none-any.whl (8.2 kB view hashes)

Uploaded Jan 2, 2020 Python 3

Hashes for mp_auth-0.2-py3-none-any.whl

Hashes for mp_auth-0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`c9b562c3e240fcc4f69df062b24f0a1a4c957f83fc01d3bcabdb8dd628d361df`
MD5	`68c1f27c2142f1e34cee820e28bda2d4`
BLAKE2b-256	`80d3f340674b5374786607807001cd8d13acbf9181228ef9023ab51cff027c93`