Django DRF OIDC Auth library: Securely authenticate users using OIDC in Django DRF. Supports Code Flow and Code Flow With PKCE. Easy integration with React Js or any front-end framework.
Project description
Installation
Install using pip...
pip install oidc_drf
Add 'oidc_drf' to your INSTALLED_APPS setting.
INSTALLED_APPS = [
...
'oidc_drf',
]
Configure the following settings in your Django project's settings module:
OIDC_RP_CLIENT_ID = '' # required
OIDC_RP_CLIENT_SECRET = '' # optional if public client
OIDC_OP_JWKS_ENDPOINT = None # defalut None
OIDC_OP_AUTHORIZATION_ENDPOINT = ''# required
OIDC_OP_TOKEN_ENDPOINT = ''# required
OIDC_OP_USER_ENDPOINT = '' # required
OIDC_OP_LOGOUT_ENDPOINT ='' # required
OIDC_AUTHENTICATION_SSO_CALLBACK_URL = '' # required - identity provider will redirect you to this url after login
OIDC_LOGOUT_REDIRECT_URL = '' # required - identity provider will redirect you to this url after logout
# Django Rest Framework settings
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'oidc_drf.drf.OIDCAuthentication', # This is important to be the first one
],
}
# Authentication backends
AUTHENTICATION_BACKENDS = [
'oidc_drf.backends.OIDCAuthenticationBackend',
]
Next, edit your urls.py and add the following:
from django.urls import path, include
urlpatterns = [
# ...
path('oidc/', include('oidc_drf.urls')),
# ...
]
finnaly run the migrations commands
python3 manage.py makemigrations
python3 manage.py migrate
That's it, we're done!
EXTRA SETTINGS
those settings are optional and populated with default values.
OIDC_USE_NONCE = True # defalut true
OIDC_USE_PKCE = True # defalut true
OIDC_USERNAME_CLAIM = 'preferred_username' # defalut 'preferred_username'
OIDC_RP_SIGN_ALGO = 'RS256' # defalut RS256
OIDC_RP_SCOPES = 'openid email' # defalut openid email
OIDC_RP_IDP_SIGN_KEY = None # defalut None
OIDC_VERIFY_SSL = True # defalut True
OIDC_TIMEOUT = None # defalut None
OIDC_PROXY = None # defalut None
OIDC_USERNAME_ALGO = None # defalut None
OIDC_USE_ENCODED_USERNAME = None # defalut None
OIDC_CREATE_USER = True # defalut True
OIDC_VERIFY_KID = True # defalut True
OIDC_ALLOW_UNSECURED_JWT = False # defalut False
OIDC_TOKEN_USE_BASIC_AUTH = False # defalut False
# you can map the info comming back from IDP to user model
# defalut is {}
OIDC_FIELD_MAPPING = {
'field_in_my_user_model': 'field_in_in_oidc',
'first_name': 'given_name',
'last_name': 'family_name',
}
REST APIs
The REST API to the OIDC DRF is described below.
AUTH ENDPOINT
Request
GET /oidc/auth/
curl --location 'http://localhost:8000/oidc/auth'
Response
Status: 200 OK
{
"redirect_url": "http://127.0.0.1:8080/realms/mol/protocol/openid-connect/auth?response_type=code&client_id=mowaamah&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid+email&state=rhG5l83rwd81SytApbl7MzrTDBFRXqbo&nonce=Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA&code_challenge=OcDWjPAEzNI-mzrjSa2lKATcIH4oaXp7rpasc5CkRj0&code_challenge_method=S256",
"oidc_states": {
"nonce": "Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}
}
CALLBACK ENDPOINT
Request
POST /oidc/callback/
curl --location 'http://localhost:8000/oidc/callback/?state=alksdfjlka&session_state=alsdjflajsdk&code=alsdjflaksdflkjls' \
--header 'Content-Type: application/json' \
--data '{
"nonce": "Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}'
Response
Status: 200 OK
{
"access":"jwt access token",
"refresh":"jwt refresh token",
"oidc_id_token":"jwt id token",
}
REFRESH ENDPOINT
Request
POST /oidc/refresh/
curl --location 'http://localhost:8000/oidc/refresh/' \
--header 'Content-Type: application/json' \
--data '{
"refresh": "jwt refresh token",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}'
Response
Status: 200 OK
{
"access":"jwt access token",
"refresh":"jwt refresh token",
"oidc_id_token":"jwt id token",
}
LOGOUT ENDPOINT
Request
POST /oidc/logout/
curl --location 'http://localhost:8000/api/v1/oidc/logout' \
--data '{"oidc_id_token": "jwt id token"}'
Response
Status: 200 OK
{
"message": "Logout OIDC successful"
}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
oidc_drf-1.0.12.tar.gz
(13.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
oidc_drf-1.0.12-py3-none-any.whl
(13.9 kB
view details)
File details
Details for the file oidc_drf-1.0.12.tar.gz.
File metadata
- Download URL: oidc_drf-1.0.12.tar.gz
- Upload date:
- Size: 13.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d21da6002ed48c1672a664c05465912ae621091ca68bb5fe66c0e3254cc3bb42
|
|
| MD5 |
911d1e8fdb6680268a0d99927c67690b
|
|
| BLAKE2b-256 |
af722f04cddda2b836b2c62c7c278bd405e08722a2044f5285a40b31c466a254
|
File details
Details for the file oidc_drf-1.0.12-py3-none-any.whl.
File metadata
- Download URL: oidc_drf-1.0.12-py3-none-any.whl
- Upload date:
- Size: 13.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6da1a6d22bb66f9dbe113aed308b3a9f195009c8ad2bc75a4125074513c6e18d
|
|
| MD5 |
312ede26e937e4016fa11f95ec39252c
|
|
| BLAKE2b-256 |
b4afa06f713cbb7692db961dd92bac63412d1f6041efdf17b5fc6333b4937842
|
