Django DRF OIDC Auth library: Securely authenticate users using OIDC in Django DRF. Supports Code Flow and Code Flow With PKCE. Easy integration with React Js or any front-end framework.
Project description
Installation
Install using pip...
pip install oidc_drf
Add 'oidc_drf' to your INSTALLED_APPS setting.
INSTALLED_APPS = [
...
'oidc_drf',
]
Configure the following settings in your Django project's settings module:
OIDC_RP_CLIENT_ID = '' # required
OIDC_RP_CLIENT_SECRET = '' # optional if public client
OIDC_OP_JWKS_ENDPOINT = None # defalut None
OIDC_OP_AUTHORIZATION_ENDPOINT = ''# required
OIDC_OP_TOKEN_ENDPOINT = ''# required
OIDC_OP_USER_ENDPOINT = '' # required
OIDC_OP_LOGOUT_ENDPOINT ='' # required
OIDC_AUTHENTICATION_SSO_CALLBACK_URL = '' # required - identity provider will redirect you to this url after login
OIDC_LOGOUT_REDIRECT_URL = '' # required - identity provider will redirect you to this url after logout
# Django Rest Framework settings
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'oidc_drf.drf.OIDCAuthentication', # This is important to be the first one
],
}
# Authentication backends
AUTHENTICATION_BACKENDS = [
'oidc_drf.backends.OIDCAuthenticationBackend',
]
Next, edit your urls.py and add the following:
from django.urls import path, include
urlpatterns = [
# ...
path('oidc/', include('oidc_drf.urls')),
# ...
]
finnaly run the migrations commands
python3 manage.py makemigrations
python3 manage.py migrate
That's it, we're done!
EXTRA SETTINGS
those settings are optional and populated with default values.
OIDC_USE_NONCE = True # defalut true
OIDC_USE_PKCE = True # defalut true
OIDC_USERNAME_CLAIM = 'preferred_username' # defalut 'preferred_username'
OIDC_RP_SIGN_ALGO = 'RS256' # defalut RS256
OIDC_RP_SCOPES = 'openid email' # defalut openid email
OIDC_RP_IDP_SIGN_KEY = None # defalut None
OIDC_VERIFY_SSL = True # defalut True
OIDC_TIMEOUT = None # defalut None
OIDC_PROXY = None # defalut None
OIDC_USERNAME_ALGO = None # defalut None
OIDC_USE_ENCODED_USERNAME = None # defalut None
OIDC_CREATE_USER = True # defalut True, Enables or disables automatic user creation during authentication
OIDC_VERIFY_KID = True # defalut True
OIDC_ALLOW_UNSECURED_JWT = False # defalut False
returning unsecured JWT tokens and RP wants to accept them.
OIDC_TOKEN_USE_BASIC_AUTH = False # defalut False
# you can map the info comming back fsrom IDP to user model
# defalut is {}
OIDC_FIELD_MAPPING = {
'field_in_my_user_model': 'field_in_in_oidc',
'first_name': 'given_name',
'last_name': 'family_name',
}
REST APIs
The REST API to the OIDC DRF is described below.
AUTH ENDPOINT
Request
GET /oidc/auth/
curl --location 'http://localhost:8000/oidc/auth'
Response
Status: 200 OK
{
"redirect_url": "http://127.0.0.1:8080/realms/mol/protocol/openid-connect/auth?response_type=code&client_id=mowaamah&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid+email&state=rhG5l83rwd81SytApbl7MzrTDBFRXqbo&nonce=Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA&code_challenge=OcDWjPAEzNI-mzrjSa2lKATcIH4oaXp7rpasc5CkRj0&code_challenge_method=S256",
"oidc_states": {
"nonce": "Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}
}
CALLBACK ENDPOINT
Request
POST /oidc/callback/
curl --location 'http://localhost:8000/oidc/callback/?state=alksdfjlka&session_state=alsdjflajsdk&code=alsdjflaksdflkjls' \
--header 'Content-Type: application/json' \
--data '{
"nonce": "Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}'
Response
Status: 200 OK
{
"access":"jwt access token",
"refresh":"jwt refresh token",
"oidc_id_token":"jwt id token",
}
REFRESH ENDPOINT
Request
POST /oidc/refresh/
curl --location 'http://localhost:8000/oidc/refresh/' \
--header 'Content-Type: application/json' \
--data '{
"refresh": "jwt refresh token",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}'
Response
Status: 200 OK
{
"access":"jwt access token",
"refresh":"jwt refresh token",
"oidc_id_token":"jwt id token",
}
LOGOUT ENDPOINT
Request
POST /oidc/logout/
curl --location 'http://localhost:8000/api/v1/oidc/logout' \
--data '{"oidc_id_token": "jwt id token"}'
Response
Status: 200 OK
{
"message": "Logout OIDC successful"
}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
oidc_drf-1.0.13.tar.gz
(13.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
oidc_drf-1.0.13-py3-none-any.whl
(14.0 kB
view details)
File details
Details for the file oidc_drf-1.0.13.tar.gz.
File metadata
- Download URL: oidc_drf-1.0.13.tar.gz
- Upload date:
- Size: 13.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5ec99e31d8713a7b1f5b1edaacf84b1f8566e9f6e7237e495d9794a93c9b5fb7
|
|
| MD5 |
b522c4687f40b06cab3ab7f69291ee7e
|
|
| BLAKE2b-256 |
851ae8d066515bb849e667d8a34f8b9e0b32cba87a9d806e90b8bfb5d72de0d0
|
File details
Details for the file oidc_drf-1.0.13-py3-none-any.whl.
File metadata
- Download URL: oidc_drf-1.0.13-py3-none-any.whl
- Upload date:
- Size: 14.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
150290dafd17c6e9b47e29f054892381ad8689bec0697be33634bdcbbebd0a1a
|
|
| MD5 |
25c2d85b76528e136033d9c218c09d37
|
|
| BLAKE2b-256 |
2d5f7cd62aa641beedd2d11808a8162b0ef796eb38ffc7a1b213e89b4d5beb0d
|
