Django DRF OIDC Auth library: Securely authenticate users using OIDC in Django DRF. Supports Code Flow and Code Flow With PKCE. Easy integration with React Js or any front-end framework.
Project description
Installation
Install using pip...
pip install oidc_drf
Add 'oidc_drf' to your INSTALLED_APPS setting.
INSTALLED_APPS = [
...
'oidc_drf',
]
Configure the following settings in your Django project's settings module:
OIDC_RP_CLIENT_ID = '' # required
OIDC_RP_CLIENT_SECRET = '' # optional if public client
OIDC_OP_JWKS_ENDPOINT = None # defalut None
OIDC_OP_AUTHORIZATION_ENDPOINT = ''# required
OIDC_OP_TOKEN_ENDPOINT = ''# required
OIDC_OP_USER_ENDPOINT = '' # required
OIDC_OP_LOGOUT_ENDPOINT ='' # required
OIDC_AUTHENTICATION_SSO_CALLBACK_URL = '' # required - identity provider will redirect you to this url after login
OIDC_LOGOUT_REDIRECT_URL = '' # required - identity provider will redirect you to this url after logout
# Django Rest Framework settings
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'oidc_drf.drf.OIDCAuthentication', # This is important to be the first one
],
}
# Authentication backends
AUTHENTICATION_BACKENDS = [
'oidc_drf.backends.OIDCAuthenticationBackend',
]
Next, edit your urls.py and add the following:
from django.urls import path, include
urlpatterns = [
# ...
path('oidc/', include('oidc_drf.urls')),
# ...
]
finnaly run the migrations commands
python3 manage.py makemigrations
python3 manage.py migrate
That's it, we're done!
EXTRA SETTINGS
those settings are optional and populated with default values.
OIDC_USE_NONCE = True # defalut true
OIDC_USE_PKCE = True # defalut true
OIDC_USERNAME_CLAIM = 'preferred_username' # defalut 'preferred_username'
OIDC_RP_SIGN_ALGO = 'RS256' # defalut RS256
OIDC_RP_SCOPES = 'openid email' # defalut openid email
OIDC_RP_IDP_SIGN_KEY = None # defalut None
OIDC_VERIFY_SSL = True # defalut True
OIDC_TIMEOUT = None # defalut None
OIDC_PROXY = None # defalut None
OIDC_USERNAME_ALGO = None # defalut None
OIDC_USE_ENCODED_USERNAME = None # defalut None
OIDC_CREATE_USER = True # defalut True
OIDC_VERIFY_KID = True # defalut True
OIDC_ALLOW_UNSECURED_JWT = False # defalut False
OIDC_TOKEN_USE_BASIC_AUTH = False # defalut False
# you can map the info comming back from IDP to user model
# defalut is {}
OIDC_FIELD_MAPPING = {
'field_in_my_user_model': 'field_in_in_oidc',
'first_name': 'given_name',
'last_name': 'family_name',
}
REST APIs
The REST API to the OIDC DRF is described below.
AUTH ENDPOINT
Request
GET /oidc/auth/
curl --location 'http://localhost:8000/oidc/auth'
Response
Status: 200 OK
{
"redirect_url": "http://127.0.0.1:8080/realms/mol/protocol/openid-connect/auth?response_type=code&client_id=mowaamah&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid+email&state=rhG5l83rwd81SytApbl7MzrTDBFRXqbo&nonce=Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA&code_challenge=OcDWjPAEzNI-mzrjSa2lKATcIH4oaXp7rpasc5CkRj0&code_challenge_method=S256",
"oidc_states": {
"nonce": "Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}
}
CALLBACK ENDPOINT
Request
POST /oidc/callback/
curl --location 'http://localhost:8000/oidc/callback/?state=alksdfjlka&session_state=alsdjflajsdk&code=alsdjflaksdflkjls' \
--header 'Content-Type: application/json' \
--data '{
"nonce": "Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}'
Response
Status: 200 OK
{
"access":"jwt access token",
"refresh":"jwt refresh token",
"oidc_id_token":"jwt id token",
}
REFRESH ENDPOINT
Request
POST /oidc/refresh/
curl --location 'http://localhost:8000/oidc/refresh/' \
--header 'Content-Type: application/json' \
--data '{
"refresh": "jwt refresh token",
"code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}'
Response
Status: 200 OK
{
"access":"jwt access token",
"refresh":"jwt refresh token",
"oidc_id_token":"jwt id token",
}
LOGOUT ENDPOINT
Request
POST /oidc/logout/
curl --location 'http://localhost:8000/api/v1/oidc/logout' \
--data '{"oidc_id_token": "jwt id token"}'
Response
Status: 200 OK
{
"message": "Logout OIDC successful"
}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
oidc_drf-1.0.9.tar.gz
(13.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
oidc_drf-1.0.9-py3-none-any.whl
(13.8 kB
view details)
File details
Details for the file oidc_drf-1.0.9.tar.gz.
File metadata
- Download URL: oidc_drf-1.0.9.tar.gz
- Upload date:
- Size: 13.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
80d4fe0b8095832bc32420974ef449e3678689479e828ef524ee660ec8025458
|
|
| MD5 |
d12d414379f00f9e7fc25ba63a986fd0
|
|
| BLAKE2b-256 |
2b7c5162af84a2e25144c175ceb604a8b632d77bcf5be0cf0ea4b1c7cb8b4e6e
|
File details
Details for the file oidc_drf-1.0.9-py3-none-any.whl.
File metadata
- Download URL: oidc_drf-1.0.9-py3-none-any.whl
- Upload date:
- Size: 13.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c3ff17c8c2a9e7e78d246fd783fab9120015ce795d94ab173e92e4ccc812a22b
|
|
| MD5 |
5a22664cb07716501185fd7773d51b40
|
|
| BLAKE2b-256 |
7c6c5f7e8575b097a74ec13f3e03337efabc7f6514658d840dd3dde84d1eab9a
|
