Django DRF OIDC Auth library: Securely authenticate users using OIDC in Django DRF. Supports Code Flow and Code Flow With PKCE. Easy integration with React Js or any front-end framework.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for halmogbl from gravatar.com halmogbl

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

Overview

Django DRF OIDC Auth library Securely authenticate users using OIDC in Django DRF. It Supports Code Flow and Code Flow With PKCE. Easy integration with React Js or any front-end framework.

Installation

Install using pip...

pip install oidc_drf

Add 'oidc_drf' to your INSTALLED_APPS setting.

INSTALLED_APPS = [
    ...
    'oidc_drf',
]

Configure the following settings in your Django project's settings module:

OIDC_RP_CLIENT_ID = '' # required
OIDC_RP_CLIENT_SECRET = '' # optional if public client 
OIDC_OP_JWKS_ENDPOINT = None # defalut None
OIDC_OP_AUTHORIZATION_ENDPOINT = ''# required
OIDC_OP_TOKEN_ENDPOINT = ''# required
OIDC_OP_USER_ENDPOINT = '' # required
OIDC_OP_LOGOUT_ENDPOINT ='' # required

OIDC_AUTHENTICATION_SSO_CALLBACK_URL = '' # required - identity provider will redirect you to this url after login
OIDC_LOGOUT_REDIRECT_URL = '' # required - identity provider will redirect you to this url after logout

# Django Rest Framework settings
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'oidc_drf.drf.OIDCAuthentication',  # This is important to be the first one 
    ],
}

# Authentication backends
AUTHENTICATION_BACKENDS = [
    'oidc_drf.backends.OIDCAuthenticationBackend',
]

Next, edit your urls.py and add the following:

from django.urls import path, include

urlpatterns = [
    # ...
    path('oidc/', include('oidc_drf.urls')),
    # ...
]

finnaly run the migrations commands

python3 manage.py makemigrations
python3 manage.py migrate

That's it, we're done!

EXTRA SETTINGS

those settings are optional and populated with default values.

OIDC_USE_NONCE = True # defalut true
OIDC_USE_PKCE = True # defalut true

OIDC_USERNAME_CLAIM = 'preferred_username' # defalut 'preferred_username'
OIDC_RP_SIGN_ALGO = 'RS256' # defalut RS256
OIDC_RP_SCOPES = 'openid email' # defalut openid email
OIDC_RP_IDP_SIGN_KEY = None # defalut None
OIDC_VERIFY_SSL = True # defalut True
OIDC_TIMEOUT = None # defalut None
OIDC_PROXY = None # defalut None
OIDC_USERNAME_ALGO = None # defalut None
OIDC_USE_ENCODED_USERNAME = None # defalut None
OIDC_CREATE_USER = True # defalut True, Enables or disables automatic user creation during authentication
OIDC_VERIFY_KID = True # defalut True 
OIDC_ALLOW_UNSECURED_JWT = False # defalut False
returning unsecured JWT tokens and RP wants to accept them.
OIDC_TOKEN_USE_BASIC_AUTH = False # defalut False

# you can map the info comming back from the IDP to user model
# defalut is {}
OIDC_FIELD_MAPPING = {
    'field_in_my_user_model': 'field_in_in_oidc',
    'first_name': 'given_name',
    'last_name': 'family_name',
}

Django Admin

To view the info or fields comming back from the IDP in order to do proper mapping for OIDC_FIELD_MAPPING, all the data saved under the user model as oidc extra data.

Below: Screenshot from the django admin

Screenshot2 Screenshot3

REST APIs

The REST API to the OIDC DRF is described below.

AUTH ENDPOINT

Request

GET /oidc/auth/

curl --location 'http://localhost:8000/oidc/auth'

Response

Status: 200 OK
{
    "redirect_url": "http://127.0.0.1:8080/realms/mol/protocol/openid-connect/auth?response_type=code&client_id=mowaamah&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid+email&state=rhG5l83rwd81SytApbl7MzrTDBFRXqbo&nonce=Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA&code_challenge=OcDWjPAEzNI-mzrjSa2lKATcIH4oaXp7rpasc5CkRj0&code_challenge_method=S256",
    "oidc_states": {
        "nonce": "Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA",
        "code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
    }
}

CALLBACK ENDPOINT

Request

POST /oidc/callback/

curl --location 'http://localhost:8000/oidc/callback/?state=alksdfjlka&session_state=alsdjflajsdk&code=alsdjflaksdflkjls' \
--header 'Content-Type: application/json' \
--data '{
        "nonce": "Pgsq3IlSLumPca81YjXc8ut03Oz7bPHA",
        "code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
}'

Response

Status: 200 OK
{
   "access":"jwt access token",
   "refresh":"jwt refresh token",
   "oidc_id_token":"jwt id token",
}

REFRESH ENDPOINT

Request

POST /oidc/refresh/

curl --location 'http://localhost:8000/oidc/refresh/' \
--header 'Content-Type: application/json' \
--data '{
    "refresh": "jwt refresh token",
    "code_verifier": "cNa9FYCujvVibPnosk1Fk3wvPPisaTjE8Ns83X0UcGsNlEfIUc3j49hFftYPEGAb"
    }'

Response

Status: 200 OK
{
   "access":"jwt access token",
   "refresh":"jwt refresh token",
   "oidc_id_token":"jwt id token",
}

LOGOUT ENDPOINT

Request

POST /oidc/logout/

curl --location 'http://localhost:8000/api/v1/oidc/logout' \
--data '{"oidc_id_token": "jwt id token"}'

Response

Status: 200 OK
{
    "message": "Logout OIDC successful"
}

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for halmogbl from gravatar.com halmogbl

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.33

1.2.32

1.2.31

1.2.30

1.2.29

1.2.28

1.2.27

1.2.26

1.2.25

1.2.24

1.2.23

1.2.22

1.2.21

1.2.20

1.2.19

1.2.18

1.2.17

1.2.16

1.2.15

1.2.14

1.2.13

1.2.12

1.2.11

1.2.10

1.2.9

1.2.8

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

This version

1.2.0

1.0.14

1.0.13

1.0.12

1.0.11

1.0.10

1.0.9

1.0.8

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

oidc_drf-1.2.0.tar.gz (14.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

oidc_drf-1.2.0-py3-none-any.whl (14.1 kB view details)

Uploaded Python 3

File details

Details for the file oidc_drf-1.2.0.tar.gz.

File metadata

  • Download URL: oidc_drf-1.2.0.tar.gz
  • Upload date:
  • Size: 14.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for oidc_drf-1.2.0.tar.gz
Algorithm Hash digest
SHA256 c3e6fd34e2390365dcdd18c25442cc3361fa6c4734e7c2eb4c21e1040a1769da
MD5 5321c2e574979558168fb6e4c50b6844
BLAKE2b-256 778447c54977a58c49db670453d3b88d5ac9110064ad4ed9b3be17eb05f6fc34

See more details on using hashes here.

File details

Details for the file oidc_drf-1.2.0-py3-none-any.whl.

File metadata

  • Download URL: oidc_drf-1.2.0-py3-none-any.whl
  • Upload date:
  • Size: 14.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for oidc_drf-1.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 af8da5015f91c6b293d0661b89e0b11e9729e801714df6122e529e1c37787fc2
MD5 c238b1acc7aafc79d0858a24fe60b540
BLAKE2b-256 a070738673e7f4f772cbb18520dde5a7c38e9531081ee4d5950c930ea4ba7955

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page