Skip to main content

This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.

Project description

djangorestframework-auth0


This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.

Logo

Installation

  1. Using pip to install current release:
pip install rest_framework_auth0
  1. Using pip to install development version:
pip install git+https://github.com/mcueto/djangorestframework-auth0/

Quick start

  1. Make sure django.contrib.auth in on INSTALLED_APPS setting, otherwise add it by your own:
INSTALLED_APPS = [
    ...
    'django.contrib.auth',
    ...
]

This will allow us to login as an specific user as well as auto-creating users when they don't exist

  1. Add rest_framework_auth0 to your INSTALLED_APPS setting:
INSTALLED_APPS = [
    ...,
    'rest_framework_auth0',
]
  1. Add Auth0JSONWebTokenAuthentication in your DEFAULT_AUTHENTICATION_CLASSES located at settings.py from your project:
REST_FRAMEWORK = {
    ...,
    'DEFAULT_AUTHENTICATION_CLASSES': (
        ...,
        'rest_framework_auth0.authentication.Auth0JSONWebTokenAuthentication',
    ),
}
  1. Add your CLIENTS & MANAGEMENT_API settings in your settings.py file:
# Import cryptography libraries
from cryptography.x509 import load_pem_x509_certificate
from cryptography.hazmat.backends import default_backend
# Read the your Auth0 client PEM certificate
certificate_text = open('rsa_certificates/certificate.pem', 'rb').read()
certificate = load_pem_x509_certificate(certificate_text, default_backend())
# Get your PEM certificate public_key
certificate_publickey = certificate.public_key()
#
#
# AUTH0 SETTINGS
AUTH0 = {
  'CLIENTS': {
      'default': {
          'AUTH0_CLIENT_ID': '<YOUR_AUTH0_CLIENT_ID>',
          'AUTH0_AUDIENCE': '<YOUR_AUTH0_CLIENT_AUDIENCE>',
          'AUTH0_ALGORITHM': 'RS256',  # default used in Auth0 apps
          'PUBLIC_KEY': certificate_publickey',
      }
  },
  # Management API - For roles and permissions validation
  'MANAGEMENT_API': {
      'AUTH0_DOMAIN': '<YOUR_AUTH0_DOMAIN>',
      'AUTH0_CLIENT_ID': '<YOUR_AUTH0_M2M_API_MANAGEMENT_CLIENT_ID>',
      'AUTH0_CLIENT_SECRET': '<YOUR_AUTH0_M2M_API_MANAGEMENT_CLIENT_SECRET>'
  },
}
  1. Add the Authorization Header to all of your REST API request, prefixing Bearer to your token(default in common REST clients & Postman):
Authorization: Bearer <AUTH0_GIVEN_TOKEN>
  1. That's it, now only your Auth0 users can request data to your DRF endpoints
NOTE: In order to get the token authentication, the 'django.contrib.auth' app models migrations must be applied(python manage.py migrate).

Use cases

Sample Project

A sample project can be found here

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rest-framework-auth0-0.6.4.tar.gz (12.1 kB view details)

Uploaded Source

Built Distribution

rest_framework_auth0-0.6.4-py3-none-any.whl (13.9 kB view details)

Uploaded Python 3

File details

Details for the file rest-framework-auth0-0.6.4.tar.gz.

File metadata

  • Download URL: rest-framework-auth0-0.6.4.tar.gz
  • Upload date:
  • Size: 12.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.0.10 CPython/3.7.5 Linux/5.3.0-7648-generic

File hashes

Hashes for rest-framework-auth0-0.6.4.tar.gz
Algorithm Hash digest
SHA256 de1af1e7950a7397a20906c4f85503b87aa7492fc012a84ec096b1885e5bf9af
MD5 6a00c7b58dcfcda63e8bb6b2b770eebf
BLAKE2b-256 97021846d6e6909f9547e2b388ed6a5aa36c21fa7aab3f87c03104ff9c7f081d

See more details on using hashes here.

File details

Details for the file rest_framework_auth0-0.6.4-py3-none-any.whl.

File metadata

  • Download URL: rest_framework_auth0-0.6.4-py3-none-any.whl
  • Upload date:
  • Size: 13.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.0.10 CPython/3.7.5 Linux/5.3.0-7648-generic

File hashes

Hashes for rest_framework_auth0-0.6.4-py3-none-any.whl
Algorithm Hash digest
SHA256 89707208ffcd072f6f7c4331b23eb22336f67f90075d9f56f97dc1b6c00821c2
MD5 069ed4525a3d896d13655315cbddd6dd
BLAKE2b-256 708f6a0f0c1ff32e8190242d110cd683449a21d342c4ad25fc9425ed691f5409

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page