This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.
Project description
djangorestframework-auth0
This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.
Installation
- Using
pipto install current release:
pip install rest_framework_auth0
- Using
pipto install development version:
pip install git+https://github.com/mcueto/djangorestframework-auth0/
Quick start
- Make sure
django.contrib.authin on INSTALLED_APPS setting, otherwise add it by your own:
INSTALLED_APPS = [ ... 'django.contrib.auth', ... ]
This will allow us to login as an specific user as well as auto-creating users when they don't exist
- Add
rest_framework_auth0to yourINSTALLED_APPSsetting:
INSTALLED_APPS = [ ..., 'rest_framework_auth0', ]
- Add
Auth0JSONWebTokenAuthenticationin your DEFAULT_AUTHENTICATION_CLASSES located at settings.py from your project:
REST_FRAMEWORK = { ..., 'DEFAULT_AUTHENTICATION_CLASSES': ( ..., 'rest_framework_auth0.authentication.Auth0JSONWebTokenAuthentication', ), }
- Add your
CLIENTS&MANAGEMENT_APIsettings in your settings.py file:
# Import cryptography libraries from cryptography.x509 import load_pem_x509_certificate from cryptography.hazmat.backends import default_backend # Read the your Auth0 client PEM certificate certificate_text = open('rsa_certificates/certificate.pem', 'rb').read() certificate = load_pem_x509_certificate(certificate_text, default_backend()) # Get your PEM certificate public_key certificate_publickey = certificate.public_key() # # # AUTH0 SETTINGS AUTH0 = { 'CLIENTS': { 'default': { 'AUTH0_CLIENT_ID': '<YOUR_AUTH0_CLIENT_ID>', 'AUTH0_AUDIENCE': '<YOUR_AUTH0_CLIENT_AUDIENCE>', 'AUTH0_ALGORITHM': 'RS256', # default used in Auth0 apps 'PUBLIC_KEY': certificate_publickey', } }, # Management API - For roles and permissions validation 'MANAGEMENT_API': { 'AUTH0_DOMAIN': '<YOUR_AUTH0_DOMAIN>', 'AUTH0_CLIENT_ID': '<YOUR_AUTH0_M2M_API_MANAGEMENT_CLIENT_ID>', 'AUTH0_CLIENT_SECRET': '<YOUR_AUTH0_M2M_API_MANAGEMENT_CLIENT_SECRET>' }, }
- Add the
AuthorizationHeader to all of your REST API request, prefixingBearerto your token(default in common REST clients & Postman):
Authorization: Bearer <AUTH0_GIVEN_TOKEN>
- That's it, now only your Auth0 users can request data to your DRF endpoints
NOTE: In order to get the token authentication, the 'django.contrib.auth' app models migrations must be applied(python manage.py migrate).
Use cases
Sample Project
A sample project can be found here
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size | File type | Python version | Upload date | Hashes |
|---|---|---|---|---|
| Filename, size rest_framework_auth0-0.6.4-py3-none-any.whl (13.9 kB) | File type Wheel | Python version py3 | Upload date | Hashes View |
| Filename, size rest-framework-auth0-0.6.4.tar.gz (12.1 kB) | File type Source | Python version None | Upload date | Hashes View |
Close
Hashes for rest_framework_auth0-0.6.4-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 89707208ffcd072f6f7c4331b23eb22336f67f90075d9f56f97dc1b6c00821c2 |
|
| MD5 | 069ed4525a3d896d13655315cbddd6dd |
|
| BLAKE2-256 | 708f6a0f0c1ff32e8190242d110cd683449a21d342c4ad25fc9425ed691f5409 |
Close
Hashes for rest-framework-auth0-0.6.4.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | de1af1e7950a7397a20906c4f85503b87aa7492fc012a84ec096b1885e5bf9af |
|
| MD5 | 6a00c7b58dcfcda63e8bb6b2b770eebf |
|
| BLAKE2-256 | 97021846d6e6909f9547e2b388ed6a5aa36c21fa7aab3f87c03104ff9c7f081d |