Django Rest Framework Library to use Auth0 authentication
Project description
djangorestframework-auth0
This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.
Installation
- Using
pip
install the library cloning the repository with following command:
pip install rest_framework_auth0
Quick start
- Make sure "django.contrib.auth in on INSTALLED_APPS setting, otherwise add it by your own:
INSTALLED_APPS = [ ... 'django.contrib.auth', ... ]
This will allow us to login as an specific user as well as auto-creating users when they don't exist
- Add "rest_framework_auth0" to your INSTALLED_APPS after
rest_framework_jwt
setting like this:
INSTALLED_APPS = [ ..., 'rest_framework_jwt', 'rest_framework_auth0', ]
- Add
Auth0JSONWebTokenAuthentication
in your DEFAULT_AUTHENTICATION_CLASSES located at settings.py from your project:
REST_FRAMEWORK = { ..., 'DEFAULT_AUTHENTICATION_CLASSES': ( ..., 'rest_framework_auth0.authentication.Auth0JSONWebTokenAuthentication', ), }
- Add your AUTH0_CLIENT_SECRET and AUTH0_CLIENT_ID in your settings.py file -must be the same secret and id than the frontend App-:
AUTH0 = { 'CLIENTS': { 'default': { 'AUTH0_CLIENT_ID': '<YOUR_AUTH0_CLIENT_ID>', #make sure it's the same string that aud attribute in your payload provides 'AUTH0_CLIENT_SECRET': '<YOUR_AUTH0_CLIENT_SECRET>', 'CLIENT_SECRET_BASE64_ENCODED': True, # default to True, if you're Auth0 user since December, maybe you should set it to False 'AUTH0_ALGORITHM': 'HS256', } }, 'JWT_AUTH_HEADER_PREFIX': 'JWT', # default prefix used by djangorestframework_jwt 'AUTHORIZATION_EXTENSION': False, # default to False 'USERNAME_FIELD': 'sub', # default username field in auth0 token scope to use as token user }
- Add the
Authorization
Header to all of your REST API request, prefixing JWT to your token:
Authorization: JWT <AUTH0_GIVEN_TOKEN>
-
Use the decorator
@token_required
in all views you want to protect (not_ready_yet) -
That's it
NOTE: In order to get the token authentication, the 'django.contrib.auth' app models migrations must be applied(python manage.py migrate).
Multiple Clients - Multiples App - One API
If you wanna to use multiple Auth0 App and/or Clients -for example if you're creating an open API, you can add as much as you want in the AUTH0.CLIENTS settings parameter
AUTH0 = { 'CLIENTS': { 'default': { 'AUTH0_CLIENT_ID': '<YOUR_AUTH0_CLIENT_ID>', #make sure it's the same string that aud attribute in your payload provides 'AUTH0_CLIENT_SECRET': '<YOUR_AUTH0_CLIENT_SECRET>', 'CLIENT_SECRET_BASE64_ENCODED': True, # default to True, if you're Auth0 user since December, maybe you should set it to False 'AUTH0_ALGORITHM': 'HS256', } 'web': { 'AUTH0_CLIENT_ID': '<YOUR_AUTH0_CLIENT_ID>', #make sure it's the same string that aud attribute in your payload provides 'AUTH0_CLIENT_SECRET': '<YOUR_AUTH0_CLIENT_SECRET>', 'CLIENT_SECRET_BASE64_ENCODED': True, # default to True, if you're Auth0 user since December, maybe you should set it to False 'AUTH0_ALGORITHM': 'HS256', } 'mobile': { 'AUTH0_CLIENT_ID': '<YOUR_AUTH0_CLIENT_ID>', #make sure it's the same string that aud attribute in your payload provides 'AUTH0_CLIENT_SECRET': '<YOUR_AUTH0_CLIENT_SECRET>', 'CLIENT_SECRET_BASE64_ENCODED': True, # default to True, if you're Auth0 user since December, maybe you should set it to False 'AUTH0_ALGORITHM': 'HS256', } }, ... }
In order to select one of them when the authentication is needed -a POST request, for example- you need to add a header called Client-Code -by default, but you can customize it-. The names of the clients are case sensitive.
Migrations
RS256 Support
If you wanna use RS256, please follow the Sample Project
Sample Project
A sample project can be found here
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Filename, size | File type | Python version | Upload date | Hashes |
---|---|---|---|---|
Filename, size rest_framework_auth0-0.5.3-py3-none-any.whl (11.9 kB) | File type Wheel | Python version py3 | Upload date | Hashes View |
Filename, size rest_framework_auth0-0.5.3.tar.gz (40.0 kB) | File type Source | Python version None | Upload date | Hashes View |
Hashes for rest_framework_auth0-0.5.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4285450973f8fb0795687cf449b788da35df8a14d8b3621d90e709f73a4cd0a5 |
|
MD5 | 5ea57a4030e76ed1150e1056a6362b5c |
|
BLAKE2-256 | e192eb98bdb4b75acf4257bc7691f668f2b792fb09205903d51445f85686281d |
Hashes for rest_framework_auth0-0.5.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 90f63b52c65edda8315bc022ae2e56bfbb3ddd4e835ce55f765b26fd3bbc80f0 |
|
MD5 | 11c40fec36c25dc92dfa5b0b3d034fb8 |
|
BLAKE2-256 | fe448ccc0adf1b6c8f116358814b948c45a12d9971f7feef2242672b31cd6f82 |