This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.
Project description
djangorestframework-auth0
This library let you to authenticate an specific user on DRF based on the JWT Token returned by Auth0 Javascript libraries.
Installation
- Using
pip
to install current release:
pip install rest_framework_auth0
- Using
pip
to install development version:
pip install git+https://github.com/mcueto/djangorestframework-auth0/
Quick start
- Make sure
django.contrib.auth
in on INSTALLED_APPS setting, otherwise add it by your own:
INSTALLED_APPS = [
...
'django.contrib.auth',
...
]
This will allow us to login as an specific user as well as auto-creating users when they don't exist
- Add
rest_framework_auth0
to yourINSTALLED_APPS
setting:
INSTALLED_APPS = [
...,
'rest_framework_auth0',
]
- Add
Auth0JSONWebTokenAuthentication
in your DEFAULT_AUTHENTICATION_CLASSES located at settings.py from your project:
REST_FRAMEWORK = {
...,
'DEFAULT_AUTHENTICATION_CLASSES': (
...,
'rest_framework_auth0.authentication.Auth0JSONWebTokenAuthentication',
),
}
- Add your
CLIENTS
&MANAGEMENT_API
settings in your settings.py file:
# Import cryptography libraries
from cryptography.x509 import load_pem_x509_certificate
from cryptography.hazmat.backends import default_backend
# Read the your Auth0 client PEM certificate
certificate_text = open('rsa_certificates/certificate.pem', 'rb').read()
certificate = load_pem_x509_certificate(certificate_text, default_backend())
# Get your PEM certificate public_key
certificate_publickey = certificate.public_key()
#
#
# AUTH0 SETTINGS
AUTH0 = {
'CLIENTS': {
'default': {
'AUTH0_CLIENT_ID': '<YOUR_AUTH0_CLIENT_ID>',
'AUTH0_AUDIENCE': '<YOUR_AUTH0_CLIENT_AUDIENCE>',
'AUTH0_ALGORITHM': 'RS256', # default used in Auth0 apps
'PUBLIC_KEY': certificate_publickey',
}
},
# Management API - For roles and permissions validation
'MANAGEMENT_API': {
'AUTH0_DOMAIN': '<YOUR_AUTH0_DOMAIN>',
'AUTH0_CLIENT_ID': '<YOUR_AUTH0_M2M_API_MANAGEMENT_CLIENT_ID>',
'AUTH0_CLIENT_SECRET': '<YOUR_AUTH0_M2M_API_MANAGEMENT_CLIENT_SECRET>'
},
}
- Add the
Authorization
Header to all of your REST API request, prefixingBearer
to your token(default in common REST clients & Postman):
Authorization: Bearer <AUTH0_GIVEN_TOKEN>
- That's it, now only your Auth0 users can request data to your DRF endpoints
NOTE: In order to get the token authentication, the 'django.contrib.auth' app models migrations must be applied(python manage.py migrate).
Use cases
Sample Project
A sample project can be found here
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
rest-framework-auth0-0.6.3.tar.gz
(12.1 kB
view hashes)
Built Distribution
Close
Hashes for rest-framework-auth0-0.6.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 502d891e11a623b508a61dfe56a1464e6d026fcb30f78fceb444f7f260bcab40 |
|
MD5 | cdeb7aa65d49291de11992b0c1ed6d54 |
|
BLAKE2b-256 | 3e66f974f2c3a2d6d91d17fc26167aff9aeda29f5affcf7da55374505bf17917 |
Close
Hashes for rest_framework_auth0-0.6.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8da7df947af1c569eaada2edd39cef95e71da05906db829657264986eca12873 |
|
MD5 | 6cd82386164a20f9b3cfcf9ddb03d1ec |
|
BLAKE2b-256 | a31ff709296c8845939e205e8b8822286d32757d63cabc3d063625c9441e8b25 |