No project description provided
Project description
django-cognito-saml
Library to implement django authentication using cognito (via pyjwt).
Assumptions made:
- Using
authorization codeflow. Implicit grant is insecure as the access token is transferred over in the request parameters without encryption.
Settings
| Setting | Description |
|---|---|
| COGNITO_ENDPOINT | Either the hosted domain or custom domain for your cognito app |
| COGNITO_CLIENT_ID | CLIENT_ID of your application in your user pool |
| COGNITO_CLIENT_SECRET | CLIENT_SECRET of your application in your user pool |
| COGNITO_JWKS_URI | The JWKS URI of your user pool. Used to verify the JWT. |
| COGNITO_REDIRECT_URI | OPTIONAL It is possible to share one cognito app with multiple websites via a proxy. |
| COGNITO_RESPONSE_HOOK | OPTIONAL Post authentication hook to modify the response (perhaps to add headers). Specify it as a django import_string. |
Installation
- Add the above settings to your settings.
COGNITO_ENDPOINT = "..."
COGNITO_CLIENT_ID = "..."
COGNITO_CLIENT_SECRET = "..."
COGNITO_JWKS_URI = "..."
COGNITO_REDIRECT_URI = "..."
COGNITO_RESPONSE_HOOK = ""
- Define your authentication backend. Subclass off
django_cognito_saml.backends.CognitoUserBackend. A custom backend is where you add users to groups and / or do something custom. Setcreate_unknown_user = Falseif we want only pre-created users to be used.
class CustomCognitoBackend(CognitoUserBackend):
# Change this to False if you do not want to create a remote user.
create_unknown_user = True
def authenticate( # type: ignore[override]
self, request: HttpRequest, cognito_jwt: dict[str, Any], **kwargs: Any
) -> Optional[AbstractBaseUser]:
remote_user = cognito_jwt["email"]
user = super().authenticate(request, remote_user=remote_user, **kwargs)
# Lets add the user to the group
groups = cognito_jwt["custom:groups"]
add_user_to_groups(user, group)
return user
def configure_user( # type: ignore[override]
self, request: HttpRequest, user: AbstractBaseUser
) -> AbstractBaseUser:
"""
Configure a user after creation and return the updated user.
By default, return the user unmodified.
"""
return user
- Add
CustomCognitoBackendto your authentication backends. Alternatively; If you wish to modify the authentication logic (ie: Adding permissions)<>
AUTHENTICATION_BACKENDS = (
...
"apps.backends.CustomCognitoBackend",
...
)
- Add the cognito saml urls to your
urls.py
urls = [
...
path("/", include("django_cognito_saml.urls")),
]
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_cognito_saml-0.1.0.tar.gz.
File metadata
- Download URL: django_cognito_saml-0.1.0.tar.gz
- Upload date:
- Size: 7.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.0 CPython/3.11.0 Darwin/21.3.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b48a505918db3d31411c7350a6c574f91fd2e3813ee5523e105b53445e9cd4bb |
|
| MD5 | 10219f47b15601e1b398d37d67f11b35 |
|
| BLAKE2b-256 | 2a32791d619b1b927f898bd379d7b759bfc69872046b727674338384c873b975 |
File details
Details for the file django_cognito_saml-0.1.0-py3-none-any.whl.
File metadata
- Download URL: django_cognito_saml-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.0 CPython/3.11.0 Darwin/21.3.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ffb89b4c71cf2ecc9740e9a5ce9f66f329aa66921a00038bcc93bb3c6ba1cec5 |
|
| MD5 | 7c4f4e345360a8bbf70868d566c647f9 |
|
| BLAKE2b-256 | 69b0d75bd604fa2129aeda3d4fbe5521ee53e8737ce52594ca0b0260899b12ea |
