No project description provided
Project description
django-cognito-saml
Library to implement django authentication using cognito (via pyjwt).
Assumptions made:
- Using
authorization codeflow. Implicit grant is insecure as the access token is transferred over in the request parameters without encryption.
Settings
| Setting | Description |
|---|---|
| COGNITO_ENDPOINT | Either the hosted domain or custom domain for your cognito app |
| COGNITO_CLIENT_ID | CLIENT_ID of your application in your user pool |
| COGNITO_CLIENT_SECRET | CLIENT_SECRET of your application in your user pool |
| COGNITO_JWKS_URI | The JWKS URI of your user pool. Used to verify the JWT. |
| COGNITO_REDIRECT_URI | OPTIONAL It is possible to share one cognito app with multiple websites via a proxy. |
| COGNITO_RESPONSE_HOOK | OPTIONAL Post authentication hook to modify the response (perhaps to add headers). Specify it as a django import_string. |
Installation
- Add the above settings to your settings.
COGNITO_ENDPOINT = "..."
COGNITO_CLIENT_ID = "..."
COGNITO_CLIENT_SECRET = "..."
COGNITO_JWKS_URI = "..."
COGNITO_REDIRECT_URI = "..."
COGNITO_RESPONSE_HOOK = ""
- Define your authentication backend. Subclass off
django_cognito_saml.backends.CognitoUserBackend. A custom backend is where you add users to groups and / or do something custom. Setcreate_unknown_user = Falseif we want only pre-created users to be used.
class CustomCognitoBackend(CognitoUserBackend):
# Change this to False if you do not want to create a remote user.
create_unknown_user = True
def authenticate( # type: ignore[override]
self, request: HttpRequest, cognito_jwt: dict[str, Any], **kwargs: Any
) -> Optional[AbstractBaseUser]:
# Customizing the username field used to create the user
remote_user = cognito_jwt["username"]
user = super().authenticate(request, remote_user=remote_user, **kwargs)
return user
def configure_user( # type: ignore[override]
self, request: HttpRequest, user: AbstractBaseUser, created: bool = True
) -> AbstractBaseUser:
# Configuring the user post login
if created:
user.name = self.cognito_jwt["name"]
user.save()
return user
- Add
CustomCognitoBackendto your authentication backends. Alternatively; If you wish to modify the authentication logic (ie: Adding permissions)<>
AUTHENTICATION_BACKENDS = (
...
"apps.backends.CustomCognitoBackend",
...
)
- Add the cognito saml urls to your
urls.py
urls = [
...
path("/", include("django_cognito_saml.urls")),
]
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_cognito_saml-0.1.1.tar.gz.
File metadata
- Download URL: django_cognito_saml-0.1.1.tar.gz
- Upload date:
- Size: 7.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.0 CPython/3.9.16 Linux/5.15.0-1034-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 14a2a75185f5d5d5baf2deba9747361600bcb87940b34be1b2f127c512d2d598 |
|
| MD5 | efad13e0b27aef18a79691325c83f30a |
|
| BLAKE2b-256 | 67648e3389eb964f097b96846c1f79cc606341d467ceaa18889fe261c34fad1f |
File details
Details for the file django_cognito_saml-0.1.1-py3-none-any.whl.
File metadata
- Download URL: django_cognito_saml-0.1.1-py3-none-any.whl
- Upload date:
- Size: 9.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.0 CPython/3.9.16 Linux/5.15.0-1034-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9fc03bcdf71e01f1da3473e8db1aac768fe9928f8280f8308c3f5a25113bc2b0 |
|
| MD5 | ae473f3421acc30f45fdb98e3e20dc07 |
|
| BLAKE2b-256 | 095bb7bd2e21c9876d6939d2ba10b2d938a8ea6468cc47f582871610e200b8f9 |
