No project description provided
Project description
django-cognito-saml
Library to implement django authentication using cognito (via pyjwt).
Assumptions made:
- Using
authorization codeflow. Implicit grant is insecure as the access token is transferred over in the request parameters without encryption.
Settings
The following settings should be set in your settings file against a COGNITO_CONFIG dictionary.
| Setting | Description |
|---|---|
| ENDPOINT | Either the hosted domain or custom domain for your cognito app |
| CLIENT_ID | CLIENT_ID of your application in your user pool |
| CLIENT_SECRET | CLIENT_SECRET of your application in your user pool |
| JWKS_URI | The JWKS URI of your user pool. Used to verify the JWT. |
| REDIRECT_URI | OPTIONAL It is possible to share one cognito app with multiple websites via a proxy. |
| RESPONSE_HOOK | OPTIONAL Post authentication hook to modify the response (perhaps to add headers). Specify it as a django import_string. |
| REQUIRED_GROUPS | OPTIONAL Specify when using SuperUserBackend to restrict the ability to login to saml users with custom:groups containing all `REQUIRED_GROUPS. |
Installation
- Add the above settings to your settings.
COGNITO_CONFIG = {
"ENDPOINT": "",
"CLIENT_ID": "",
"CLIENT_SECRET": "",
"JWKS_URI": "",
"REDIRECT_URI": "",
"RESPONSE_HOOK": ""
"REQUIRED_GROUPS": []
}
-
Define your authentication backend. Subclass off
django_cognito_saml.backends.CognitoUserBackend.Define the
usernamefield of your user by customizing theauthenticatemethod. If you wish to add additional fields to the user or modify the user's permissions, override theconfigure_usermethod. Theconfigure_usermethod has access toself.cognito_jwtwhich contains the decoded jwt token with the cognito saml assertions.Set
create_unknown_user = Falseif you want to disable automatic creation of users.
class CustomCognitoBackend(CognitoUserBackend):
# Change this to False if you do not want to create a remote user.
create_unknown_user = True
def authenticate( # type: ignore[override]
self, request: HttpRequest, cognito_jwt: dict[str, Any], **kwargs: Any
) -> Optional[AbstractBaseUser]:
# Customizing the username field used to create the user
remote_user = cognito_jwt["username"]
user = super().authenticate(request, remote_user=remote_user, **kwargs)
return user
def configure_user( # type: ignore[override]
self, request: HttpRequest, user: AbstractBaseUser, created: bool = True
) -> AbstractBaseUser:
# Configuring the user post login
if created:
user.name = self.cognito_jwt["name"]
user.save()
return user
- Add
SuperUserBackendto your authentication backends.
AUTHENTICATION_BACKENDS = (
...
"django_cognito_saml.backends.SuperUserBackend",
...
)
- Add the cognito saml urls to your
urls.py
urls = [
...
path("/", include("django_cognito_saml.urls")),
]
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_cognito_saml-0.1.3.tar.gz.
File metadata
- Download URL: django_cognito_saml-0.1.3.tar.gz
- Upload date:
- Size: 8.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.0 CPython/3.9.16 Linux/5.15.0-1034-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a420926cebfae343675e837aee5c8d783551af4a03be734d80e3b64f0e88df8c |
|
| MD5 | b8f48cfb82902a37beed341a8aa9868e |
|
| BLAKE2b-256 | c4cd2ba944fb7a093f4f0302a2fc524239fa611f02c03d3364e92b44bfe69560 |
File details
Details for the file django_cognito_saml-0.1.3-py3-none-any.whl.
File metadata
- Download URL: django_cognito_saml-0.1.3-py3-none-any.whl
- Upload date:
- Size: 11.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.0 CPython/3.9.16 Linux/5.15.0-1034-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | acd2cb7bd21bf707c12343aa9600b0f4103086cc8dfeb2067d47a9ec29ab4188 |
|
| MD5 | 83430e37ecb8c432b264547eede326a5 |
|
| BLAKE2b-256 | 0dc3d6144c7f0f5d83a07f083d667ff42474e6e1d54570d60caee0bc50b85269 |
