A database-backed configuration for mozilla-django-oidc
Project description
1 Welcome to mozilla_django_oidc_db’s documentation!
- Version:
0.2.0
- Source:
- Keywords:
OIDC, django, database, authentication
- PythonVersion:
3.7
Database-backed settings for mozilla-django-oidc, with modified unique identifiers
2 Features
Thin layer on top of mozilla-django-oidc
Allows configuration of OpenID Connect variables via django-solo
Overrides mozilla-django-oidc default behaviour, using the sub claim instead of the email claim as unique identifier for users
mozilla-django-oidc-db provides a database singleton for several configuration variables required for mozilla-django-oidc, moving them from deploy-time to run-time. This enables modification of the configuration, without having to restart the application.
Additionally, mozilla-django-oidc-db by default uses the sub (subject) claim instead of the email claim as the unique identifier for users in the RP (Relying Party) application. Using email as the unique identifier is not recommended, as mentioned in the OpenID Connect specification.
3 Installation
3.1 Requirements
Python 3.7 or above
setuptools 30.3.0 or above
Django 2.2 or newer
PostgreSQL
3.2 Install
pip install mozilla-django-oidc-dbThis will also install the following packages:
mozilla-django-oidc
django-solo
psycopg2
django-better-admin-arrayfield
3.3 Django settings
Make sure the following libraries are added to your INSTALLED_APPS:
INSTALLED_APPS = [
...
"django_better_admin_arrayfield",
"django_auth_adfs",
"django_auth_adfs_db",
"solo",
...
]Add mozilla_django_oidc_db.backends.OIDCAuthenticationBackend to the AUTHENTICATION_BACKENDS, this backend replaces mozilla_django_oidc.auth.OIDCAuthenticationBackend:
AUTHENTICATION_BACKENDS = [
...
"mozilla_django_oidc_db.backends.OIDCAuthenticationBackend",
...
]Ensure that LOGIN_REDIRECT_URL and LOGOUT_REDIRECT_URL are configured. For example:
LOGIN_REDIRECT_URL = reverse_lazy("admin:index")
LOGOUT_REDIRECT_URL = reverse_lazy("admin:index")To enable validation of ID tokens by renewing them, add mozilla_django_oidc_db.middleware.SessionRefresh to the middleware, this middleware replaces mozilla_django_oidc.middleware.SessionRefresh:
MIDDLEWARE = [
# middleware involving session and authentication must come first
...
"mozilla_django_oidc_db.middleware.SessionRefresh",
...
]Furthermore, ensure the following settings are configured:
OIDC_AUTHENTICATE_CLASS = "mozilla_django_oidc_db.views.OIDCAuthenticationRequestView"
MOZILLA_DJANGO_OIDC_DB_CACHE = "oidc"
MOZILLA_DJANGO_OIDC_DB_CACHE_TIMEOUT = 1MOZILLA_DJANGO_OIDC_DB_CACHE is used to cache the configuration that is stored in the database, to prevent a lot of database lookups. Ensure this cache is configured in CACHES (using the backend of choice):
CACHES = {
"default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"},
...
"oidc": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"},
}Add the urlpatterns:
urlpatterns = [
...
path("oidc/", include("mozilla_django_oidc.urls")),
...
]Add the login link to your templates:
{% get_solo 'mozilla_django_oidc_db.OpenIDConnectConfig' as oidc_config %}
{% if oidc_config.enabled %}
<div class="submit-row">
<a href="{% url 'oidc_authentication_init' %}">{% trans "Login with OIDC" %}</a>
</div>
{% endif %}4 Usage
Now OpenID Connect can be enabled/disabled via the admin (disabled by default) and the following settings for OpenID Connect can be configured in the admin:
oidc_rp_client_id
oidc_rp_client_secret
oidc_rp_sign_algo
oidc_rp_scopes_list
oidc_op_jwks_endpoint
oidc_op_authorization_endpoint
oidc_op_token_endpoint
oidc_op_user_endpoint
oidc_rp_idp_sign_key
In case no value is provided for one of these variables, the default from mozilla-django-oidc will be used (if there is one). A detailed description of all settings can be found in the mozilla-django-oidc settings documentation
For more detailed documentation, refer to the mozilla-django-oidc documentation. In this documentation the origin of the admin configurable settings is also explained.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file mozilla-django-oidc-db-0.2.0.tar.gz.
File metadata
- Download URL: mozilla-django-oidc-db-0.2.0.tar.gz
- Upload date:
- Size: 12.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.6.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.2 CPython/3.8.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9f925aa103bde2d310639951a47b500d22819d65f27799c66876b5b0c23ba7b7 |
|
| MD5 | 452f95ddf5f2bd5d4d2af111d4830f60 |
|
| BLAKE2b-256 | 1493d742d227eef5a432ea0c457b546173621bbc33946b26c494d7d72bfb7522 |
File details
Details for the file mozilla_django_oidc_db-0.2.0-py3-none-any.whl.
File metadata
- Download URL: mozilla_django_oidc_db-0.2.0-py3-none-any.whl
- Upload date:
- Size: 14.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.6.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.2 CPython/3.8.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4cecfda6fd9d2b48049041ae1db8500fdbfc1f5c0b09055e8b8ac0ad93b94dc0 |
|
| MD5 | a934b1c630b41a6935601688b686bac4 |
|
| BLAKE2b-256 | b951c3d15bc064820d064528c7a9a87b3e3ce45c86074d11058b45d2a3808404 |
