# Makina Django OIDC
<p align="center">
<a href="https://django-pyoidc.readthedocs.io">
<img src="https://readthedocs.org/projects/django-pyoidc/badge/?version=main" />
</a>
</p>
This library allow *Single Sign On* (SSO) integration into Django through the [Open ID Connect (OIDC)]() protocol.
It can be used to setup a Single Sign On using an identity provider (Keycloak, etc.) or to login using Google, Twitter, etc.
**Warning** : this library has not been audited. However, we are based on [pyoidc](https://github.com/CZ-NIC/pyoidc/) which we believe is a sane OIDC implementation.
## Features
- Easy configuration through premade [`Provider`](https://django-pyoidc.readthedocs.io/en/latest/user.html#providers) classes.
- Multiple provider support
- Easy integration with the [Django permission system](https://django-pyoidc.readthedocs.io/en/latest/how-to.html#use-the-django-permission-system-with-oidc)
- Highly customizable design that should suit most needs
- Back-channel Logout
- Sane and secure defaults settings
## Roadmap
- `Bearer` authentication support for `django-rest-framework` integration
- Frontchannel logout
## Acknowledgement
This library is built on the work of many others. First all, thanks to all the maintainers of [pyoidc](https://github.com/CZ-NIC/pyoidc/) as they did all the spec implementation. This library is mostly about glue between Django and *pyoidc*.
We were also heavily inspired by :
* [`mozilla-django-oidc`](https://github.com/mozilla/mozilla-django-oidc) for it's login redirection URI management
* [`django-auth-oidc`](https://gitlab.com/aiakos/django-auth-oidc) for it's hook system
If you want to understand why we decided to implement our own library, this is documented [here](https://django-pyoidc.readthedocs.io/en/latest/explanation.html#other-oidc-libraries).
## Documentation
The documentation is graciously hosted at [readthedocs](https://django-pyoidc.readthedocs.io).
## Installation
First, install the python package :
```bash
pip install makina-django-doic
```
Then add the library app to your django applications, after `django.contrib.sessions` and `django.contrib.auth` :
```python
INSTALLED_APPS = [
"django.contrib.auth",
"django.contrib.sessions",
...
"django-pyoidc"
]
```
Don't forget to add the session middleware ! Add in your `settings.py` :
```python
MIDDLEWARE = [
"django.contrib.sessions.middleware.SessionMiddleware",
]
```
Now is time to run a migrate operation, as we create a database table ([read why here](https://django-pyoidc.readthedocs.io/en/latest/explanation.html#cache-management)). Run in your project dir :
```
./manage.py migrate
```
We also need a cache ([read why here](https://django-pyoidc.readthedocs.io/en/latest/explanation.html#cache-management)), so let's configure a dumb one for development purposes. Add in your `settings.py` :
```python
CACHES = {
"default": {
"BACKEND": "django.core.cache.backends.locmem.LocMemCache",
"LOCATION": "unique-snowflake",
}
}
```
Now you can pick an identity provider from the [available providers](https://django-pyoidc.readthedocs.io/en/latest/user.html#providers). Providers class are a quick way to generate the library configuration and URLs for a givenv identity provider. You can also use [manual set] if you wish.
Create a file named `oidc.py` next to your settings file and initialize your provider there :
```python
from django_pyoidc.providers.keycloak import KeycloakProvider
my_oidc_provider = KeycloakProvider(
op_name="keycloak",
client_secret="s3cret",
client_id="my_client_id",
keycloak_base_uri="http://keycloak.local:8080/auth/", # we use the auth/ path prefix option on Keycloak
keycloak_realm="Demo",
logout_redirect="http://app.local:8082/",
failure_redirect="http://app.local:8082/",
success_redirect="http://app.local:8082/",
redirect_requires_https=False,
)
```
You can then add to your django configuration the following line :
```python
from .oidc_providers import my_oidc_provider
DJANGO_PYOIDC = {
**my_oidc_provider.get_config(allowed_hosts=["app.local:8082"]),
}
```
Finally, add OIDC views to your url configuration (`urls.py`):
```python
from .oidc_providers import my_oidc_provider
urlpatterns = [
path("auth", include(my_oidc_provider.get_urlpatterns())),
]
```
And you are ready to go !
If you struggle with those instructions, take a look at [the quickstart tutorial](https://django-pyoidc.readthedocs.io/en/latest/tutorial.html#getting-started).
## Usage/Examples
We wrote an extensive collection of 'how-to' guides in the [documentation](https://django-pyoidc.readthedocs.io/en/latest/how-to.html).
## Appendix
- [Development instructions](./DEVELOPMENT.md)
## Commercial support
This project is sponsored by Makina Corpus. If you require assistance on your project(s), please contact us: contact@makina-corpus.com
## Report a security vulnerability
## License
[GPL](./LICENSE)
## Authors
- [@gbip](https://www.github.com/gbip)
- [@regilero](https://github.com/regilero)
Raw data
{
"_id": null,
"home_page": null,
"name": "django-pyoidc",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "openid, oidc, django, sso, single-sign-on, openid-connect",
"author": null,
"author_email": "\"R\u00e9gis Leroy (Makina Corpus)\" <django_pyoidc@makina-corpus.net>, \"Paul Florence (Makina Corpus)\" <django_pyoidc@makina-corpus.net>",
"download_url": "https://files.pythonhosted.org/packages/d8/af/43cd9d03671909188e8c3d2bfe85af7b2d962009b6168f9bbf332ec85c6c/django_pyoidc-0.0.13.tar.gz",
"platform": null,
"description": "# Makina Django OIDC\n\n\n<p align=\"center\">\n<a href=\"https://django-pyoidc.readthedocs.io\">\n <img src=\"https://readthedocs.org/projects/django-pyoidc/badge/?version=main\" />\n</a>\n</p>\n\nThis library allow *Single Sign On* (SSO) integration into Django through the [Open ID Connect (OIDC)]() protocol.\n\nIt can be used to setup a Single Sign On using an identity provider (Keycloak, etc.) or to login using Google, Twitter, etc.\n\n**Warning** : this library has not been audited. However, we are based on [pyoidc](https://github.com/CZ-NIC/pyoidc/) which we believe is a sane OIDC implementation.\n\n## Features\n\n- Easy configuration through premade [`Provider`](https://django-pyoidc.readthedocs.io/en/latest/user.html#providers) classes.\n- Multiple provider support\n- Easy integration with the [Django permission system](https://django-pyoidc.readthedocs.io/en/latest/how-to.html#use-the-django-permission-system-with-oidc)\n- Highly customizable design that should suit most needs\n- Back-channel Logout\n- Sane and secure defaults settings\n\n## Roadmap\n\n- `Bearer` authentication support for `django-rest-framework` integration\n- Frontchannel logout\n\n## Acknowledgement\n\nThis library is built on the work of many others. First all, thanks to all the maintainers of [pyoidc](https://github.com/CZ-NIC/pyoidc/) as they did all the spec implementation. This library is mostly about glue between Django and *pyoidc*.\n\nWe were also heavily inspired by :\n\n* [`mozilla-django-oidc`](https://github.com/mozilla/mozilla-django-oidc) for it's login redirection URI management\n* [`django-auth-oidc`](https://gitlab.com/aiakos/django-auth-oidc) for it's hook system\n\nIf you want to understand why we decided to implement our own library, this is documented [here](https://django-pyoidc.readthedocs.io/en/latest/explanation.html#other-oidc-libraries).\n\n## Documentation\n\nThe documentation is graciously hosted at [readthedocs](https://django-pyoidc.readthedocs.io).\n\n## Installation\n\nFirst, install the python package :\n\n```bash\npip install makina-django-doic\n```\n\nThen add the library app to your django applications, after `django.contrib.sessions` and `django.contrib.auth` :\n\n```python\nINSTALLED_APPS = [\n \"django.contrib.auth\",\n \"django.contrib.sessions\",\n ...\n \"django-pyoidc\"\n]\n```\n\nDon't forget to add the session middleware ! Add in your `settings.py` :\n\n```python\nMIDDLEWARE = [\n \"django.contrib.sessions.middleware.SessionMiddleware\",\n]\n```\n\nNow is time to run a migrate operation, as we create a database table ([read why here](https://django-pyoidc.readthedocs.io/en/latest/explanation.html#cache-management)). Run in your project dir :\n\n```\n./manage.py migrate\n```\n\nWe also need a cache ([read why here](https://django-pyoidc.readthedocs.io/en/latest/explanation.html#cache-management)), so let's configure a dumb one for development purposes. Add in your `settings.py` :\n\n```python\nCACHES = {\n \"default\": {\n \"BACKEND\": \"django.core.cache.backends.locmem.LocMemCache\",\n \"LOCATION\": \"unique-snowflake\",\n }\n}\n```\n\nNow you can pick an identity provider from the [available providers](https://django-pyoidc.readthedocs.io/en/latest/user.html#providers). Providers class are a quick way to generate the library configuration and URLs for a givenv identity provider. You can also use [manual set] if you wish.\n\nCreate a file named `oidc.py` next to your settings file and initialize your provider there :\n\n```python\nfrom django_pyoidc.providers.keycloak import KeycloakProvider\n\nmy_oidc_provider = KeycloakProvider(\n op_name=\"keycloak\",\n client_secret=\"s3cret\",\n client_id=\"my_client_id\",\n keycloak_base_uri=\"http://keycloak.local:8080/auth/\", # we use the auth/ path prefix option on Keycloak\n keycloak_realm=\"Demo\",\n logout_redirect=\"http://app.local:8082/\",\n failure_redirect=\"http://app.local:8082/\",\n success_redirect=\"http://app.local:8082/\",\n redirect_requires_https=False,\n)\n```\n\nYou can then add to your django configuration the following line :\n\n```python\nfrom .oidc_providers import my_oidc_provider\n\nDJANGO_PYOIDC = {\n **my_oidc_provider.get_config(allowed_hosts=[\"app.local:8082\"]),\n}\n```\n\nFinally, add OIDC views to your url configuration (`urls.py`):\n\n```python\nfrom .oidc_providers import my_oidc_provider\n\nurlpatterns = [\n path(\"auth\", include(my_oidc_provider.get_urlpatterns())),\n]\n```\n\nAnd you are ready to go !\n\nIf you struggle with those instructions, take a look at [the quickstart tutorial](https://django-pyoidc.readthedocs.io/en/latest/tutorial.html#getting-started).\n\n## Usage/Examples\n\nWe wrote an extensive collection of 'how-to' guides in the [documentation](https://django-pyoidc.readthedocs.io/en/latest/how-to.html).\n\n## Appendix\n\n- [Development instructions](./DEVELOPMENT.md)\n\n## Commercial support\n\nThis project is sponsored by Makina Corpus. If you require assistance on your project(s), please contact us: contact@makina-corpus.com\n\n## Report a security vulnerability\n\n## License\n\n[GPL](./LICENSE)\n\n\n## Authors\n\n- [@gbip](https://www.github.com/gbip)\n- [@regilero](https://github.com/regilero)\n\n",
"bugtrack_url": null,
"license": null,
"summary": "Authenticate your users using OpenID Connect (OIDC)",
"version": "0.0.13",
"project_urls": {
"repository": "https://gitlab.makina-corpus.net/pfl/django-pyoidc"
},
"split_keywords": [
"openid",
" oidc",
" django",
" sso",
" single-sign-on",
" openid-connect"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "95cddb5f384cf38a156d36d87b8eda22494479f761cdc91901775d5828d50674",
"md5": "5abde99385e3149857440aa466f9fb28",
"sha256": "69be4561c68597a485b994aaeca1e8384baeac1ce0d7f154cd7f73e5534a244b"
},
"downloads": -1,
"filename": "django_pyoidc-0.0.13-py3-none-any.whl",
"has_sig": false,
"md5_digest": "5abde99385e3149857440aa466f9fb28",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 35264,
"upload_time": "2024-06-26T14:28:39",
"upload_time_iso_8601": "2024-06-26T14:28:39.741276Z",
"url": "https://files.pythonhosted.org/packages/95/cd/db5f384cf38a156d36d87b8eda22494479f761cdc91901775d5828d50674/django_pyoidc-0.0.13-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "d8af43cd9d03671909188e8c3d2bfe85af7b2d962009b6168f9bbf332ec85c6c",
"md5": "2a583b14444f93e0b908bd8963010d2a",
"sha256": "b9c342210ace0ff4fdc74d0434c7bf98ae0ff1c53d5cd3e03bbd256e7546706e"
},
"downloads": -1,
"filename": "django_pyoidc-0.0.13.tar.gz",
"has_sig": false,
"md5_digest": "2a583b14444f93e0b908bd8963010d2a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 30916,
"upload_time": "2024-06-26T14:28:41",
"upload_time_iso_8601": "2024-06-26T14:28:41.356059Z",
"url": "https://files.pythonhosted.org/packages/d8/af/43cd9d03671909188e8c3d2bfe85af7b2d962009b6168f9bbf332ec85c6c/django_pyoidc-0.0.13.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-26 14:28:41",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "django-pyoidc"
}
JSON