Skip to content

ericblau/mp-auth

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Multiprovider Authentication

Multiprovider Authentication is an easy to setup authentication middleware with support for Django REST Framework and multiple OAuth2/OIDC Identity Providers that issue opaque or JWT access tokens, e.g. Auth0, Globus, etc.

Rationale

Many authentication middleware packages have been writted for Django REST Framework with support for OAuth2 opaque or JWT token. Most popular ones are listed with a short description on Django REST Framework - Authentication. But all of them that support opaque tokens require access to the Identity Provider database to verify the access tokens. Or they cannot be stack up with other authentication classes to authenticate a bearer token against multiple Identity Providers. The Multiprovider Authentication middleware fills up the gap. It supports all Identity Providers that issue JWT tokens and Globus that issues opaque access tokens. Support for other Identity Providers can easily be added by creating a new backend in mp_auth/backends. Each backend can be used separately as an Django REST Framework authentication class, or can be a part of list of authentication class that Django REST Framework will go through to authenticate an HTTP request. mp_auth.backend.mp.MultiproviderAuthentication is a special authentication class that calls all authentication classes configured in settings.py.

Setup

Install the Multiprovider Authentication middleware for Django REST Framework (Python 3 is required)

pip install git+git://github.com/lukaszlacinski/mp_auth.git

and in settings.py set the following:

INSTALLED_APPS [
    ...
    'mp_auth',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'mp_auth.backends.mp.MultiproviderAuthentication',
    )
}

MULTIPROVIDER_AUTH = {
    "BearerTokens": {
        "globus": {
            "scope": [<scopes>],
            "aud": <audience>
        }
    },
    "JWT": {
        <issuer>": {
            "aud": <audience>
        }
    }
}

GLOBUS_CLIENT_ID = <OAuth2 client id>
GLOBUS_CLIENT_SECRET = <OAuth2 client secret>

Then any view can be protected by JWTAuthentication or GlobusAuthentication, or, if you want to authenticate an HTTP request against both JWTAuthentication or GlobusAuthentication, by MultiproviderAuthentication class.

from mp_auth.backends.mp import MultiproviderAuthentication

class MyAPIView(APIView):
    authentication_classes = (MultiproviderAuthentication,)
    renderer_classes = (JSONRenderer,)

    def get(self, request, format=None):
        user = request.user
        return Response({"username": user.username})

About

Multiprovider Authentication

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 100.0%