Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How set USE_JWT=True when SPA and USE_JWT=False when web access? #271

Closed
giuseppenovielli opened this issue Mar 21, 2024 · 2 comments
Closed

How set USE_JWT=True when SPA and USE_JWT=False when web access? #271

giuseppenovielli opened this issue Mar 21, 2024 · 2 comments

Comments

@giuseppenovielli
Copy link

giuseppenovielli commented Mar 21, 2024
edited

Hi @mostafa,
thanks for support this library!

When i use SPA i want to generate token, but when i use web i want to navigate to the web home page.

In summary i want to switch ON if i login with Single Page Application (need Token redirect), switch OFF when i login from web (need login into django).

How can i do that?
Thanks!

django-saml2-auth/django_saml2_auth/views.py

Lines 133 to 166 in 11b97be

use_jwt = dictor(saml2_auth_settings, "USE_JWT", False)
if use_jwt and target_user.is_active:
# Create a new JWT token for IdP-initiated login (acs)
jwt_token = create_custom_or_default_jwt(target_user)
custom_token_query_trigger = dictor(saml2_auth_settings, "TRIGGER.CUSTOM_TOKEN_QUERY")
if custom_token_query_trigger:
query = run_hook(custom_token_query_trigger, jwt_token)
else:
query = f"?token={jwt_token}"
# Use JWT auth to send token to frontend
frontend_url = dictor(saml2_auth_settings, "FRONTEND_URL", next_url)
return HttpResponseRedirect(frontend_url + query)
if target_user.is_active:
# Try to load from the `AUTHENTICATION_BACKENDS` setting in settings.py
if hasattr(settings, "AUTHENTICATION_BACKENDS") and settings.AUTHENTICATION_BACKENDS:
model_backend = settings.AUTHENTICATION_BACKENDS[0]
else:
model_backend = "django.contrib.auth.backends.ModelBackend"
login(request, target_user, model_backend)
after_login_trigger = dictor(saml2_auth_settings, "TRIGGER.AFTER_LOGIN")
if after_login_trigger:
run_hook(after_login_trigger, request.session, user) # type: ignore
else:
raise SAMLAuthError("The target user is inactive.", extra={
"exc_type": Exception,
"error_code": INACTIVE_USER,
"reason": "User is inactive.",
"status_code": 500
})

@mostafa
Copy link
Member

mostafa commented Mar 21, 2024
edited

Hey @giuseppenovielli,

AFAIK, django settings are static, so there seems to be no way around it. You can't mix these two: SPA with Django login, or let the user switch this on and off via a parameter. I was going to suggest changing this in the TRIGGER.BEFORE_LOGIN hook function, but a copy of the settings.SAML2_AUTH is always received by dictor while setting the use_jwt variable, hence changing it inside that hook has no effect.

@giuseppenovielli
Copy link
Author

giuseppenovielli commented Mar 26, 2024
edited

Hi @mostafa,
thanks for your response.

I found a workaround:

1)Set USE_JWT = False into settings

2)into root url_patters set

urlpatterns = [

#WEB
path(r"acs/", django_saml2_auth.views.acs, name="acs"),
path(r"login/", django_saml2_auth.views.signin, name="login"),

#SPA
path(r"acs-token/", users.views_grafana_saml2.acs, name="acs-token"),
path(r"login-token/", users.views_grafana_saml2.signin, name="login-token"),
]

3)Into users.views_grafana_saml2 copy django_saml2_auth.views.acs and django_saml2_auth.views.signin methods.
4)Into users.views_grafana_saml2.acs FORCE TO USE JWT TOKEN, ALWAYS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mostafa @giuseppenovielli