Skip to content

jpnavarro/mp-auth

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
mp_auth
mp_auth
 
 
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

Multiprovider Authentication

Multiprovider Authentication is an easy to setup authentication middleware with support for Django REST Framework and multiple OAuth2/OIDC Identity Providers that issue opaque or JWT access tokens, e.g. Auth0, Globus, etc.

Rationale

Many authentication middleware packages have been writted for Django REST Framework with support for OAuth2 opaque or JWT token. Most popular ones are listed with a short description on Django REST Framework - Authentication. But all of them that support opaque tokens require access to the Identity Provider database to verify the access tokens. Or they cannot be stack up with other authentication classes to authenticate a bearer token against multiple Identity Providers. The Multiprovider Authentication middleware fills up the gap. It supports all Identity Providers that issue JWT tokens and Globus that issues opaque access tokens. Support for other Identity Providers can easily be added by creating a new backend in mp_auth/backends. Each backend can be used separately as an Django REST Framework authentication class, or can be a part of list of authentication class that Django REST Framework will go through to authenticate an HTTP request. mp_auth.backend.mp.MultiproviderAuthentication is a special authentication class that calls all authentication classes configured in settings.py.

Setup

Install the Multiprovider Authentication middleware for Django REST Framework (Python 3 is required)

pip install mp-auth

and in settings.py set the following:

INSTALLED_APPS [
    ...
    'mp_auth',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'mp_auth.backends.mp.MultiproviderAuthentication',
    )
}

MULTIPROVIDER_AUTH = {
    "BearerTokens": {
        "globus": {
            "scope": [<scopes>],
            "aud": <audience>
        }
    },
    "JWT": {
        <issuer>": {
            "aud": <audience>
        }
    }
}

GLOBUS_CLIENT_ID = <OAuth2 client id>
GLOBUS_CLIENT_SECRET = <OAuth2 client secret>

Then any view can be protected by JWTAuthentication or GlobusAuthentication, or, if you want to authenticate an HTTP request against both JWTAuthentication or GlobusAuthentication, by MultiproviderAuthentication class.

from mp_auth.backends.mp import MultiproviderAuthentication

class MyAPIView(APIView):
    authentication_classes = (MultiproviderAuthentication,)
    renderer_classes = (JSONRenderer,)

    def get(self, request, format=None):
        user = request.user
        return Response({"username": user.username})

About

Multiprovider Authentication

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Python 100.0%