Django Auth0 authentication backend Backend implemented against Auth0 Regular Python application
Please use official tutorial and libraries from Auth0 https://auth0.com/docs/quickstart/webapp/django/01-login
- Install django-auth0
$ pip install django-auth0
- Add
django_auth0
toINSTALLED_APPS
- Add
django_auth0.auth_backend.Auth0Backend
toAUTHENTICATION_BACKENDS
AUTHENTICATION_BACKENDS = [
"django_auth0.auth_backend.Auth0Backend",
"django.contrib.auth.backends.ModelBackend"
]
- Add
django_auth0.context_processors.auth0
toCONTEXT_PROCESSORS
so necessary template context will be provided - Include callback urls
urlpatterns = [
...
url(r'^auth/', include('django_auth0.urls')),
)
Update AUTH0_CALLBACK_URL
in settings.py
to the following if want to use default authentication handler
- Add Auth0 client side JavaScript and initialize it
<script src="https://cdn.auth0.com/js/lock-X.Y.min.js"></script>
<script>
var lock = new Auth0Lock('{{ AUTH0_CLIENT_ID }}', '{{ AUTH0_DOMAIN }}');
lock.show({
icon: 'ICON_URL',
container: 'CONTAINER_ELEMENT',
callbackURL: 'YOUR_FULL_CALLBACK_URL',
responseType: 'code',
authParams: {
scope: 'openid profile'
}
});
</script>
Options:
AUTH0_CLIENT_ID
- Auth0 client app id,AUTH0_SECRET
- Auth0 app secret,AUTH0_DOMAIN
- Auth0 subdomainYOU_APP.auth0.com
.AUTH0_CALLBACK_URL
- Auth0 callback url is full url to your callback view likehttps://YOUR_DOMAIN/CALLBACK
AUTH0_SUCCESS_URL
- Url to redirect once you login successfully
Overriding callback view Default callback view looks like this so you can always write your own and set AUTH0_CALLBACK_URL
to your custom view it should be url name.
def process_login(request):
"""
Default handler to login user
:param request: HttpRequest
"""
code = request.GET.get('code', '')
json_header = {'content-type': 'application/json'}
token_url = 'https://%s/oauth/token' % settings.AUTH0_DOMAIN
token_payload = {
'client_id': settings.AUTH0_CLIENT_ID,
'client_secret': settings.AUTH0_SECRET,
'redirect_uri': reverse(settings.AUTH0_CALLBACK_URL),
'code': code,
'grant_type': 'authorization_code'
}
token_info = requests.post(token_url,
data=json.dumps(token_payload),
headers=json_header).json()
url = 'https://%s/userinfo?access_token=%s'
user_url = url % (settings.AUTH0_DOMAIN, token_info['access_token'])
user_info = requests.get(user_url).json()
# We're saving all user information into the session
request.session['profile'] = user_info
user = authenticate(**user_info)
if user:
login(request, user)
return redirect(settings.AUTH0_SUCCESS_URL)
return HttpResponse(status=400)
Sample application is at https://github.com/imanhodjaev/auth0-sample
- Improve tests,
- Add Auth0 user profile model,
- Add support for settings from Auth0,
- Move string literals to configuration file
Does the code actually work?
source <YOURVIRTUALENV>/bin/activate
(myenv) $ pip install -r requirements-test.txt
(myenv) $ python runtests.py
Tools used in rendering this package: