Django module that utilizes the python-oauth2
library to handle OAuth and OpenID Connect (OIDC) authentication.
First, install the required dependency by running pip install oauth2
in your Django project’s virtual environment.
Next, create a new file called auth_provider.py
in your Django app directory with the following contents:
from django.shortcuts import redirect
from oauth2 import AuthorizationCodeGrant
class AuthProvider:
def __init__(self):
self.client_id = 'your-client-id' # Client ID registered with the identity provider
self.client_secret = 'your-client-secret' # Client secret registered with the identity provider
self.redirect_uri = 'http://localhost:8000/callback' # Callback URL after authentication
self.scopes = ['openid', 'profile', 'email'] # Requested scopes
def get_authorization_url(self):
oauth = AuthorizationCodeGrant(
client_id=self.client_id,
client_secret=self.client_secret,
authorization_uri='https://your-authorization-url.com', # Authorization endpoint URL
token_uri='https://your-token-url.com', # Token endpoint URL
redirect_uri=self.redirect_uri,
scopes=self.scopes
)
authorization_url = oauth.authorize_url()
return authorization_url
def authenticate(self, request):
oauth = AuthorizationCodeGrant(
client_id=self.client_id,
client_secret=self.client_secret,
authorization_uri='https://your-authorization-url.com', # Authorization endpoint URL
token_uri='https://your-token-url.com', # Token endpoint URL
redirect_uri=self.redirect_uri,
scopes=self.scopes
)
code = request.GET.get('code')
token = oauth.fetch_token(code)
resource_owner = oauth.get_resource_owner(token)
return {
'access_token': token.access_token,
'expires': token.expires_in,
'refresh_token': token.refresh_token,
'resource_owner': resource_owner
}
In your Django views or Django Rest Framework views, you can use this module to initiate the authentication flow and handle the callback.
Here’s an example of how you can use it in your Django views:
from django.shortcuts import render
from .auth_provider import AuthProvider
auth_provider = AuthProvider()
def login(request):
authorization_url = auth_provider.get_authorization_url()
return redirect(authorization_url)
def callback(request):
auth_data = auth_provider.authenticate(request)
# Access the authentication data
access_token = auth_data['access_token']
expires = auth_data['expires']
refresh_token = auth_data['refresh_token']
resource_owner = auth_data['resource_owner']
# Use the authentication data as needed
return render(request, 'callback.html', {
'access_token': access_token,
'expires': expires,
'refresh_token': refresh_token,
'resource_owner': resource_owner})
In this example, the login
view redirects the user to the authorization URL, and the callback
view handles the authentication callback by calling the authenticate
method from the AuthProvider
class. The authentication data is then rendered in the callback.html
template.
Make sure to replace 'your-client-id'
, 'your-client-secret'
, 'https://your-authorization-url.com'
, and 'https://your-token-url.com'
with the appropriate values for your specific identity provider and client.
Please note that this is a basic example, and in a real-world Django application, you would typically store the authentication data in the session, implement error handling, and customize the logic based on your specific requirements. Additionally, you may need to configure additional