How to create a OAuth and OpenID Connect (OIDC) Authentication in Django

By / Tutorials, Tutorials

Django module that utilizes the python-oauth2 library to handle OAuth and OpenID Connect (OIDC) authentication.

First, install the required dependency by running pip install oauth2 in your Django project’s virtual environment.

Next, create a new file called auth_provider.py in your Django app directory with the following contents:

				
					from django.shortcuts import redirect
from oauth2 import AuthorizationCodeGrant

class AuthProvider:
    def __init__(self):
        self.client_id = 'your-client-id'  # Client ID registered with the identity provider
        self.client_secret = 'your-client-secret'  # Client secret registered with the identity provider
        self.redirect_uri = 'http://localhost:8000/callback'  # Callback URL after authentication
        self.scopes = ['openid', 'profile', 'email']  # Requested scopes

    def get_authorization_url(self):
        oauth = AuthorizationCodeGrant(
            client_id=self.client_id,
            client_secret=self.client_secret,
            authorization_uri='https://your-authorization-url.com',  # Authorization endpoint URL
            token_uri='https://your-token-url.com',  # Token endpoint URL
            redirect_uri=self.redirect_uri,
            scopes=self.scopes
        )

        authorization_url = oauth.authorize_url()
        return authorization_url

    def authenticate(self, request):
        oauth = AuthorizationCodeGrant(
            client_id=self.client_id,
            client_secret=self.client_secret,
            authorization_uri='https://your-authorization-url.com',  # Authorization endpoint URL
            token_uri='https://your-token-url.com',  # Token endpoint URL
            redirect_uri=self.redirect_uri,
            scopes=self.scopes
        )

        code = request.GET.get('code')
        token = oauth.fetch_token(code)
        resource_owner = oauth.get_resource_owner(token)

        return {
            'access_token': token.access_token,
            'expires': token.expires_in,
            'refresh_token': token.refresh_token,
            'resource_owner': resource_owner
        }

In your Django views or Django Rest Framework views, you can use this module to initiate the authentication flow and handle the callback.

Here’s an example of how you can use it in your Django views:

				
					from django.shortcuts import render
from .auth_provider import AuthProvider

auth_provider = AuthProvider()

def login(request):
    authorization_url = auth_provider.get_authorization_url()
    return redirect(authorization_url)

def callback(request):
    auth_data = auth_provider.authenticate(request)

    # Access the authentication data
    access_token = auth_data['access_token']
    expires = auth_data['expires']
    refresh_token = auth_data['refresh_token']
    resource_owner = auth_data['resource_owner']

    # Use the authentication data as needed
    return render(request, 'callback.html', {
    'access_token': access_token,
    'expires': expires,
    'refresh_token': refresh_token,
    'resource_owner': resource_owner})

In this example, the login view redirects the user to the authorization URL, and the callback view handles the authentication callback by calling the authenticate method from the AuthProvider class. The authentication data is then rendered in the callback.html template.

Make sure to replace 'your-client-id', 'your-client-secret', 'https://your-authorization-url.com', and 'https://your-token-url.com' with the appropriate values for your specific identity provider and client.

Please note that this is a basic example, and in a real-world Django application, you would typically store the authentication data in the session, implement error handling, and customize the logic based on your specific requirements. Additionally, you may need to configure additional