simple_openid_connect.integrations.django¶
Django integration for simple_openid_connect.
Architecture¶
Integrating a new authentication mechanism into django involves a few missing parts. Here’s a quick overview over the most important classes involved:
┌──────────────────────────────────┐ ┌──────────────────────────────────┐ ┌───────────────────┐
│ @access_token_required decorator │ │ DRF AccessTokenAuthentication │ │ LoginCallbackView │
└────────────────┬─────────────────┘ └─────────────────┬────────────────┘ └─────────┬─────────┘
│ │ │
└───────────────────┬───────────────────┘ │
↓ │
┌──────────────────────┴─────────────────────┐ │
│ UserMapper.handle_federated_access_token() │ │
└──────────────────────┬─────────────────────┘ │
│ │
└──────────────────────────┬───────────────────────┘
↓
┌────────────────────┴───────────────────┐
│ UserMapper.handle_federated_userinfo() │
└────────────────────┬───────────────────┘
↓
┌────────────────┴────────────────┐
│ UserMapper.automap_user_attrs() │
└─────────────────────────────────┘
InitLoginView&LoginCallbackVieware the backing views behind…/login/and…/login-callback/. They implement authentication initiation with an OIDC provider and then handle the response to it in the callback.UserMappercreates a local user account based on OIDC data and keeps it up to date. It is called every time a user authenticates, which is the case during interactive authentication as well as when a user passes an access token to e.g. an API route.
Modules
Django AppConfig for this app |
|
View-function decorators |
|
simple_openid_connect database models |
|
Django settings for simple_openid_connect project so that migrations can properly be generated |
|
simple_openid_connect URL Configuration |
|
Default implementations for mapping tokens to user objects. |
|
View functions which handle openid authentication and their related callbacks |
|
WSGI config for simple_openid_connect project. |