simple_openid_connect.integrations.django.user_mapping#
Default implementations for mapping tokens to user objects.
This implementation can be overriden by extending the UserMapper class and then setting the django settings
variable OPENID_USER_MAPPER to an import string pointing to the newly created class.
Module Attributes
Type alias for the different classes which can provide information about a federated user. |
Classes
A base class which is responsible for mapping federated users into the local system. |
- simple_openid_connect.integrations.django.user_mapping.FederatedUserData#
Type alias for the different classes which can provide information about a federated user.
alias of
Union[IdToken,UserinfoSuccessResponse,TokenIntrospectionSuccessResponse,JwtAccessToken]
- class simple_openid_connect.integrations.django.user_mapping.UserMapper#
A base class which is responsible for mapping federated users into the local system.
This class is used in different parts of simple_openid_connect and the callgraph is sketched below:
┌──────────────────────────────────┐ ┌──────────────────────────────────┐ ┌───────────────────┐ │ @access_token_required decorator │ │ DRF AccessTokenAuthentication │ │ LoginCallbackView │ └────────────────┬─────────────────┘ └─────────────────┬────────────────┘ └─────────┬─────────┘ │ │ │ └───────────────────┬───────────────────┘ │ ↓ │ ┌──────────────────────┴─────────────────────┐ │ │ UserMapper.handle_federated_access_token() │ │ └──────────────────────┬─────────────────────┘ │ │ │ └──────────────────────────┬───────────────────────┘ ↓ ┌────────────────────┴───────────────────┐ │ UserMapper.handle_federated_userinfo() │ └────────────────────┬───────────────────┘ ↓ ┌────────────────┴────────────────┐ │ UserMapper.automap_user_attrs() │ └─────────────────────────────────┘- automap_user_attrs(user: AbstractBaseUser, user_data: IdToken | UserinfoSuccessResponse | TokenIntrospectionSuccessResponse | JwtAccessToken) None#
Inspect the given user instance model, discover its attributes based on some heuristics and set their values from the passed user information.
Note
user.save()is not automatically called by this method to allow extending it via class inheritancewithout causing multiple database operations.
- Parameters:
user – The user instance on which attributes should be set
user_data – Information about the user which was made available through OpenID.
- handle_federated_access_token(access_token: str, oidc_client: OpenidClient, required_scopes: str | None = None) Tuple[Any, IdToken | UserinfoSuccessResponse | TokenIntrospectionSuccessResponse | JwtAccessToken]#
Entry point for dynamically creating or updating user data based on an access token which was provided by a user.
This method inspects the token and then calls into
UserMapper.handle_federated_userinfo()once more information about the user is available.- Parameters:
access_token – The raw access token that was passed to this application which should identify the user.
oidc_client – An OpenID client which is used to access the OpenID providers signing keys or to introspect the token if necessary.
required_scopes – Scopes to which the access token is required to have access. If
Noneis passed, the default scopes from django settingsOPENID_SCOPEare used. Pass an empty string if no scopes are required.
- Returns:
An instance of the applications user model as well as additional data about the user.
- Raises:
ValidationError – If the passed token cannot be validated or is decidedly invalid.
- handle_federated_userinfo(user_data: IdToken | UserinfoSuccessResponse | TokenIntrospectionSuccessResponse | JwtAccessToken) Any#
Entry point for dynamically creating or updating user data based on information obtained through OpenID.
The function automatically creates a new user model instance if the user is unknown or updates the locally stored user information based on the federated data.
- Parameters:
user_data – Information about the user.
- Returns:
An instance of the applications user model.